Question

我正在向一个小组的所有成员查询AD。

结果我获得了用户和组。我的问题：我怎样才能找到，单个结果是什么（个人或团体）？

这是我的代码，我得到一个Resultpropertycollection，当我遍历集合时，我想知道每个项目是否是个人或团体。

ds.PropertiesToLoad.Add("member")

For Each sr As SearchResult In ds.FindAll
  Dim valueCollection As ResultPropertyValueCollection = sr.Properties("member")
  Dim propertyValue As Object

  For Each propertyValue In valueCollection
    Console.WriteLine("{0}", propertyValue.ToString())
  Next propertyValue
Next

问候 Yavuz的

更新：

这是完整的代码：

Private Sub EnumPropertyAndMembersOfGroup(ByVal name As String, ByVal propertyname As String)
    Try
        Dim de As DirectoryEntry = New DirectoryEntry("LDAP://lab.com")
        Dim ds As DirectorySearcher = New DirectorySearcher

        ds.Filter = "(&(objectCategory=group)(cn=" & name & "))"
        ds.PropertiesToLoad.Add("sAMAccountName")
        ds.PropertiesToLoad.Add("memberOf")
        ds.PropertiesToLoad.Add("member")

        For Each sr As SearchResult In ds.FindAll
            Console.WriteLine("Search properties for {0}", sr.Path)
            Console.WriteLine()

            Dim valueCollection As ResultPropertyValueCollection = sr.Properties(propertyname)
            Dim propertyValue As Object

            For Each propertyValue In valueCollection
                Console.WriteLine("{0}", propertyValue.ToString())
            Next propertyValue
        Next
        Console.ReadKey()
    Catch ex As Exception
        Console.WriteLine("ERROR: " & ex.Message)
        Console.ReadKey()
    End Try
End Sub

Answer 1

您应该能够通过查询objectClass属性来区分人或组，或者可能是找到的条目的DN。

如图所示这里

http://msdn.microsoft.com/en-us/library/windows/desktop/aa746475(v=vs.85).aspx

用户的objectClass属性值中包含“user”。

How to write LDAP query to test if user is member of a group?

Answer 2

好的，这是解决方案：

imust使用返回对象的DN执行新查询并检查对象类：

How to determine the type (AD User vs. AD Group) of an account?

如何确定LDAP searchresult是人还是组

2 个答案: