我开始使用此代码查找用户所在的所有组:
Using user As UserPrincipal = UserPrincipal.FindByIdentity(domainContext, name)
Dim groupList As AccountManagement.PrincipalSearchResult(Of Principal) = user.GetGroups
For Each group As GroupPrincipal In groupList
myUserGroupList.GroupList.Add(group.Name)
Next
End Using
Return myUserGroupList
我发现这不是从其他域返回组,所以我添加了以下内容:
If domain.ToUpper = "Domain1" Then
Dim myDomainList As DomainConfiguration.DomainCollection = GetDomains()
For Each DomainItem As DomainConfigElement In myDomainList
If DomainItem.DomainName.ToUpper <> "Domain1" Then
Try
myUserGroupList.GroupList.Add(DomainItem.DomainName.ToUpper)
Using OtherDomainContext As New PrincipalContext(ContextType.Domain, DomainItem.DomainName, DomainItem.UserName, DomainItem.Password)
myUserGroupList.GroupList.Add("Using: " & DomainItem.DomainName.ToString)
Try
Dim NewGroupList As AccountManagement.PrincipalSearchResult(Of Principal) = user.GetGroups(OtherDomainContext)
myUserGroupList.GroupList.Add(NewGroupList.ToString)
If NewGroupList IsNot Nothing Then
For Each newgroup As UserPrincipal In NewGroupList
myUserGroupList.GroupList.Add(newgroup.Name)
Next
Else
myUserGroupList.GroupList.Add("No Groups for: " & DomainItem.DomainName.ToString)
End If
Catch ex As Exception
myUserGroupList.GroupList.Add("Other Context Ex: " & ex.ToString)
End Try
End Using
Catch ex As Exception
myUserGroupList.GroupList.Add("unable to add: " & DomainItem.DomainName.ToString)
End Try
End If
Next
End If
有一点奇怪的是,对于除当前域之外的每个域,我得到myUserGroupList的1个条目,文本为“PrincipalSearchResult`1”。我觉得这应该可行,但我现在已经踢了很长一段时间,微软声称这种行为是By Design。我会尝试任何事情,但我希望避免使用advapi32.dll。感谢任何回答的人。