如何找到属于一组用户的AD，和刚刚获得他们的SAM帐户名和SID？ [英] How to find users in AD that belong to a group, and just get their SAMAccountName, and SID?

问题描述

我只是希望用户能够在一组的名称在文本框中输入，并返回只是他们的登录名和他们的SID。

到目前为止，我都这样了，加载的用户组中，但即时通讯不能确定如何提取的登录名和SID。

 信息搜索结果的结果;
            DirectorySearcher从搜索=新DirectorySearcher从（）;
            sea​​rch.Filter =的String.Format（（CN = {0}），txtGroup.Text）;
            sea​​rch.PropertiesToLoad.Add（会员）;
            sea​​rch.PropertiesToLoad.Add（CN）;
            sea​​rch.PropertiesToLoad.Add（的objectGUID）;
            结果= search.FindOne（）;


            StringBuilder的用户名=新的StringBuilder（）;
            如果（结果！= NULL）
            {
                对于（INT计数器= 0;反＆LT;
                result.Properties [成员]计数。计数器++）
                {
                    字符串用户=（字符串）result.Properties [成员] [计数器]
                    userNames.AppendLine（用户）;

                }
            }
            lblResults.Text = userNames.ToString（）;
 

解决方案

该propertie至极包含SID叫做的objectSID 和propertie至极含有次登录时 sAMAccountName赋的NT4兼容的版本和的UserPrincipalName 。你最好用@Virkkunen咨询工作。

 静态无效的主要（字串[] args）
{
  / *连接到Active Directory
   * /
  的DirectoryEntry贬低=新的DirectoryEntry（LDAP：//192.168.183.138：389 / DC =兴业，DC = FR，administrateur，PWD）;

  / *目录搜索
   * /
  DirectorySearcher从dsLookForGrp =新DirectorySearcher从（贬低）;
  dsLookForGrp.Filter =的String.Format（（CN = {0}），yourgroup）;
  dsLookForGrp.SearchScope = SearchScope.Subtree;
  dsLookForGrp.PropertiesToLoad.Add（的distinguishedName）;
  信息搜索结果srcGrp = dsLookForGrp.FindOne（）;

  / *目录搜索
   * /
  DirectorySearcher从dsLookForUsers =新DirectorySearcher从（贬低）;
  dsLookForUsers.Filter =的String.Format（（及（objectCategory属性=人）（的memberOf = {0}）），srcGrp.Properties [的distinguishedName] [0]）;
  dsLookForUsers.SearchScope = SearchScope.Subtree;
  dsLookForUsers.PropertiesToLoad.Add（的objectSID）;
  dsLookForUsers.PropertiesToLoad.Add（的UserPrincipalName）;
  dsLookForUsers.PropertiesToLoad.Add（sAMAccountName赋）;
  SearchResultCollection srcLstUsers = dsLookForUsers.FindAll（）;

  的foreach（在srcLstUsers信息搜索结果sruser）
  {
    Console.WriteLine（{0}，sruser.Path）;

    的SecurityIdentifier SID =新的SecurityIdentifier（（字节[]）sruser.Properties [的objectSID] [0]，0）;
    Console.WriteLine（sid.ToString（））;

    的foreach（在sruser.Properties.PropertyNames字符串属性）
    {
      Console.WriteLine（\ t {0} {1}，财产，sruser.Properties [属性] [0]）;
    }
  }
}
 

I just want a user to be able to type in a group name in a textbox, and return just their login name and their SID.

So far i have this, and that loads the users in the group but im unsure how to extract the login and SID.

 SearchResult result;
            DirectorySearcher search = new DirectorySearcher();
            search.Filter = String.Format("(cn={0})", txtGroup.Text);
            search.PropertiesToLoad.Add("member");
            search.PropertiesToLoad.Add("cn");
            search.PropertiesToLoad.Add("objectGUID");
            result = search.FindOne();


            StringBuilder userNames = new StringBuilder();
            if (result != null)
            {
                for (int counter = 0; counter <
                result.Properties["member"].Count; counter++)
                {
                    string user = (string)result.Properties["member"][counter];
                    userNames.AppendLine(user);

                }
            }
            lblResults.Text = userNames.ToString();

解决方案

The propertie wich contains SID is called objectSid, and the propertie wich contain th login is sAMAccountName for the NT4 compatible version and userPrincipalName. You'd better work with @Virkkunen advice.

static void Main(string[] args)
{
  /* Connection to Active Directory
   */
  DirectoryEntry deBase = new DirectoryEntry("LDAP://192.168.183.138:389/dc=societe,dc=fr", "administrateur", "pwd");

  /* Directory Search
   */
  DirectorySearcher dsLookForGrp = new DirectorySearcher(deBase);
  dsLookForGrp.Filter = String.Format("(cn={0})", "yourgroup");
  dsLookForGrp.SearchScope = SearchScope.Subtree;
  dsLookForGrp.PropertiesToLoad.Add("distinguishedName");
  SearchResult srcGrp = dsLookForGrp.FindOne();

  /* Directory Search
   */
  DirectorySearcher dsLookForUsers = new DirectorySearcher(deBase);
  dsLookForUsers.Filter = String.Format("(&(objectCategory=person)(memberOf={0}))", srcGrp.Properties["distinguishedName"][0]);
  dsLookForUsers.SearchScope = SearchScope.Subtree;
  dsLookForUsers.PropertiesToLoad.Add("objectSid");
  dsLookForUsers.PropertiesToLoad.Add("userPrincipalName  ");
  dsLookForUsers.PropertiesToLoad.Add("sAMAccountName");
  SearchResultCollection srcLstUsers = dsLookForUsers.FindAll();

  foreach (SearchResult sruser in srcLstUsers)
  {
    Console.WriteLine("{0}", sruser.Path);

    SecurityIdentifier sid = new SecurityIdentifier((byte[])   sruser.Properties["objectSid"][0], 0);
    Console.WriteLine(sid.ToString());    

    foreach (string property in sruser.Properties.PropertyNames)
    {
      Console.WriteLine("\t{0} : {1} ", property, sruser.Properties[property][0]);
    }
  }
}

这篇关于如何找到属于一组用户的AD，和刚刚获得他们的SAM帐户名和SID？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！