如何从活动目录c#

时间:2015-05-06 07:37:46

标签: active-directory

我在Active Directory帐户中有安全组。安全组具有用户和子组。我能够从安全组中获取用户。这是从安全组获取用户的代码,我将“groupname”作为参数传递。它将返回属于组的相应用户。

     DataTable dt = new DataTable(groupName);
        var _with1 = dt.Columns;
        _with1.Add("AccountID", typeof(string));
        _with1.Add("FirstName", typeof(string));
        _with1.Add("LastName", typeof(string));
        _with1.Add("DisplayName", typeof(string));
        _with1.Add("Email", typeof(string));
        _with1.Add("AccountDisabled", typeof(bool));

   using (DirectoryEntry rootEntry = new DirectoryEntry(LDAPPath, LDAPUser, LDAPPassword))
    {
        using (DirectorySearcher searcher = new DirectorySearcher(rootEntry))
        {
        searcher.Filter = string.Format("(&(ObjectClass=Group)(CN={0}))", groupName);
        SearchResult result = searcher.FindOne();
        object members = result.GetDirectoryEntry().Invoke("Members", null);
        //<<< Get members

        //<<< loop through members
        foreach (object member in (IEnumerable)members)
        {
            DirectoryEntry currentMember = new DirectoryEntry(member);
            //<<< Get directoryentry for user
            if (currentMember.SchemaClassName.ToLower() == "user")
            {
                System.DirectoryServices.PropertyCollection props1 = currentMember.Properties;
                dt.Rows.Add(props1["sAMAccountName"].Value, props1["givenName"].Value, props1["sn"].Value, props1["displayName"].Value, props1["mail"].Value, Convert.ToBoolean(currentMember.InvokeGet("AccountDisabled")));
            }

        }

但我没有解决方案来获取在父安全组中添加的子组。

任何帮助将不胜感激。提前谢谢。

1 个答案:

答案 0 :(得分:0)

此代码适用于我......

    DataTable dt = new DataTable(groupName);
    var _with1 = dt.Columns;
    _with1.Add("AccountID", typeof(string));
    _with1.Add("FirstName", typeof(string));
    _with1.Add("LastName", typeof(string));
    _with1.Add("DisplayName", typeof(string));
    _with1.Add("Email", typeof(string));
    _with1.Add("AccountDisabled", typeof(bool));
    _with1.Add("Groups", typeof(string));

    using (DirectoryEntry rootEntry = new DirectoryEntry(LDAPPath, LDAPUser, LDAPPassword))
    {
        using (DirectorySearcher searcher = new DirectorySearcher(rootEntry))
        {
        searcher.Filter = string.Format("(&(ObjectClass=Group)(CN={0}))", groupName);
        SearchResult result = searcher.FindOne();
        object members = result.GetDirectoryEntry().Invoke("Members", null);
        //<<< Get members

        //<<< loop through members
        foreach (object member in (IEnumerable)members)
        {
            DirectoryEntry currentMember = new DirectoryEntry(member);
            //<<< Get directoryentry for user
            if (currentMember.SchemaClassName.ToLower() == "user")
            {
                System.DirectoryServices.PropertyCollection props1 = currentMember.Properties;
                dt.Rows.Add(props1["sAMAccountName"].Value, props1["givenName"].Value, props1["sn"].Value, props1["displayName"].Value, props1["mail"].Value, Convert.ToBoolean(currentMember.InvokeGet("AccountDisabled")),"");
            }
            else if (currentMember.SchemaClassName.ToLower() == "group")
            {
                System.DirectoryServices.PropertyCollection props1 = currentMember.Properties;
                //foreach (var group in result.Properties["member"])
                //{
                    dt.Rows.Add("","","","","",false,props1["name"].Value);
                //}
            }
        }
   }