問題描述
我有一個 C# 4.0 程序可以檢索特定 AD 組的所有成員.在這個 AD 組中是包含其他成員的其他 AD 組.我需要我的程序來識別它是一個組并檢索該組中的成員.
I have a C# 4.0 program working that retrieves all the members for a specific AD group. In this AD group are other AD groups containing other members. I need my program to identity that it is a group and retrieve the members in that group.
我知道我需要編寫一個遞歸程序,但我希望有人可能已經完成了.如果不是,有人可以告訴我 AD 屬性屬性來標識該成員是實際的組嗎?
I know I need to write a recursive program but I was hoping somebody out there might have already done it. If not, could somebody tell me the AD property attribute to identify that the member is actual a group?
推薦答案
由于您使用的是 .NET 3.5 及更高版本,您應該查看 System.DirectoryServices.AccountManagement (S.DS.AM) 命名空間.在此處閱讀所有相關信息:
Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
- 管理目錄.NET Framework 3.5 中的安全主體
- 有關 System.DirectoryServices.AccountManagement 的 MSDN 文檔
基本上,您可以定義域上下文并輕松找到 AD 中的用戶和/或組.另外:GroupPrincipal 有一個名為 GetMembers 的方法,它將列出該組的所有成員 - 可選地,它會為您遞歸地這樣做!
Basically, you can define a domain context and easily find users and/or groups in AD. Also: the GroupPrincipal has a method called GetMembers which will list all members of that group - optionally, it will do so recursively for you!
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find the group you're interested in
GroupPrincipal myGroup = GroupPrincipal.FindByIdentity(ctx, "SomeGroup");
// if you found it - get its members
if (myGroup != null)
{
// if your call the GetMembers, you can optionally specify a "Recursive" flag - done here
var allMembers = myGroup.GetMembers(true);
}
新的 S.DS.AM 使在 AD 中與用戶和組一起玩變得非常容易!
The new S.DS.AM makes it really easy to play around with users and groups in AD!
這篇關于Active Directory 嵌套組的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!