VB.NET - 如何使用Active Directory将SID转换为组名

Question

使用VB.NET,如何使用Active Directory将sid转换为组名？

例如:我需要获得"group_test"而不是"S-1-5-32-544"

我正在使用的代码是:

Public ReadOnly Property Groups As IdentityReferenceCollection
    Get

        Dim irc As IdentityReferenceCollection
        Dim ir As IdentityReference
        irc = WindowsIdentity.GetCurrent().Groups
        Dim strGroupName As String

        For Each ir In irc
            Dim mktGroup As IdentityReference = ir.Translate(GetType(NTAccount))
            MsgBox(mktGroup.Value)
            Debug.WriteLine(mktGroup.Value)
            strGroupName = mktGroup.Value.ToString

        Next

        Return irc

    End Get
End Property

或类似的东西？

        currentUser = WindowsIdentity.GetCurrent()

        For Each refGroup As IdentityReference In currentUser.Groups

            Dim acc As NTAccount = TryCast(refGroup.Translate(GetType(NTAccount)), NTAccount)
            If AdminGroupName = acc.Value Then
                ret = "999"
            End If
            If UsersGroupName = acc.Value Then
                ret = "1"
            End If

你将如何适应这段代码？(如果用户在xx组中,请在下拉列表中显示xx组)

        For Each UserGroup In WindowsIdentity.GetCurrent().Groups
            If mktGroup.Value = "BIG" Then
                Dim Company = ac1.Cast(Of MarketingCompany).Where(Function(ac) ac.MarketingCompanyShort = "BIG").FirstOrDefault
                If Company IsNot Nothing Then
                    marketingCo.Items.Add(String.Format("{0} | {1}", Company.MarketingCompanyShort, Company.MarketingCompanyName))
                End If
            End If
        Next

Answer 1

C#中的代码:

    public static string GetGroupNameBySid(string sid)
    {
        using(var ctx = 
            new PrincipalContext(ContextType.Domain))
        {
            using(var group = 
                GroupPrincipal.FindByIdentity(
                    ctx, 
                    IdentityType.Sid, 
                    sid))
            {
                return group.SamAccountName;
            }
        }
    }

您必须添加程序集System.DirectoryServices.AccountManagement.dll.如果连接到AD时遇到任何问题,可以尝试在PrincipalContext构造函数中添加AD服务器名称.

Answer 2

这是用 C# 编写的简单方法，我认为适应起来并不难：

  /* Retreiving object from SID
  */
  string SidLDAPURLForm = "LDAP://WM2008R2ENT:389/<SID={0}>";
  System.Security.Principal.SecurityIdentifier sidToFind = new System.Security.Principal.SecurityIdentifier("S-1-5-21-3115856885-816991240-3296679909-1106");

  DirectoryEntry userEntry = new DirectoryEntry(string.Format(SidLDAPURLForm, sidToFind.Value));

  string name = userEntry.Properties["cn"].Value.ToString();

感谢REFLECTOR ，它位于 VB .NET 中

Dim SidLDAPURLForm As String = "LDAP://WM2008R2ENT:389/<SID={0}>"
Dim sidToFind As New SecurityIdentifier("S-1-5-21-3115856885-816991240-3296679909-1106")
Dim userEntry As New DirectoryEntry(String.Format(SidLDAPURLForm, sidToFind.Value))
Dim name As String = userEntry.Properties.Item("cn").Value.ToString

---- 编辑 ----- 所以这就是你想要的，但它与 @BiggsSTRC 之前给出的相同

Private Shared Sub Main(args As String())
    Dim currentUser As WindowsIdentity = WindowsIdentity.GetCurrent()

For Each iRef As IdentityReference In currentUser.Groups
        Console.WriteLine(iRef.Translate(GetType(NTAccount)))
    Next
End Sub