Active Directory 嵌套组

问题描述

我有一个 C# 4.0 程序可以检索特定 AD 组的所有成员.在这个 AD 组中是包含其他成员的其他 AD 组.我需要我的程序来识别它是一个组并检索该组中的成员.

I have a C# 4.0 program working that retrieves all the members for a specific AD group. In this AD group are other AD groups containing other members. I need my program to identity that it is a group and retrieve the members in that group.

我知道我需要编写一个递归程序，但我希望有人可能已经完成了.如果不是，有人可以告诉我 AD 属性属性来标识该成员是实际的组吗?

I know I need to write a recursive program but I was hoping somebody out there might have already done it. If not, could somebody tell me the AD property attribute to identify that the member is actual a group?

推荐答案

由于您使用的是 .NET 3.5 及更高版本，您应该查看 System.DirectoryServices.AccountManagement (S.DS.AM) 命名空间.在此处阅读所有相关信息:

Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• 管理目录.NET Framework 3.5 中的安全主体
• 有关 System.DirectoryServices.AccountManagement 的 MSDN 文档

基本上，您可以定义域上下文并轻松找到 AD 中的用户和/或组.另外:GroupPrincipal 有一个名为 GetMembers 的方法，它将列出该组的所有成员 - 可选地，它会为您递归地这样做！

Basically, you can define a domain context and easily find users and/or groups in AD. Also: the GroupPrincipal has a method called GetMembers which will list all members of that group - optionally, it will do so recursively for you!

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find the group you're interested in
GroupPrincipal myGroup = GroupPrincipal.FindByIdentity(ctx, "SomeGroup");

// if you found it - get its members
if (myGroup != null)
{
   // if your call the GetMembers, you can optionally specify a "Recursive" flag - done here
   var allMembers = myGroup.GetMembers(true);
}

新的 S.DS.AM 使在 AD 中与用户和组一起玩变得非常容易！

The new S.DS.AM makes it really easy to play around with users and groups in AD!