创建用户后,我只能添加相同域的组。 如果我尝试添加另一个域的组,则它返回true,但实际上,当我检查AD时,该用户不属于该组。
DirectoryEntry gEntry = new DirectoryEntry("domain2");
DirectorySearcher gSearcher = new DirectorySearcher(gEntry)
{
Filter = "(&(objectClass=group)(SamAccountName=" + groupName "))"
};
SearchResult gSearchResult = gSearcher.FindOne();
DirectoryEntry uEntry = new DirectoryEntry("domain1");
DirectorySearcher uSearcher = new DirectorySearcher(uEntry)
{
Filter = "(&(objectClass=group)(SamAccountName=" + username + "))"
};
SearchResult uSearchResult = uSearcher.FindOne();
gEntry.Invoke("Add", new object[] { uSearchResult.Path });
gEntry.CommitChanges();
gEntry.Close();
只需提一下,我也尝试过使用PrincipalContext,这是相同的。 也许是更好的方法?