i have a code to get the groups a user belongs to.
我有一个代码来获取用户所属的组。
try
{
DirectoryEntry adRoot = new DirectoryEntry(string.Format("WinNT://{0}", Environment.UserDomainName));
DirectoryEntry user = adRoot.Children.Find(completeUserName, "User");
object obGroups = user.Invoke("Groups");
foreach (object ob in (IEnumerable)obGroups)
{
// Create object for each group.
DirectoryEntry obGpEntry = new DirectoryEntry(ob);
listOfMyWindowsGroups.Add(obGpEntry.Name);
}
return true;
}
catch (Exception ex)
{
new GUIUtility().LogMessageToFile("Error in getting User MachineGroups = " + ex);
return false;
}
the above code works fine when i have to find the groups of a local user but
当我需要查找本地用户的组时,上面的代码可以正常工作
for a domain user it returns a value "Domain User" which is kind of wierd as it is a part of 2 local groups.
对于域用户,它返回一个值“域用户”,这有点奇怪,因为它是两个局部组的一部分。
Please can some1 help in solving this mystery. thanks
请帮我解开这个谜。谢谢
Research
研究
I did some finding and got that i am being returned the primary group of the domain user
我做了一些发现,并得到了我正在被返回的主组的域用户。
called "Domain User" group
“域用户”组
but what i actually want is the groups of the local machines the domain user is a part of... i cannot get that.. any suggestions
但是我真正想要的是本地机器的组域用户是。我不能得到. .有什么建议
another code using LDAP
另一个代码使用LDAP
string domain = Environment.UserDomainName;
DirectoryEntry DE = new DirectoryEntry("LDAP://" + domain, null, null, AuthenticationTypes.Secure);
DirectorySearcher search = new DirectorySearcher();
search.SearchRoot = DE;
search.Filter = "(SAMAccountName=" + completeUserName + ")"; //Searches active directory for the login name
search.PropertiesToLoad.Add("displayName"); // Once found, get a list of Groups
try
{
SearchResult result = search.FindOne(); // Grab the records and assign them to result
if (result != null)
{
DirectoryEntry theUser = result.GetDirectoryEntry();
theUser.RefreshCache(new string[] { "tokenGroups" });
foreach (byte[] resultBytes in theUser.Properties["tokenGroups"])
{
System.Security.Principal.SecurityIdentifier mySID = new System.Security.Principal.SecurityIdentifier(resultBytes, 0);
DirectorySearcher sidSearcher = new DirectorySearcher();
sidSearcher.SearchRoot = DE;
sidSearcher.Filter = "(objectSid=" + mySID.Value + ")";
sidSearcher.PropertiesToLoad.Add("distinguishedName");
SearchResult sidResult = sidSearcher.FindOne();
if (sidResult != null)
{
listOfMyWindowsGroups.Add((string)sidResult.Properties["distinguishedName"][0]);
}
}
}
else
{
new GUIUtility().LogMessageToFile("no user found");
}
return true;
}
catch (Exception ex)
{
new GUIUtility().LogMessageToFile("Error obtaining group names: " + ex.Message + " Please contact your administrator."); // If an error occurs report it to the user.
return false;
}
this works too but i get the same result "Domain Users" . Please can some1 tell me how to get the local machine groups...????
这也可以,但我得到了相同的结果“域用户”。请告诉我怎样才能找到当地的机群????
2 个解决方案
#1
2
If you are using .NET 3.5, you can use System.DirectoryService.AccountManagement to do all the user and group management. In particular, UserPrincipal.GetAuthorizationGroups is exactly what you are looking for. It retrieves both local group and machine group for a particular users. If the group is a local group, GroupPrincipal.Context.Name is showing the machine name where the group come from. If the group is a domain group, GroupPrincipal.Context.Domain is showing the domain name where the group comes from.
如果使用。net 3.5,可以使用System.DirectoryService。做所有用户和组的管理。特别是,UserPrincipal。GetAuthorizationGroups正是您所寻找的。它为特定用户检索本地组和机器组。如果组是一个本地组,GroupPrincipal.Context。Name显示组来自的机器名。如果组是一个域组,GroupPrincipal.Context。Domain表示组来自的域名。
PrincipalContext context = new PrincipalContext(ContextType.Domain, "yourdomain.com");
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "youruser");
foreach (GroupPrincipal group in userPrincipal.GetAuthorizationGroups())
{
Console.Out.WriteLine("{0}\\{1}", group.Context.Name, group.SamAccountName);
}
#2
0
I would say the problem is that you're search is starting in the domain. You want to change the location of the search to the local machine.
我认为问题是你的搜索是从域开始的。您希望将搜索的位置更改为本地机器。
Something like this would do it;
就像这样;
DirectoryEntry AD = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");
#1
2
If you are using .NET 3.5, you can use System.DirectoryService.AccountManagement to do all the user and group management. In particular, UserPrincipal.GetAuthorizationGroups is exactly what you are looking for. It retrieves both local group and machine group for a particular users. If the group is a local group, GroupPrincipal.Context.Name is showing the machine name where the group come from. If the group is a domain group, GroupPrincipal.Context.Domain is showing the domain name where the group comes from.
如果使用。net 3.5,可以使用System.DirectoryService。做所有用户和组的管理。特别是,UserPrincipal。GetAuthorizationGroups正是您所寻找的。它为特定用户检索本地组和机器组。如果组是一个本地组,GroupPrincipal.Context。Name显示组来自的机器名。如果组是一个域组,GroupPrincipal.Context。Domain表示组来自的域名。
PrincipalContext context = new PrincipalContext(ContextType.Domain, "yourdomain.com");
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "youruser");
foreach (GroupPrincipal group in userPrincipal.GetAuthorizationGroups())
{
Console.Out.WriteLine("{0}\\{1}", group.Context.Name, group.SamAccountName);
}
#2
0
I would say the problem is that you're search is starting in the domain. You want to change the location of the search to the local machine.
我认为问题是你的搜索是从域开始的。您希望将搜索的位置更改为本地机器。
Something like this would do it;
就像这样;
DirectoryEntry AD = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");