检查字符串是否为有效的广告组 [英] check if string is a valid AD group

问题描述

使用以下代码，我可以轻松地查看所提供的用户是否在所提供的组中。

Using the following code I can easily see if the supplied user exists in a supplied group.

public static bool IsInGroup(string user, string group)
{
    using (var identity = new WindowsIdentity(user))
    {
        var principal = new WindowsPrincipal(identity);
        return principal.IsInRole(group);
    }
}

但是，给出如下字符串列表： -

However, given a list of strings like the following:-

User1
User2
User3
Group1
Group2
Group3

通过循环此字符串列表，c＃中是否有任何方法可以检查每个条目是否是一个AD组还是不是一个AD组？

Is there any way in c# by looping this list of strings, to check to see if each entry is an AD group or not ?

例如，User3实际上是一个组名，但是通过查看列表，您会认为它是普通的AD用户。

For example, User3 is actually a group name, but from looking at the list you would think it's a normal AD user.

有什么方法可以解析该名称以查看其是否在我的AD域中作为一个组存在。

Is there any way of parsing the name to see if it exists as a group on my AD domain.

我基本上希望能够遍历一个名称和组列表，并查看给定的用户名（例如 Bob）是否在列表中，或者是否存在于该列表中的组之一中，因此如果上面的列表是一个AD组，我想运行与上面类似的功能，以查看用户是否存在于该组中。

I basically want to be able to run through a list of names and groups, and see if a given user name (for example 'Bob') is in the list, or exists in one of the groups in this list, therefore if an entry in the list above is an AD group I want to run a function similar to above to see if the user exists within the group or not.

推荐答案

还不错。您将需要引用以下程序集：

It isn't too bad. You will need to reference the following Assemblies:

System.DirectoryServices
System.DirectoryServices.Protocols
System.DirectoryServices.AccountManagement

然后您可以使用类似这样的东西：

Then you can use something like this:

var groupName = "developers";

using (var context = new PrincipalContext(ContextType.Domain))
{
    var groupPrincipal = GroupPrincipal.FindByIdentity(context, groupName);
}

您可以更改PrincipalContext构造函数以将ContextType.Machine用于本地计算机，如果需要，您可以将域名添加为第二个参数，但是对于本地域，则应将其选中。

You can change out the PrincipalContext constructor to use ContextType.Machine for the local machine, and if needed you can add the domain name as a second parameter, but for a local domain it should pick it up.

[edit]另外，FindByIdentity方法将如果不匹配，则返回null。此外，您还可以从目录服务中获取成员用户和其他有用的信息。

[edit] Also, the FindByIdentity method will return null if it doesn't match. Also, you can get member users and other useful information from the Directory Services.

这篇关于检查字符串是否为有效的广告组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！