通过.net获取Active Directory组中的用户名
下面的代码获取组中的用户,但返回"CN=johnson\,Tom,OU=Users,OU=Main,DC=company,DC=com"
我想只返回名字和姓氏。 我怎么能做到这一点?
DirectoryEntry ou = new DirectoryEntry(); DirectorySearcher src = new DirectorySearcher(); src.Filter = ("(&(objectClass=group)(CN=Gname))"); SearchResult res = src.FindOne(); if (res != null) { DirectoryEntry deGroup = new DirectoryEntry(res.Path); PropertyCollection pcoll = deGroup.Properties; foreach (object obj in deGroup.Properties["member"]) { ListBox1.Items.Add(obj.ToString()); } }
我更喜欢使用System.DirectoryServices.AccountManagement中的类:
PrincipalContext principalContext = new PrincipalContext(ContextType.Domain); GroupPrincipal group = GroupPrincipal.FindByIdentity(principalContext, "GName");
搜索group.Members属性,直到您拥有所需的Principal 。 然后像这样提取名称:
foreach (Principal principal in group.Members) { string name = principal.Name; }
使用您的代码, givenName ( 名字 )和sn ( 姓氏 )属性应该有效。
如果您使用System.DIrectoryServices.AccountManagement命名空间UserPrincipal(如@ russell-mcclure建议),您还将找到GivenName和Surname属性。
除非您必须遍历受信任的林并且需要全局编录才能找到该用户,否则AccountManagement非常方便。
这是我在不使用AccountManagement类的情况下执行的PowerShell脚本。 将它转换为C#应该很容易:
[void][System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices"); $groupName = "Grupo Domain"; $directoryEntry = New-Object System.DirectoryServices.DirectoryEntry; $directorySearcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, "(&(objectClass=group)(CN=$groupName))"); [void]$directorySearcher.PropertiesToLoad.Add("objectSid"); [void]$directorySearcher.PropertiesToLoad.Add("member"); $result = $directorySearcher.FindOne(); if ($result -eq $null) { return; } # Try get the group members through the "member" property. if ($result.Properties["member"].Count -gt 0) { foreach ($member in $result.Properties["member"]) { $memberSearcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, "(&(objectClass=*)(distinguishedName=$member))"); [void]$memberSearcher.PropertiesToLoad.Add("msDS-PrincipalName"); $memberResult = $memberSearcher.FindOne(); if ($memberResult -eq $null) { continue; } Write-Output $memberResult.Properties["msDS-PrincipalName"]; } return; } if ($result.Properties["objectSid"].Count -gt 0) { # The group might be an AD primary group. Try get the members by the PrimaryGroupID. $groupSid = New-Object System.Security.Principal.SecurityIdentifier($result.Properties["objectSid"][0], 0); # Hacky way to get only the last RID. $primaryGroupSid = $groupSid.Value.Replace($groupSid.AccountDomainSid.ToString(), [String]::Empty).TrimStart('-'); $memberSearcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, "(&(objectClass=*)(primaryGroupId=$primaryGroupSid))"); [void]$memberSearcher.PropertiesToLoad.Add("msDS-PrincipalName"); $memberResult = $memberSearcher.FindAll(); if ($memberResult -eq $null) { continue; } foreach ($member in $memberResult) { Write-Output $member.Properties["msDS-PrincipalName"]; } }