已解决GUID字符串中的AD用户名 [英] Resolved AD username from GUID string

问题描述

Hello Fellows！
$


$
我必须同步2个系统ACL。 "主人"系统以GUID字符串的形式将权限存储在每个用户的INI文件中。 "奴隶"系统基本上需要具有相同的权限，以基于主权限限制
访问类似区域，但由于不完整的身份验证方法必须具有为用户保存的权限，作为firstname.last名称。



因此master ini文件如下所示：

[/]

S-1-1-11-1111111111-1111111111- 1111111111-1111 = rw



奴隶ini文件：

[/]

john.doe = rw



所以我想做的是当主INI文件被更改时，我会将它复制到slave文件中并替换GUID字符串已解决firstname.lastname





有人可以指导我如何操作吗？



我是MFC开发人员，但基本或其他脚本方法也可以做得很好=）



提前致谢！

---

问候，LEFEVRE Damien（LFDMN），http：//www.lfdm.net

Hello Fellows!


I'm in a situation where I must synchronize 2 systems ACLs. The "master" system is storing the permissions in an INI file for each user in a form of a GUID string. The "slave" system basically need to have the same permission to restrict access to similar area base on the master permission, but due to incomplete authentication method must have the permission save for a user as firstname.last name.

So the master ini file looks like this:
[/]
S-1-1-11-1111111111-1111111111-1111111111-1111=rw

And the slave ini file:
[/]
john.doe=rw

So what I'd like to do is that when the master INI file is changed, I would copy it in the slave file and replace the GUID strings by the resolved firstname.lastname


Could someone guide me on how to do this?

I'm a MFC developer but basic or other scripting method would also do just fine =)

Thanks in advance!

---

Regards, LEFEVRE Damien (LFDMN), http://www.lfdm.net

推荐答案

哟你的意思是对象sid？因为它用于ACL。我想在C＃中使用以下代码可以帮助您： 

Did you mean object sid? Because its used in ACL. I guess following code in the C# can help you: 

 private string[] GetLastFitrstName(string sid)
 {
 using (System.DirectoryServices.ActiveDirectory.Domain domain = System.DirectoryServices.ActiveDirectory.Domain.GetCurrentDomain())
 {
 DirectoryEntry entry = domain.GetDirectoryEntry();
 DirectorySearcher deSearch = new DirectorySearcher();
 deSearch.SearchRoot = entry;
 deSearch.SearchScope = SearchScope.Subtree;
 deSearch.Filter = "(&((objectClass=user)(objectSid=sid)))";
 SearchResultCollection results = deSearch.FindAll();

 //Get a User Last and FirstName
 string[] LastFirstName=new string[1];
LastFirstName[0]=(string)results[0].Properties["sn"][0] //lastname
LastFirstName[1]=(string)results[0].Properties["givenName"][0] //firstname
return LastFirstName

 }
 
 }

 

亲切的问候，格里戈里

 

这篇关于已解决GUID字符串中的AD用户名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！