通过LDAP查找AD User所属的ADGroupy
1///<summary>
2///获得用户所属组的SID
3///</summary>
4///<code>ComesFrom</code>
5///<returns></returns>
6publicstaticIEnumerable<string>GetGroupSidsOfUser(stringuserLoginName,ADOperatoroperater)
7{
8using(DirectorySearcherdirectorySearcher=newDirectorySearcher(
9newDirectoryEntry(string.Format("LDAP://{0}",operater.ManageDomainName),operater.UserLogonName,operater.Password,AuthenticationTypes.Secure),
10string.Format("(&(objectcategory=user)(samaccountname={0}))",GetUserName(userLoginName)),
11newstring[]{ADUserAttributes.SamAccountName}))
12{
13varresult=directorySearcher.FindOne();
14if(result!=null)
15{
16DirectoryEntrydirectoryEntry=result.GetDirectoryEntry();
17directoryEntry.RefreshCache(newstring[]{ADUserAttributes.TokenGroupsGlobalAndUniversal});
18for(intindex=0;index<directoryEntry.Properties[ADUserAttributes.TokenGroupsGlobalAndUniversal].Count;index++)
19{
20yieldreturnConvertBinarySidToString((byte[])directoryEntry.Properties[ADUserAttributes.TokenGroupsGlobalAndUniversal][index]);
21}
22}
23}
24yieldbreak;
25}
26
27///<summary>
28///获得用户所属组的AccountName
29///</summary>
30///<paramname="userLoginName"></param>
31///<paramname="operater"></param>
32///<code>ComesFrom</code>
33///<returns></returns>
34publicstaticIEnumerable<string>GetGroupsOfUser(stringuserLoginName,ADOperatoroperater)
35{
36using(DirectorySearcherdirectorySearcher=newDirectorySearcher(
37newDirectoryEntry(string.Format("LDAP://{0}",operater.ManageDomainName),operater.UserLogonName,operater.Password,AuthenticationTypes.Secure),
38"",
39newstring[]{ADUserAttributes.SamAccountName}))
40{
41IList<string>groups=newList<string>();
42SearchResultsr=null;
43varsids=GetGroupSidsOfUser(userLoginName,operater);
44if(!sids.Any())returnnull;
45foreach(varsidinsids)
46{
47directorySearcher.Filter=string.Format("objectsid={0}",sid);
48sr=directorySearcher.FindOne();
49if(null!=sr&&sr.Properties[ADUserAttributes.SamAccountName].Count>0)groups.Add(sr.Properties[ADUserAttributes.SamAccountName][0].ToString());
50}
51returngroups;
52}
53}
Comes From
如果觉得《Active Directory Get User's groups using LDAP》对你有帮助,请点赞、收藏,并留下你的观点哦!