Active Directory Get User's groups using LDAP

最新推荐文章于 2025-08-03 14:19:25 发布

weixin_34258782

最新推荐文章于 2025-08-03 14:19:25 发布

阅读量224

点赞数 1

CC 4.0 BY-SA版权

文章标签： ldap

原文链接：http://www.cnblogs.com/netwenchao/archive/2012/05/25/2518229.html

本文提供了一种通过LDAP查询Active Directory中用户所属组的方法，包括获取用户SID和组名的具体实现步骤。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

通过LDAP查找AD User所属的ADGroupy

1 /// <summary>

2          /// 获得用户所属组的SID
3          /// </summary>
4          /// <code> Comes From http://netwenchao.cnblogs.com </code>
5          /// <returns></returns>
6          public static IEnumerable< string> GetGroupSidsOfUser( string userLoginName, ADOperator operater)
7         {
8              using (DirectorySearcher directorySearcher = new DirectorySearcher(
9                  new DirectoryEntry( string.Format( " LDAP://{0} ", operater.ManageDomainName), operater.UserLogonName, operater.Password, AuthenticationTypes.Secure),
10                  string.Format( " (&(objectcategory=user)(samaccountname={0})) ", GetUserName(userLoginName)),
11                  new string[] { ADUserAttributes.SamAccountName }))
12             {
13                  var result = directorySearcher.FindOne();
14                  if (result != null)
15                 {
16                     DirectoryEntry directoryEntry = result.GetDirectoryEntry();
17                     directoryEntry.RefreshCache( new string[] { ADUserAttributes.TokenGroupsGlobalAndUniversal });
18                      for ( int index = 0; index < directoryEntry.Properties[ADUserAttributes.TokenGroupsGlobalAndUniversal].Count; index++)
19                     {
20                          yield return ConvertBinarySidToString(( byte[])directoryEntry.Properties[ADUserAttributes.TokenGroupsGlobalAndUniversal][index]);
21                     }
22                 }
23             }
24              yield break;
25         }
26
27          /// <summary>
28          /// 获得用户所属组的AccountName
29          /// </summary>
30          /// <param name="userLoginName"></param>
31          /// <param name="operater"></param>
32          /// <code> Comes From http://netwenchao.cnblogs.com </code>
33          /// <returns></returns>
34          public static IEnumerable< string> GetGroupsOfUser( string userLoginName, ADOperator operater)
35         {
36              using (DirectorySearcher directorySearcher = new DirectorySearcher(
37                  new DirectoryEntry( string.Format( " LDAP://{0} ", operater.ManageDomainName), operater.UserLogonName, operater.Password, AuthenticationTypes.Secure),
38                  "",
39                  new string[] { ADUserAttributes.SamAccountName }))
40             {
41                 IList< string> groups = new List< string>();
42                 SearchResult sr = null;
43                  var sids = GetGroupSidsOfUser(userLoginName, operater);
44                  if (!sids.Any()) return null;
45                  foreach ( var sid in sids)
46                 {
47                     directorySearcher.Filter = string.Format( " objectsid={0} ", sid);
48                     sr = directorySearcher.FindOne();
49                      if ( null != sr && sr.Properties[ADUserAttributes.SamAccountName].Count > 0) groups.Add(sr.Properties[ADUserAttributes.SamAccountName][ 0].ToString());
50                 }
51                  return groups;
52             }
53         }

Comes From http://netwenchao.cnblogs.com

转载于:https://www.cnblogs.com/netwenchao/archive/2012/05/25/2518229.html