如何知道DirectoryEntry是用户还是组?
嗨,
我有以下代码从当前AD创建树:
public static ActiveDirectory GetActiveDirectoryTree(string pathToAD = "") { DirectoryEntry objADAM = default(DirectoryEntry); // Binding object. DirectoryEntry objGroupEntry = default(DirectoryEntry); // Group Results. DirectorySearcher objSearchADAM = default(DirectorySearcher); // Search object. SearchResultCollection objSearchResults = default(SearchResultCollection); // Binding path. ActiveDirectory result = new ActiveDirectory(); ActiveDirectoryItem treeNode; // Get the AD LDS object. try { if (pathToAD.Length > 0) objADAM = new DirectoryEntry(); else objADAM = new DirectoryEntry(pathToAD); objADAM.RefreshCache(); } catch (Exception e) { throw e; } // Get search object, specify filter and scope, // perform search. try { objSearchADAM = new DirectorySearcher(objADAM); objSearchADAM.Filter = "(&(objectClass=group))"; objSearchADAM.SearchScope = SearchScope.Subtree; objSearchResults = objSearchADAM.FindAll(); } catch (Exception e) { throw e; } // Enumerate groups try { if (objSearchResults.Count != 0) { //SearchResult objResult = default(SearchResult); foreach (SearchResult objResult in objSearchResults) { objGroupEntry = objResult.GetDirectoryEntry(); result.ActiveDirectoryTree.Add(new ActiveDirectoryItem() { Id = objGroupEntry.Guid, ParentId = objGroupEntry.Parent.Guid, AccountName = objGroupEntry.Name, Type = ActiveDirectoryType.Group, PickableNode = false }); foreach (object child in objGroupEntry.Properties["member"]) { treeNode = new ActiveDirectoryItem(); var path = "LDAP://" + child.ToString().Replace("/", "\\/"); using (var memberEntry = new DirectoryEntry(path)) { if (memberEntry.Properties.Contains("sAMAccountName") && memberEntry.Properties.Contains("objectSid")) { treeNode.Id = Guid.NewGuid(); treeNode.ParentId = objGroupEntry.Guid; treeNode.AccountName = memberEntry.Properties["sAMAccountName"][0].ToString(); treeNode.Type = ActiveDirectoryType.User; treeNode.PickableNode = true; treeNode.FullName = memberEntry.Properties["Name"][0].ToString(); byte[] sidBytes = (byte[])memberEntry.Properties["objectSid"][0]; treeNode.ObjectSid = new System.Security.Principal.SecurityIdentifier(sidBytes, 0).ToString(); result.ActiveDirectoryTree.Add(treeNode); } } } } } else { throw new Exception("No groups found"); } } catch (Exception e) { throw new Exception(e.Message); } return result; } 问题是使用(var memberEntry = new DirectoryEntry(path))将DomainUsers作为用户返回到此树,我不确定这是否正确?
假设我存储了DomainUsers节点的sidId,然后将其发送到以下方法:
public static Boolean GetActiveDirectoryName(string sidId,out string samAccountName,out string fullName) { samAccountName = string.Empty; fullName = string.Empty; if (sidId != null && sidId.Length > 0) { var ctx = new System.DirectoryServices.AccountManagement.PrincipalContext(ContextType.Domain, null); using (var up = UserPrincipal.FindByIdentity(ctx, IdentityType.Sid, sidId)) { samAccountName = up.SamAccountName; fullName = up.Name; return true; } } return false; }
up将被设置为null? 如果我在AD中选择其他用户,那么它的工作正常。 我怀疑DomainUsers是一个组,但如何在DirectoryEntry上检查?
最好的祝福
在我的脑海中:您是否考虑过检查返回结果的Schema属性? 我想你可以通过使用DirectoryEntry.SchemaEntry.Name轻松地计算一个组。 如果您的架构条目是一个组,它应该返回组。
参考: MSDN:DirectoryEntry.SchemaEntry
只是出于好奇和上面代码中的一些主题:
if (pathToAD.Length > 0) objADAM = new DirectoryEntry(); else objADAM = new DirectoryEntry(pathToAD); objADAM.RefreshCache();
如果Length>0你不想使用pathToAD吗?