如何从ldap路径确定Group的类型

时间:2014-11-24 22:58:56

标签: c# active-directory

如何根据组名或LDAP路径确定组的类型。

例如,我使用以下代码,并且我想确定在返回响应之前我回来的组的类型。

    static void Main(string[] args)
    {
        // To see if a user has access to a group or resource...
        String userName = Environment.UserName;
        string domainLDAP = GetCurrentDomainLDAP();

        Console.WriteLine(IsUserInMembership(userName, domainLDAP, "_Resource_Test_Group").ToString());

        Console.ReadLine();


    }

    public static bool IsUserInMembership(string userName, string domainLDAP, string resourceGroupName)
    {
        DirectoryEntry domainConnection = new DirectoryEntry();

        domainConnection.Path = domainLDAP;
        domainConnection.AuthenticationType = AuthenticationTypes.Secure;


        DirectorySearcher samSearcher = new DirectorySearcher();

        samSearcher.SearchRoot = domainConnection;
        samSearcher.Filter = "(samAccountName=" + userName + ")";
        samSearcher.PropertiesToLoad.Add("displayName");

        SearchResult samResult = samSearcher.FindOne();

        if (samResult != null)
        {
            DirectoryEntry theUser = samResult.GetDirectoryEntry();
            theUser.RefreshCache(new string[] { "tokenGroups" });

            foreach (byte[] resultBytes in theUser.Properties["tokenGroups"])
            {
                System.Security.Principal.SecurityIdentifier mySID = new System.Security.Principal.SecurityIdentifier(resultBytes, 0);

                DirectorySearcher sidSearcher = new DirectorySearcher();

                sidSearcher.SearchRoot = domainConnection;
                sidSearcher.Filter = "(objectSid=" + mySID.Value + ")";
                sidSearcher.PropertiesToLoad.Add("distinguishedName");

                SearchResult sidResult = sidSearcher.FindOne();

                if (sidResult != null)
                {
                    string resourceName = (sidResult.Properties["distinguishedName"][0]).ToString();
                    resourceName = resourceName.Substring(3, resourceName.Length - 3);
                    int stopAt = resourceName.IndexOf("OU=");
                    if (stopAt <= 0) stopAt = resourceName.IndexOf("CN=");
                    if (stopAt <= 0) stopAt = resourceName.IndexOf("DC=");

                    string resourceFound = resourceName.Substring(0, stopAt - 1);

                    if (resourceFound.ToUpper().Trim() == resourceGroupName.ToUpper().Trim())
                    {
                        // I only want to return a true if it is of a "Domain Local" type.
                        return true;
                    }

                }
            }
        }
        return false;
    }

    private static string GetCurrentDomainLDAP()
    {
        Domain domain = Domain.GetComputerDomain();

        return "LDAP://DC=" + domain.Name.Split('.')[0] + ",DC=" + domain.Name.Split('.')[1]; 
    }

1 个答案:

答案 0 :(得分:2)

使用System.DirectoryServices然后从那里获取组名称

像这样的

var group = GroupPrincipal.FindByIdentity(PrincipalContext, "YourGroupName");

然后你就会知道这个

group.IsSecurityGroup

只有两种类型安全分发所以如果它是假的那么它就是一个分发组

现在,对于群组范围,你必须这样做

group.GroupScope

返回GroupScope。值全球通用本地

相关问题
最新问题