如何检索组中的用户，包括主要组用户

作者: yomiko35074860
来源: 51数据库
2022-10-21

问题描述

我在 .net 2.0 中工作，需要检索给定 AD 组的所有用户.我有以下方法确实返回组的所有成员，但它不返回将传递的组作为其主要组的用户.我需要做什么才能让这些用户也包括在内?

I'm working in .net 2.0 and need to retrieve all the users of a given AD group. I have the following method that does return all the members of the group, but it does not return users that have the passed group as their primary group. What do I need to do to get those users included as well?

/// <summary>
/// Gets the group child users.
/// </summary>
/// <param name="parentGroup">The parent group.</param>
/// <returns></returns>
public List<ADUser> GetGroupChildUsers(ADGroup parentGroup)
{
    List<ADUser> list = new List<ADUser>();

    DirectoryEntry entry = GetDirectoryEntry(LdapBaseString);

    DirectorySearcher searcher = new DirectorySearcher(entry);
    searcher.Filter = string.Format("(&(objectCategory=person)(memberOf={0}))", parentGroup.DN);

    searcher.PropertiesToLoad.Add("objectGUID");
    searcher.SizeLimit = MaxReturnCount;

    SearchResultCollection results = searcher.FindAll();

    foreach (SearchResult result in results) {
        Guid guid = new Guid((byte[])result.Properties["objectGUID"][0]);
        list.Add(GetUserByGuid(guid));
    }

    if (list.Count <= 0) {
        return null;
    } else {
        return list;
    }
}

推荐答案

用户的主要组由用户的 primaryGroupID 属性给出.事实上，primaryGroupID 以字符串格式包含主要组的 RID.这就是为什么，我首先获取您要查找用户的组的 SID，然后我(错误地)计算 RID，并使用包含 RID 的 primaryGroupID 搜索用户.

The primary group of a user is given by primaryGroupID attribute of a user. In fact primaryGroupID contains the RID of the primary group in a string format. That's why, I first get the SID of the group you are looking for users, then I compute (badly) the RID, and I search for users with a primaryGroupID containing the RID.

/* Connection to Active Directory
 */
DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/dc=dom,dc=fr");

/* Directory Search for agroup
 */
string givenGrpName = "MonGrpSec"; 
DirectorySearcher dsLookFor = new DirectorySearcher(deBase);
dsLookFor.Filter = string.Format ("(sAMAccountName={0})", givenGrpName);
dsLookFor.SearchScope = SearchScope.Subtree;
dsLookFor.PropertiesToLoad.Add("cn");
dsLookFor.PropertiesToLoad.Add("objectSid");

SearchResult srcGrp = dsLookFor.FindOne();

/* Get the SID
 */
SecurityIdentifier secId = new SecurityIdentifier(srcGrp.Properties["objectSid"][0] as byte[], 0);

/* Find The RID (sure exists a best method)
 */
Regex regRID = new Regex(@"^S.*-(d+)$");
Match matchRID =  regRID.Match(secId.Value);
string sRID = matchRID.Groups[1].Value;

/* Directory Search for users that has a particular primary group
 */
DirectorySearcher dsLookForUsers = new DirectorySearcher(deBase);
dsLookForUsers.Filter = string.Format("(primaryGroupID={0})", sRID);
dsLookForUsers.SearchScope = SearchScope.Subtree;
dsLookForUsers.PropertiesToLoad.Add("cn");

SearchResultCollection srcUsers = dsLookForUsers.FindAll();

foreach (SearchResult user in srcUsers)
{
  Console.WriteLine("{0} is the primary group of {1}", givenGrpName, user.Properties["cn"][0]);
}