問題描述

我有一個 C# 4.0 程序可以檢索特定 AD 組的所有成員.在這個 AD 組中是包含其他成員的其他 AD 組.我需要我的程序來識別它是一個組并檢索該組中的成員.

I have a C# 4.0 program working that retrieves all the members for a specific AD group. In this AD group are other AD groups containing other members. I need my program to identity that it is a group and retrieve the members in that group.

我知道我需要編寫一個遞歸程序，但我希望有人可能已經完成了.如果不是，有人可以告訴我 AD 屬性屬性來標識該成員是實際的組嗎?

I know I need to write a recursive program but I was hoping somebody out there might have already done it. If not, could somebody tell me the AD property attribute to identify that the member is actual a group?

推薦答案

由于您使用的是 .NET 3.5 及更高版本，您應該查看 System.DirectoryServices.AccountManagement (S.DS.AM) 命名空間.在此處閱讀所有相關信息:

Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• 管理目錄.NET Framework 3.5 中的安全主體
• 有關 System.DirectoryServices.AccountManagement 的 MSDN 文檔

基本上，您可以定義域上下文并輕松找到 AD 中的用戶和/或組.另外:GroupPrincipal 有一個名為 GetMembers 的方法，它將列出該組的所有成員 - 可選地，它會為您遞歸地這樣做！

Basically, you can define a domain context and easily find users and/or groups in AD. Also: the GroupPrincipal has a method called GetMembers which will list all members of that group - optionally, it will do so recursively for you!

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find the group you're interested in
GroupPrincipal myGroup = GroupPrincipal.FindByIdentity(ctx, "SomeGroup");

// if you found it - get its members
if (myGroup != null)
{
   // if your call the GetMembers, you can optionally specify a "Recursive" flag - done here
   var allMembers = myGroup.GetMembers(true);
}

新的 S.DS.AM 使在 AD 中與用戶和組一起玩變得非常容易！

The new S.DS.AM makes it really easy to play around with users and groups in AD!

這篇關于Active Directory 嵌套組的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！