检查Active Directory组使用C＃在当前容器存在 [英] Check if Active Directory Group exists in current container using C#

问题描述

我想创建一个新的Active Directory组。

I want to create a new Active Directory Group.

这是我的code：

PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domain, container, userName, password);

GroupPrincipal oGroupPrincipal = new GroupPrincipal(ctx, userName);
DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, userName, password,AuthenticationTypes.Secure);

if (entry.Children.Find("CN=" + groupName) != null) {

}

if (!DirectoryEntry.Exists("LDAP://" + System.Configuration.ConfigurationManager.AppSettings["Domain"] + "/CN=" + groupName + "," + System.Configuration.ConfigurationManager.AppSettings["Container"]))
{

     oGroupPrincipal.Description = groupName;
     oGroupPrincipal.GroupScope = (System.DirectoryServices.AccountManagement.GroupScope)Enum.Parse(typeof(System.DirectoryServices.AccountManagement.GroupScope), groupScope);
     oGroupPrincipal.IsSecurityGroup = isSecurity;
     oGroupPrincipal.Save(ctx);
}

这是我遇到的麻烦是看新创建的组在创建之前存在的部分。在这个阶段，我的code返回人的群体存在，所以我无法创建一个组

The Part that I am having trouble with is to see if the newly created group exists before creating it. At this stage my code returns that al the groups exists so I am unable to create a group

这是检查组存在：

if (entry.Children.Find("CN=" + groupName) != null) {

}

但它给出了一个例外，在服务器上没有此类对象。

but it gives an exception There is no such object on the server.

任何帮助将是AP preciated。

any help would be appreciated.

推荐答案

您似乎是（假）的假设下，一个 entry.Children.Find（）将通过你的整个目录做递归搜索 - 它的不可以做

You seem to be under the (false) assumption that a entry.Children.Find() will do a recursive search through your entire directory - it does not do that.

所以，要么你需要绑定到实际的容器，该组应设，然后检查其直接用于儿童的生存组的：

So, either you need to bind to the actual container where that group should be located, and then check its immediate children for existence of your group:

DirectoryEntry entry = new DirectoryEntry("LDAP://YourServer/OU=SubOU,OU=TopLevelOU,dc=test,dc=com", userName, password,AuthenticationTypes.Secure);

try
{     
     DirectoryEntry childGroup = entry.Children.Find("CN=TestGroup2");
     // create group here
}
catch (DirectoryServicesCOMException exception)
{
    // handle the "child not found" case here ...
}

或者，那么你需要做的目录搜索作为您的小组它通过你的整个目录的工作递归（因此将慢得多，太）：

or then you need to do a directory search for your group which works recursively through your entire directory (and thus will be much slower, too):

// define root directory entry
DirectoryEntry domainRoot = new DirectoryEntry("LDAP://" + domain, userName, password,AuthenticationTypes.Secure);

// setup searcher for subtree and search for groups 
DirectorySearcher ds = new DirectorySearcher(domainRoot);
ds.SearchScope = SearchScope.SubTree;
ds.Filter = "(&(cn=TestGroup2)(objectCategory=group))";

var results = ds.FindAll();

if(results.Count <= 0)
{
   // group not found -> create
}

这篇关于检查Active Directory组使用C＃在当前容器存在的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！