如何获得AD用户的“的memberOf”属性值的objectGUID方面？ [英] How to get AD user's 'memberof' property value in terms of objectGUID?

问题描述

的memberOf是在描述用户组的成员详细介绍Active Directory用户帐户的属性。如果我们用.NET或Java来获取用户详细信息，然后我们得到的这些用户的成员组的专有名称条款的memberOf属性值。那么，有没有办法得到的objectGUID上看，这些组名称无论是在Java或.NET？

'memberof' is the attribute on the Active Directory user account which describes user's group membership detail. If we use .Net or Java to get the users detail then we get the 'memberof' attribute value in terms of 'Distinguished Name' of the groups of which user is member of. So is there any way to get these group names in terms of objectGUID either in JAVA or .NET ?

推荐答案

您可以使用扩展DNLDAP的扩展控制。它只能用于在AD中搜索

You can make use of the "Extended DN" LDAP extended control. It can be used only in AD search.

C＃code：

// Here I get the user object and then do a AD search.
// Instead, you may search for that user object directly.
DirectoryEntry userEntry = new DirectoryEntry("LDAP://<server>/<user DN>", "user", "pwd");

DirectorySearcher searcher = new DirectorySearcher(userEntry);
searcher.SearchScope = SearchScope.Base;
searcher.ExtendedDN = ExtendedDN.Standard;
searcher.PropertiesToLoad.Clear();
searcher.PropertiesToLoad.Add("memberOf");

SearchResult result = searcher.FindOne();

foreach (string val in result.Properties["memberOf"])
{
    Console.WriteLine(val);
}

根据传递到值 ExtendedDN ，它会返回值

<GUID=guid_value>;<SID=sid_value>;dn

• ExtendedDN.None （仅DN，这是默认）：
  CN =管理员，CN =用户​​，DC = Fabrikam目录，DC = COM

  • ExtendedDN.None (only DN, this is the default):
    CN=Administrator, CN=Users,DC=Fabrikam,DC=com

    ExtendedDN.Standard （标准字符串格式）：
    <$c$c><GUID=bdbfd4b3-453c-42ee-98e2-7b4a698a61b8>;<SID=S-1-5-21-2354834273-1534127952-2340477679-500>;CN=Administrator, CN =用户​​，DC = Fabrikam目录，DC = COM

    ExtendedDN.Standard (Standard string format):
    <GUID=bdbfd4b3-453c-42ee-98e2-7b4a698a61b8>;<SID=S-1-5-21-2354834273-1534127952-2340477679-500>;CN=Administrator, CN=Users,DC=Fabrikam,DC=com

    ExtendedDN.HexString （十六进制格式）：
    <$c$c><GUID=b3d4bfbd3c45ee4298e27b4a698a61b8>;<SID=01050000000000051500000061eb5b8c50ef705befda808bf4010000>;CN=Administrator, CN =用户​​，DC = Fabrikam目录，DC = COM

    ExtendedDN.HexString (Hexadecimal format):
    <GUID=b3d4bfbd3c45ee4298e27b4a698a61b8>;<SID=01050000000000051500000061eb5b8c50ef705befda808bf4010000>;CN=Administrator, CN=Users,DC=Fabrikam,DC=com

    如果该对象不具有的SID，该SID部分将被省略：

    If the object don't have SID, the SID part will be omitted:

    <GUID=guid_value>;dn
    

    有关扩展DN的详细信息，请查询：

    For details about Extended DN, please check:

    http://msdn.microsoft.com/en-us/library/ cc223349.aspx

    这篇关于如何获得AD用户的“的memberOf”属性值的objectGUID方面？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！