我有一个用户帐户的SID，我想要它所属的组的SID [英] I have a SID of a user account, and I want the SIDs of the groups it belongs to

问题描述

必须从远程计算机上获取.以下查询不适用于SID，但适用于组名和帐户名.

This has to be obtained from a remote machine. The following query works not for SIDs, but for group and account names.

"SELECT GroupComponent FROM Win32_GroupUser WHERE PartComponent = \"Win32_UserAccount.Domain='" + accountDomain + "',Name='" + accountName + "'\""

它返回的Win32_Group对象以字符串形式出现，并且它们仅具有域和名称(即使Win32_Group具有SID属性).

The Win32_Group objects it returns come in the forms of strings, and they only have domain and name (even though Win32_Group has a SID property).

我有这种下沉的感觉，我将不得不:

I have this sinking feeling I'll have to:

1. 通过查询Win32_SID将SID转换为帐户名；
2. 执行上面的查询；
通过查询Win32_Group将每个生成的组名称转换为SID.

1. Turn the SID into an account name by querying Win32_SID;
2. Perform the query above;
3. Turn each of the resulting group names into SIDs by querying Win32_Group.

推荐答案

可以使用 System.DirectoryServices.AccountManagement 名称空间类?

using (var context = new PrincipalContext( ContextType.Domain ))
{
    using (var user = UserPrincipal.FindByIdentity( context, accountName ))
    {
        var groups = user.GetAuthorizationGroups();
        ...iterate through groups and find SIDs for each one
    }
}

它应该与ContextType.Machine一起使用，尽管您需要指定计算机名称并具有适当的特权.

It should work with ContextType.Machine, though you'd need to specify the machine name and have appropriate privileges.

using (var context = new PrincipalContext( ContextType.Machine,
                                           "MyComputer",
                                           userid,
                                           password ))
{
   ...
}

有一个不错的MSDN 文章(虽然很长)使用新的.NET 3.5帐户管理名称空间.

There's a nice MSDN article (longish, though) on using the new .NET 3.5 account management namespace.

这篇关于我有一个用户帐户的SID，我想要它所属的组的SID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！