我正在尝试列出用户是Active Directory中成员的组。该程序工作正常,但是,我需要确保该程序从其搜索中排除某些DC服务器(特别是备份DC)。如果有帮助,备份DC都以字母INT开头。
这是我的代码中的相对剪辑 -
using System.DirectoryServices.AccountManagement;
using System.DirectoryServices.ActiveDirectory;
...
public List<GroupPrincipal> GetGroups(string userName)
{
List<GroupPrincipal> result = new List<GroupPrincipal>();
UserPrincipal user = null;
try
{
user = UserPrincipal.FindByIdentity(ctx, userName);
}
catch
{
System.Windows.Forms.MessageBox.Show("Invalid User");
}
if (user != null)
{
//---need to exclude a subset of Domain Controllers from the---
//---following search---
PrincipalSearchResult<Principal> groups = user.GetGroups();
foreach (Principal p in groups)
{
if (ckbissecuritygroup.Checked == true) {
if (p is GroupPrincipal)
{
GroupPrincipal gp = (p as GroupPrincipal);
if (gp.IsSecurityGroup == true)
{
result.Add((GroupPrincipal)p);
}
}
}
else
{
if (p is GroupPrincipal)
{
result.Add((GroupPrincipal)p);
}
}
}
return result.OrderBy(x => x.Name).ToList();
}
else
{
System.Windows.Forms.MessageBox.Show("Invalid User: " + userName);
return result;
}
}
我对C#很新,所以我希望这相对容易。有什么想法吗?