问题描述
所以,我有一个关于在Active Directory中递归组的问题。我有一个检查,如果一个用户ID是在一组,或不小的方法。伟大工程。发现今天,它不检查递归组成员,我也不太清楚如何(如果)有一种方法可以做到这一点。以下是我迄今为止对非递归的:
So I have a question regarding recursive groups in active directory. I have a little method that checks if a user id is in a group or not. Works great. Found out today that it doesn't check recursive group membership and I'm not too sure how (or if) there is a way to do that. Here's what I have so far for non-recursive:
public static bool CheckGroupMembership(string userID, string groupName, string Domain)
{
bool isMember = false;
PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain, Domain);
UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID);
if (user.IsMemberOf(ADDomain, IdentityType.Name, groupName.Trim()))
{
isMember = true;
}
return isMember;
}
我已经看到了一些东西约目录搜索什么的,但我有点新的,直接与AD的工作,虽然我理解的概念,一些其他的事情还是有点失去了我。
I've seen some things about a directory searcher or something but I'm somewhat new to working directly with AD and while I understand the concepts, some other things are still a little lost on me.
谢谢!
推荐答案
下面是一个使用的解决方案System.DirectoryServices.AccountManagement命名空间。这是一种递归的解决方案。在使用C#查找递归组成员(Active Directory)中,我给出一个递归的解决方案,也适用于通讯组。
Here is a solution using System.DirectoryServices.AccountManagement Namespace. It's a kind of recursive solution. In Find Recursive Group Membership (Active Directory) using C#, I give a recursive solution that also works with distribution groups.
/* Retreiving a principal context
*/
Console.WriteLine("Retreiving a principal context");
PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "jpb", "PWD");
/* Look for all the groups a user belongs to
*/
UserPrincipal aUser = UserPrincipal.FindByIdentity(domainContext, "user1");
PrincipalSearchResult<Principal> a = aUser.GetAuthorizationGroups();
foreach (GroupPrincipal gTmp in a)
{
Console.WriteLine(gTmp.Name);
}
这篇关于检查Active Directory组成员递归的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!