我正在尝试使用VB.NET从Active Directory获取一些信息。 我有一个用户的“primaryGroupID”,在这种情况下是2096。 如何使用VB.NET获得该组的CN?
最终,我需要做的是找到用户所属的组列表(包括属于另一组的组)。我已经有一个函数可以获取除主要组之外的主要组,以及另一个返回主要组ID的函数。两者详述如下。
Public Function getUserGroups(ByVal Username)
Dim grupos As New ArrayList()
Try
Dim Entry As New System.DirectoryServices.DirectoryEntry(ldapPath, ldapAdminUser, ldapAdminPass)
Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry)
Searcher.SearchScope = DirectoryServices.SearchScope.Subtree
Searcher.Filter = "(&(objectcategory=user)(SAMAccountName=" & Username & "))"
Dim res As SearchResult = Searcher.FindOne
For i = 0 To res.Properties("memberOf").Count() - 1
grupos.Add(res.Properties("memberOf")(i).ToString)
Next
Catch ex As Exception
End Try
Return grupos
End Function
Public Function GetUserPrimaryGroupID(ByVal user As String) As String
Dim grupoID As String = ""
Try
Dim Entry As New System.DirectoryServices.DirectoryEntry(ldapPath, ldapAdminUser, ldapAdminPass)
Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry)
Searcher.SearchScope = DirectoryServices.SearchScope.Subtree
Searcher.Filter = "(&(objectcategory=user)(SAMAccountName=" & user & "))"
Dim res As SearchResult = Searcher.FindOne
For i = 0 To res.Properties("primaryGroupID").Count() - 1
grupoID = (res.Properties("primaryGroupID")(i).ToString) 'Esto devuelve la ruta "CN" del grupo
'grupoID = (res.Properties("primaryGroupID")(i).ToString)
'Dim de As DirectoryEntry = New DirectoryEntry("LDAP://" + res.Properties("primaryGroupID")(i).ToString())
Next
Catch ex As Exception
End Try
Return grupoID
End Function
答案 0 :(得分:0)
这里有一个VBScript示例 - http://support.microsoft.com/kb/297951。
基本上,主要组ID是组的RID(SID的最后一个组件)。因此,要查找组,请将域SID和主组ID连接在一起。