我正在使用以下代码来获取我的域中组的成员:
Dim de As New DirectoryEntry("LDAP://" & GroupDN)
For Each user As String In CType(de.Properties("member"),IEnumerable)
GroupCollection.Add(Username,Username)
Next
我的问题是,当GroupDN(组的可分辨名称)是“CN = Domain Users,CN = Users,DC = Mydomain,DC = local”时,For … Each循环不执行,当我检查时手动使用属性语句,它的计数为零.这似乎适用于我的域中的每个其他组,但“域用户”组应该包含所有人,并且它似乎包含任何人.
我已经检查了,该组在我的Windows AD工具中正确列出了每个人.我有什么明显的遗漏吗?另外,是否有更好的方法来获得一个团体的所有成员?
除非您更改用户的主要组ID,否则用户不会存储在Domain Users组的成员属性中,而是使用主要组ID设置为域用户RID来确定域用户的成员身份.正常情况是Domain Users成员属性为空;它需要您对默认的Active Directory实现进行一些更改,但实际情况并非如此.
The Domain Users group uses a
“computed” mechanism based on the
“primary group ID” of the user to
determine membership and does not
typically store members as
multi-valued linked attributes. If the
primary group of the user is changed,
their membership in the Domain Users
group is written to the linked
attribute for the group and is no
longer calculated. This was true for
Windows 2000 and has not changed for
Windows Server 2003.