如何确定一个账户类型（AD用户与AD组）？ [英] How to determine the type (AD User vs. AD Group) of an account?

问题描述

我有一个关于确定帐户名称的类型（用户或组）的问题。
例如，我有两个字符串，说历奇的作品\大卫和历奇的作品\管理员， 第一重presents名叫大卫的用户，而第二重presents的AD组。

I have a question about determining the type (User or Group) of a account name.
For example, I have two strings, say "Adventure-works\david" and "Adventure-works\admins", the first represents a user named david, and the second represents an AD group.

我的问题是我怎么能determin这些账户的类型（用户或AD组）？是否有简便的方法可以使用​​吗？

My question is how can I determin the type(User or AD group) of these account? Are there convenient method I can use?

任何评论都是AP preciated。 谢谢你。

Any comments are appreciated. Thanks.

推荐答案

什么版本的.NET是你？

What version of .NET are you on??

如果您使用的是.NET 3.5，看看如何在这个优秀的 MSDN文章活动目录接口已经改变了不少。

If you're on .NET 3.5, see this excellent MSDN article on how the Active Directory interface has changed quite a bit.

如果你在.NET 3.5中，你可以写：

If you're on .NET 3.5, you could write:

PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN");
Principal myObject = Principal.FindByIdentity(ctx, "your name value");

通常情况下，你必须通过在短短的用户名 - 反斜杠之后的部分 - 而不是整个域\用户名字符串

Typically, you'd have to pass in just the user name - the part after the backslash - not the whole DOMAIN\USERNAME string.

这个校长现在要么是 UserPrincipal 或 GroupPrincipal （也可能一些其它类型的主体，如 ComputerPrincipal ）：

This "Principal" now either is a UserPrincipal or a GroupPrincipal (or it could some other type of principal, e.g. ComputerPrincipal):

if(myObject is UserPrincipal)
{
    // you have a user
}
else if(myObject is GroupPrincipal)
{
    // you have a group
}

和你可以继续从那里。

---

如果您使用的是.NET 1.x中/ 2.0 / 3.0，你必须使用一个 DirectorySearcher从的创建稍微复杂的程序和搜索您的对象：

If you're on .NET 1.x/2.0/3.0, you'd have to use the slightly more involved procedure of creating a DirectorySearcher and searching for your object:

// create root DirectoryEntry for your search
DirectoryEntry deRoot = new DirectoryEntry("LDAP://dc=YourCompany,dc=com");

// create searcher            
DirectorySearcher ds = new DirectorySearcher(deRoot);

ds.SearchScope = SearchScope.Subtree;

// define LDAP filter - all you can specify is the "anr" (ambiguous name
// resolution) attribute of the object you're looking for
ds.Filter = string.Format("(anr={0})", "YourNameValue");

// define properties you want in search result(s)
ds.PropertiesToLoad.Add("objectCategory");
ds.PropertiesToLoad.Add("displayName");

// search
SearchResult sr = ds.FindOne();

// check if we get anything back, and if we can check the "objectCategory" 
// property in the search result
if (sr != null)
{
    if(sr.Properties["objectCategory"] != null)
    {
       // objectType will be "Person" or "Group" (or something else entirely)
       string objectType = sr.Properties["objectCategory"][0].ToString();
    }
}

马克·

这篇关于如何确定一个账户类型（AD用户与AD组）？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！