如何通过primaryGroupToken从Active Directory中使用PHP检索组？

本文介绍了如何通过primaryGroupToken从Active Directory中使用PHP检索组？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我如何可以检索一组由它从Active Directory中使用PHP primaryGroupToken？显然这是一个计算属性所以检索它不是简单的，如在本得不到正确答案为：AD:集团没有一个primaryGroupToken属性

How can i retrieve a group by it's primaryGroupToken from Active Directory using PHP? Apparently this is a computed attribute so retrieving it is not straight forward, as eluded to in this answer: AD: Group does not have a primaryGroupToken attribute

基本上我使用下面的命令：

Essentially i'm using the following command:

ldap_search(
    $connection,
    "DC=host,DC=only,DC=network",
    "(&(objectClass=group)(objectCategory=group)(primaryGroupToken=513))",
    array("dn", "primarygrouptoken")
)

这会导致一个错误：

Which results in an error:

Warning: ldap_search(): Search: Inappropriate matching

不知道如何使用它来获取一组是从活动使用PHP目录主要组令牌？

Any idea how to retrieve a group using it's primary group token from Active Directory using PHP?

推荐答案

从链接答案的的是在之后的最终数字，要求该集团 - 中的objectSID作为过滤参数

The easiest way from the linked answer's reference is to request the group by the digits after the final - in the objectsid as the filter parameter.

"(&(objectClass=group)(objectCategory=group)(objectSid=*-513))"

属性参数也将成为阵列（DN，的objectSID）。

不幸的是，你说在您的评论是一个八位位组或字节数组，而不是SDDL字符串，这是不可能的，因为的objectSID。您可以通过使用搜索特定的组字节的字符串转义（pfixed与\和十六进制$ P $），但是这不是问题问什么。

Unfortunately this isn't possible as the objectSid as you say in your comment is an OctetString or Byte Array rather than SDDL string. You could search for a specific group by use the escaped (prefixed with \ and in hex) byte string, but that isn't what the question asks.

不过二进制过滤器不支持通配符。另一种方法是要求所有的组，然后解压的objectSID为每个组，然后按后处理后的RID，但是这取决于群体在您的域名的数量，这可能是太慢了。

However binary filters don't support wildcard.An alternative is to request all groups and then unpack the objectSid for each group and then group by the RID after post processing, however depending on the number of groups in your domain, this may be too slow.

和例如字节串，并在PHP SDDS之间的转换所在的，以及查找用户可以通过PrimaryGroupId。

And example of conversion between octet string and SDDS in PHP is located here, along with looking up users by PrimaryGroupId.

另一种方法是使用ADO按照这里或这里但这需要 ADODB 。

Another alternative is to use ADO as per here or here but this requires ADODB.

另请参见<一href="http://social.technet.microsoft.com/Forums/windowsserver/en-US/ad1396f1-a951-4a28-9a35-e2c5d9a2b22f/finding-primary-group-of-users-in-ad?forum=winserverDS"相对=nofollow>这里的第二个参考。其他参考这里和的

Also see here for a second reference.Additional References here and here

这篇关于如何通过primaryGroupToken从Active Directory中使用PHP检索组？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！