Ser*_*ril 10 active-directory group-membership c#-4.0
所以我对活动目录中的递归组有疑问.我有一个方法来检查用户ID是否在组中.效果很好.今天发现它不检查递归组成员资格,我不太确定如何(或者如果)有办法做到这一点.这是我到目前为止非递归的内容:
public static bool CheckGroupMembership(string userID, string groupName, string Domain)
{
bool isMember = false;
PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain, Domain);
UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID);
if (user.IsMemberOf(ADDomain, IdentityType.Name, groupName.Trim()))
{
isMember = true;
}
return isMember;
}
我已经看到了一些关于目录搜索器的东西,但我对直接使用AD有些新意,虽然我理解了这些概念,但其他一些东西对我来说仍然有点遗失.
谢谢!
Ste*_*ung 27
您还可以使用recursive选项进行检查GroupPrincipal.GetMembers.
public static bool CheckGroupMembership(string userID, string groupName, string Domain) {
bool isMember = false;
PrincipalContext ADDomain = new PrincipalContext(ContextType.Domain, Domain);
UserPrincipal user = UserPrincipal.FindByIdentity(ADDomain, userID);
GroupPrincipal group = GroupPrincipal.FindByIdentity(ADDomain, groupName);
if ((user != null) && (group != null)) {
isMember = group.GetMembers(true).Contains(user);
}
return isMember;
}
JPB*_*anc 14
这是使用System.DirectoryServices.AccountManagement命名空间的解决方案.这是一种递归解决方案.在使用C#查找递归组成员身份(Active Directory)中,我提供了一个也适用于通讯组的递归解决方案.
/* Retreiving a principal context
*/
Console.WriteLine("Retreiving a principal context");
PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "jpb", "PWD");
/* Look for all the groups a user belongs to
*/
UserPrincipal aUser = UserPrincipal.FindByIdentity(domainContext, "user1");
PrincipalSearchResult<Principal> a = aUser.GetAuthorizationGroups();
foreach (GroupPrincipal gTmp in a)
{
Console.WriteLine(gTmp.Name);
}