GetAuthorizationGroups返回的组多于我的用户所在的组 [英] GetAuthorizationGroups returns more groups than my user is in
问题描述
我发现了此帖子以获取用户的安全组。
i found this post to get the security groups of a user.
我必须对其进行一些更改,使其看起来像这样:
I had to change it a bit so it looks like this:
public List<GroupPrincipal> GetGroups(string userName, string userPassword, string userDomain)
{
List<GroupPrincipal> result = new List<GroupPrincipal>();
// establish domain context
PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain, userDomain, userName, userPassword);
// find your user
UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, IdentityType.SamAccountName, userName);
// if found - grab its groups
if (user != null)
{
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();
// iterate over all groups
foreach (Principal p in groups)
{
// make sure to add only group principals
if (p is GroupPrincipal)
{
result.Add((GroupPrincipal)p);
}
}
}
return result;
}
不幸的是,我现在得到了AD中的每个安全组,而不仅仅是用户所在的位置。
我的用户位于10个组中,但返回71。
我必须提交用户名和密码,否则将不允许我查找这些组。这是另一个域上的管理帐户,因此我无法使用当前的凭据。
Unfortunately I now get every security group in the AD and not only the ones the user is in. My user is in 10 groups but it returns 71. I had to submit username and password or else I would not be allowed to look up the groups. It is an administrative account on a different domain so I couldn't use the current credentials.
如果您需要更多信息,请告诉我。
If you need more info please let me know.
问候和预先感谢
IG
Greetings and thanks in advance IG
推荐答案
是否有机会10个小组是其他小组的成员吗?根据文档:
Is there a chance that the 10 groups are members of other groups? According to the documentation:
UserPrincipal.GetAuthorizationGroups方法
此方法递归搜索所有组,并返回用户是
成员的组。返回的集合还可能包含
系统出于授权目的将用户视为该用户的成员的其他组。
This method searches all groups recursively and returns the groups in which the user is a member. The returned set may also include additional groups that system would consider the user a member of for authorization purposes.
这篇关于GetAuthorizationGroups返回的组多于我的用户所在的组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!