mtm*_*mtm 7 sid directoryentry
我在windowsPrincipal.getIdentity().getSid()中将用户的SID设置为byte [].如何从SID获取活动目录条目(DirectoryEntry)?
使用SecurityIdentifier类将sid从byte []格式转换为字符串,然后直接绑定到对象:
DirectoryEntry OpenEntry(byte[] sidAsBytes)
{
var sid = new SecurityIdentifier(sidAsBytes, 0);
return new DirectoryEntry(string.Format("LDAP://<SID={0}>", sid.ToString()));
}
我在 c# 中找到了这个例子
// SID must be in Security Descriptor Description Language (SDDL) format
// The PrincipalSearcher can help you here too (result.Sid.ToString())
public void FindByIdentitySid()
{
UserPrincipal user = UserPrincipal.FindByIdentity(
adPrincipalContext,
IdentityType.Sid,
"S-1-5-21-2422933499-3002364838-2613214872-12917");
Console.WriteLine(user.DistinguishedName);
}
转换为VB.NET:
' SID must be in Security Descriptor Description Language (SDDL) format
' The PrincipalSearcher can help you here too (result.Sid.ToString())
Public Sub FindByIdentitySid()
Dim user As UserPrincipal = UserPrincipal.FindByIdentity(adPrincipalContext, IdentityType.Sid, "S-1-5-21-2422933499-3002364838-2613214872-12917")
Console.WriteLine(user.DistinguishedName)
End Sub
显然你可以:
dim de as new DirectoryEntry("LDAP://" & user.DistinguishedName)
获取SID = S-1-5-21- *(抱歉VB.NET)
' Convert ObjectSID to a String
' http://social.msdn.microsoft.com/forums/en-US/netfxbcl/thread/57452aab-4b68-4444-aefa-136b387dd06e
Dim ADpropSid As Byte()
ADpropSid = de.Properties("objectSid").Item(0)
' in my test the byte field looks like this : 01 02 00 00 00 00.......37 02 00 00
Dim SID As New System.Security.Principal.SecurityIdentifier(ADpropSid, 0)
我自己还没有测试过 C# 或使用转换后的版本,但已经使用上面的方法以 SDDL 格式返回 SID。