如何知道的DirectoryEntry是一个用户或组? [英] How to know if DirectoryEntry is a user or a group?
问题描述
我有以下代码来创建从目前AD树:
I have the following code to create a tree from the current AD :
public static ActiveDirectory GetActiveDirectoryTree(string pathToAD = "")
{
DirectoryEntry objADAM = default(DirectoryEntry);
// Binding object.
DirectoryEntry objGroupEntry = default(DirectoryEntry);
// Group Results.
DirectorySearcher objSearchADAM = default(DirectorySearcher);
// Search object.
SearchResultCollection objSearchResults = default(SearchResultCollection);
// Binding path.
ActiveDirectory result = new ActiveDirectory();
ActiveDirectoryItem treeNode;
// Get the AD LDS object.
try
{
if (pathToAD.Length > 0)
objADAM = new DirectoryEntry();
else
objADAM = new DirectoryEntry(pathToAD);
objADAM.RefreshCache();
}
catch (Exception e)
{
throw e;
}
// Get search object, specify filter and scope,
// perform search.
try
{
objSearchADAM = new DirectorySearcher(objADAM);
objSearchADAM.Filter = "(&(objectClass=group))";
objSearchADAM.SearchScope = SearchScope.Subtree;
objSearchResults = objSearchADAM.FindAll();
}
catch (Exception e)
{
throw e;
}
// Enumerate groups
try
{
if (objSearchResults.Count != 0)
{
//SearchResult objResult = default(SearchResult);
foreach (SearchResult objResult in objSearchResults)
{
objGroupEntry = objResult.GetDirectoryEntry();
result.ActiveDirectoryTree.Add(new ActiveDirectoryItem() { Id = objGroupEntry.Guid, ParentId = objGroupEntry.Parent.Guid, AccountName = objGroupEntry.Name, Type = ActiveDirectoryType.Group, PickableNode = false });
foreach (object child in objGroupEntry.Properties["member"])
{
treeNode = new ActiveDirectoryItem();
var path = "LDAP://" + child.ToString().Replace("/", "\\/");
using (var memberEntry = new DirectoryEntry(path))
{
if (memberEntry.Properties.Contains("sAMAccountName") && memberEntry.Properties.Contains("objectSid"))
{
treeNode.Id = Guid.NewGuid();
treeNode.ParentId = objGroupEntry.Guid;
treeNode.AccountName = memberEntry.Properties["sAMAccountName"][0].ToString();
treeNode.Type = ActiveDirectoryType.User;
treeNode.PickableNode = true;
treeNode.FullName = memberEntry.Properties["Name"][0].ToString();
byte[] sidBytes = (byte[])memberEntry.Properties["objectSid"][0];
treeNode.ObjectSid = new System.Security.Principal.SecurityIdentifier(sidBytes, 0).ToString();
result.ActiveDirectoryTree.Add(treeNode);
}
}
}
}
}
else
{
throw new Exception("No groups found");
}
}
catch (Exception e)
{
throw new Exception(e.Message);
}
return result;
}
的问题是,使用(无功memberEntry =新的DirectoryEntry(路径))返回DomainUsers作为用户来此树和林不知道这是否是正确的。
The problem is that using (var memberEntry = new DirectoryEntry(path)) returns DomainUsers as a user to this tree and Im not sure if this is correct?
说我存储sidId为DomainUsers节点,然后将其发送到下面的方法?
Say that I store the sidId for the DomainUsers node and then sends it to the following method :
public static Boolean GetActiveDirectoryName(string sidId,out string samAccountName,out string fullName)
{
samAccountName = string.Empty;
fullName = string.Empty;
if (sidId != null && sidId.Length > 0)
{
var ctx = new System.DirectoryServices.AccountManagement.PrincipalContext(ContextType.Domain, null);
using (var up = UserPrincipal.FindByIdentity(ctx, IdentityType.Sid, sidId))
{
samAccountName = up.SamAccountName;
fullName = up.Name;
return true;
}
}
return false;
}
向上将被设置为null?如果我选择在AD其他用户则workes就好了。我怀疑是DomainUsers是一组,但我要如何检查这在随后的DirectoryEntry?
The up will be set to null? If I choose another user in the AD then it workes just fine. I suspect that the DomainUsers is a group, but how do I check for this on then DirectoryEntry?
BestRegards
推荐答案
关闭我的头顶:你有没有考虑过检查返回结果的架构属性?我想,你可以很容易地通过使用 DirectoryEntry.SchemaEntry.Name
图一组。它应该返回组
如果你的模式条目是一组
Off the top of my head: Have you considered checking Schema properties of the returned result? I'm thinking you could easily figure a group by using DirectoryEntry.SchemaEntry.Name
. It should return group
if your schema entry is a group.
参考:的 MSDN:DirectoryEntry.SchemaEntry
只是出于好奇和一点题外话,在你上面的代码:
Just out of curiosity and a bit off topic in your code above:
if (pathToAD.Length > 0)
objADAM = new DirectoryEntry();
else
objADAM = new DirectoryEntry(pathToAD);
objADAM.RefreshCache();
你不希望使用 pathToAD
如果长度和GT; 0
这篇关于如何知道的DirectoryEntry是一个用户或组?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!