我尝试使用C#在ActiveDirectory中为组编写安全权限。
我的代码如下所示:
DirectoryEntry rootEntry = new DirectoryEntry("LDAP://dudu.test.com/CN=2222,OU=Test,DC=dudu,DC=test,DC=com",adminUserName,adminUserPass);
DirectorySearcher dsFindOUs = new DirectorySearcher(rootEntry);
// dsFindOUs.Filter = "(objectClass=group)";
// dsFindOUs.SearchScope = SearchScope.Subtree;
SearchResult oResults = dsFindOUs.FindOne();
DirectoryEntry myOU = oResults.GetDirectoryEntry();
System.Security.Principal.IdentityReference newOwner = new System.Security.Principal.NTAccount("dudug").Translate(typeof(System.Security.Principal.SecurityIdentifier));
ActiveDirectoryAccessRule newRule = new ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Allow);
myOU.ObjectSecurity.SetAccessRule(newRule); myOU.CommitChanges();
当我使用此代码时,我获取了添加到组中的新规则,但它被称为:
"帐号未知(S-1-5-21-1665235001-242389448-1116685 .......)"
如果我将我的代码更改为:
System.Security.Principal.IdentityReference newOwner = new System.Security.Principal.NTAccount("dudu.test.com","dudug").Translate(typeof(System.Security.Principal.SecurityIdentifier));
我收到错误消息:
**System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated**
我是ActiveDirectory Code的新手,这对我来说非常令人沮丧,