查询组所拥有的组的Active Directory,我是其成员

时间:2011-06-15 14:02:42

标签: .net active-directory ldap

我有几个小组,每个小组都由一个小组拥有。

group1由group1_owners管理(不确定它是否是命名约定) group2由group2_owners管理 ...

给定一个用户,我需要找到所有用户所属的群组。

是否可以在一个查询中找到这样的组?

以下是我用来检查用户是否属于某个群组的所有者群体,但不确定其是否有效。

var domain = new DirectoryEntry("LDAP://" + domainName, null, null, AuthenticationTypes.Secure););
DirectorySearcher searcher = new DirectorySearcher(domain);
searcher.Filter = string.Format("(&(objectCategory=group)(cn={0}))", group);
searcher.PropertiesToLoad.Add("managedby");
searcher.SearchScope = SearchScope.Subtree;
SearchResult groupSR = searcher.FindOne();

var ownerGroup = new DirectoryEntry("LDAP://" + groupSR.Properties["managedby"][0],null, null, AuthenticationTypes.Secure);
PropertyValueCollection members = ownerGroup.Properties["member"];
for(i=0;i<members.Count;i++)
{
 if( members[i].ToString()==userName) .......
}

1 个答案:

答案 0 :(得分:1)

鉴于用户,您需要查找由用户所在的组管理的所有组。

我认为你不能在一次搜索中做到这一点。但您可以先搜索用户所属的所有组,然后搜索这些组管理的所有组。

/* Connection to Active Directory
 */
DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/dc=dom,dc=fr");

/* Search for all groups a user belongs to
 */
string givenUser = "CN=user1 Users,OU=MonOu,DC=dom,DC=fr";
DirectorySearcher dsLookFor1 = new DirectorySearcher(deBase);
dsLookFor1.Filter = string.Format("(member={0})", givenUser);
dsLookFor1.SearchScope = SearchScope.Subtree;
dsLookFor1.PropertiesToLoad.Add("distinguishedName");

SearchResultCollection belongToGroups = dsLookFor1.FindAll();
foreach (SearchResult srGroupBelongTo in belongToGroups)
{
  Console.WriteLine("{0}", srGroupBelongTo.Properties["distinguishedName"][0]);

  /* Search for all groups managed by a group
   */
  DirectorySearcher dsLookFor2 = new DirectorySearcher(deBase);
  dsLookFor2.Filter = string.Format("(&(objectClass=group)(managedBy={0}))", srGroupBelongTo.Properties["distinguishedName"][0]);
  dsLookFor2.SearchScope = SearchScope.Subtree;
  dsLookFor2.PropertiesToLoad.Add("distinguishedName");

  SearchResultCollection managedByGroups = dsLookFor2.FindAll();
  foreach (SearchResult srGroupManagedBy in managedByGroups)
  {
    Console.WriteLine("\t{0}", srGroupManagedBy.Properties["distinguishedName"][0]);
  }
}
相关问题
最新问题