使用DirectoryServices.AccountManagement,如何获取活动目录安全组的电子邮件地址?

时间:2013-01-07 15:04:39

标签: c# .net active-directory directoryservices

我在活动目录中有一个安全组(如下图所示),该组具有与之关联的电子邮件地址。如何获取该组的电子邮件地址? GroupPrincipal对象上没有任何电子邮件地址属性。

这就是我检索所有群组的方式:

using (PrincipalContext context = new PrincipalContext(DirectoryContextType, Domain)) {
    using (var groupSearcher = new GroupPrincipal(context)) {
        using (var searcher = new PrincipalSearcher(groupSearcher)) {
            foreach (GroupPrincipal group in searcher.FindAll()) {
                //How do I get the e-mail address?
            }
        }
    }
}

Security Group

3 个答案:

答案 0 :(得分:3)

如果您想通过帐户管理执行此操作,则需要make a new class that exposes that property

[DirectoryObjectClass("group")]
[DirectoryRdnPrefix("CN")]
public class GroupPrincipalsEx : GroupPrincipal
{
    public GroupPrincipalsEx(PrincipalContext context) : base(context) { }

    public GroupPrincipalsEx(PrincipalContext context, string samAccountName)
        : base(context, samAccountName)
    {
    }

    [DirectoryProperty("mail")]
    public string EmailAddress
    {
        get
        {
            if (ExtensionGet("mail").Length != 1)
                return null;

            return (string)ExtensionGet("mail")[0];

        }
        set { this.ExtensionSet("mail", value); }
    }
}

答案 1 :(得分:2)

我只是想在这里添加它,因为我认为这可能会有所帮助。 帐户管理库非常适合快速执行诸如在AD用户上重置密码或获取常用属性的操作。但这绝对不是全部。 我要做的就是获取底层目录对象,就像这样... 

// Pretend you have a groupprincipal object called 'group' 
// This will get all of the properties of that group object not accounted for in 
// System.DirectoryServices.AccountManagement
DirectoryEntry groupDE = group.GetUnderlyingObject() as DirectoryEntry();
// We all know that a distro group in AD will have at least 1 email address. 
// However, A
// security group will have 0, and since the mail property is of type
// PropertyValueCollection, if you try to access the first member of the collection
// and it has no length, an exception will be thrown. The following code 
// accounts for this problem. 

// Get the mail attribute of the AD object 
PropertyValueCollection group_email_addresses = groupDe.Properties["mail"];
// Make sure there is at least one address
if (group_email_addresses.Count > 0){
   // knowing that you have at least one address, you can access the first entry or 
   // loop and grab all entries on a property, depending on the appropriate use case
   Console.WriteLine(group_email_addresses[0]); 
}

//此概念可以应用于所有主要对象。只是寻找 // GetUnderlyingObject()方法开始!

答案 2 :(得分:-1)

您需要将所有内容转换为UserPrincipal类型:

var mailList = new List<MailAddress>();
var adDomain = "yourdomain";
var adGroup = "yourgroup";

using (var context = new PrincipalContext(ContextType.Domain, adDomain))
{
    using (var groupContext = GroupPrincipal.FindByIdentity(context, adGroup))
    {
        mailList = groupContext.GetMembers(true)
                               .Cast<UserPrincipal>()
                               .Where(x => !string.IsNullOrEmpty(x.EmailAddress) && !string.IsNullOrEmpty(x.DisplayName))
                               .Select(x => new MailAddress(x.EmailAddress, x.DisplayName))
                               .ToList();
    }

}

return mailList;
相关问题
最新问题