问题描述
|
你好
我有以下代码从当前AD创建树:
public static ActiveDirectory GetActiveDirectoryTree(string pathToAD = \"\")
{
DirectoryEntry objAdam = default(DirectoryEntry);
// Binding object.
DirectoryEntry objGroupEntry = default(DirectoryEntry);
// Group Results.
DirectorySearcher objSearchAdam = default(DirectorySearcher);
// Search object.
SearchResultCollection objSearchResults = default(SearchResultCollection);
// Binding path.
ActiveDirectory result = new ActiveDirectory();
ActiveDirectoryItem treeNode;
// Get the AD LDS object.
try
{
if (pathToAD.Length > 0)
objAdam = new DirectoryEntry();
else
objAdam = new DirectoryEntry(pathToAD);
objAdam.RefreshCache();
}
catch (Exception e)
{
throw e;
}
// Get search object,specify filter and scope,// perform search.
try
{
objSearchAdam = new DirectorySearcher(objAdam);
objSearchAdam.Filter = \"(&(objectClass=group))\";
objSearchAdam.SearchScope = SearchScope.Subtree;
objSearchResults = objSearchAdam.FindAll();
}
catch (Exception e)
{
throw e;
}
// Enumerate groups
try
{
if (objSearchResults.Count != 0)
{
//SearchResult objResult = default(SearchResult);
foreach (SearchResult objResult in objSearchResults)
{
objGroupEntry = objResult.GetDirectoryEntry();
result.ActiveDirectoryTree.Add(new ActiveDirectoryItem() { Id = objGroupEntry.Guid,ParentId = objGroupEntry.Parent.Guid,AccountName = objGroupEntry.Name,Type = ActiveDirectoryType.Group,PickableNode = false });
foreach (object child in objGroupEntry.Properties[\"member\"])
{
treeNode = new ActiveDirectoryItem();
var path = \"LDAP://\" + child.ToString().Replace(\"/\",\"\\\\/\");
using (var memberEntry = new DirectoryEntry(path))
{
if (memberEntry.Properties.Contains(\"sAMAccountName\") && memberEntry.Properties.Contains(\"objectSid\"))
{
treeNode.Id = Guid.NewGuid();
treeNode.ParentId = objGroupEntry.Guid;
treeNode.AccountName = memberEntry.Properties[\"sAMAccountName\"][0].ToString();
treeNode.Type = ActiveDirectoryType.User;
treeNode.PickableNode = true;
treeNode.FullName = memberEntry.Properties[\"Name\"][0].ToString();
byte[] sidBytes = (byte[])memberEntry.Properties[\"objectSid\"][0];
treeNode.ObjectSid = new System.Security.Principal.SecurityIdentifier(sidBytes,0).ToString();
result.ActiveDirectoryTree.Add(treeNode);
}
}
}
}
}
else
{
throw new Exception(\"No groups found\");
}
}
catch (Exception e)
{
throw new Exception(e.Message);
}
return result;
}
问题是使用(var memberEntry = new DirectoryEntry(path))返回DomainUsers作为该树的用户,我不确定这是否正确?
假设我存储了DomainUsers节点的sidId,然后将其发送到以下方法:
public static Boolean GetActiveDirectoryName(string sidId,out string samAccountName,out string fullName)
{
samAccountName = string.Empty;
fullName = string.Empty;
if (sidId != null && sidId.Length > 0)
{
var ctx = new System.DirectoryServices.AccountManagement.PrincipalContext(ContextType.Domain,null);
using (var up = UserPrincipal.FindByIdentity(ctx,IdentityType.Sid,sidId))
{
samAccountName = up.SamAccountName;
fullName = up.Name;
return true;
}
}
return false;
}
up将设置为null吗?如果我在广告中选择其他用户,则可以正常工作。我怀疑DomainUsers是一个组,但是如何在DirectoryEntry上进行检查?
最好的祝福
解决方法
烦恼:您是否考虑过检查返回结果的Schema属性?我认为您可以通过使用
DirectoryEntry.SchemaEntry.Name
轻松地确定一组。如果您的模式条目是一个组,它将返回“ 3”。
参考:MSDN:DirectoryEntry.SchemaEntry
出于好奇,上面代码中的主题有点偏离:
if (pathToAD.Length > 0)
objADAM = new DirectoryEntry();
else
objADAM = new DirectoryEntry(pathToAD);
objADAM.RefreshCache();
如果不是Length>0
,您是否要使用pathToAD
?