您的位置: 首页  >  技术问答  >  需要检索用户所属的所有组...在C++

需要检索用户所属的所有组...在C++

分类: 技术问答 2022-06-09 09:35:06
问题描述:

我需要找到所有组特定用户中的一员。我使用的是C++,而不是Powershell,如果这是我错误的论坛,我表示歉意。需要检索用户所属的所有组...在C++

从我的网站我需要检索的memberOf属性上找到,但我得到的属性不存在的错误。任何帮助,将不胜感激。下面的代码:

HRESULT hrObj = E_FAIL; 
HRESULT hr = E_FAIL; 
ADS_SEARCHPREF_INFO SearchPrefs; 
// COL for iterations 
ADS_SEARCH_COLUMN col; 
// Handle used for searching 
ADS_SEARCH_HANDLE hSearch; 

// Search entire subtree from root. 
SearchPrefs.dwSearchPref = ADS_SEARCHPREF_SEARCH_SCOPE; 
SearchPrefs.vValue.dwType = ADSTYPE_INTEGER; 
SearchPrefs.vValue.Integer = ADS_SCOPE_SUBTREE; 

// Set the search preference. 
DWORD dwNumPrefs = 1; 
hr = pSearchBase->SetSearchPreference(&SearchPrefs, dwNumPrefs); 
if (FAILED(hr)) 
{ 
    return hr; 
} 

// Create search filter. 
LPWSTR pszFormat = L"(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))"; 
int len = wcslen(pszFormat) + wcslen(szFindUser) + 1; 
LPWSTR pszSearchFilter = new WCHAR[len]; 
if(NULL == pszSearchFilter) 
{ 
    return E_OUTOFMEMORY; 
} 

swprintf_s(pszSearchFilter, len, pszFormat, szFindUser); 

// Set attributes to return. 
LPWSTR pszAttribute[NUM_ATTRIBUTES] = {L"ADsPath"}; 

// Execute the search. 
hr = pSearchBase->ExecuteSearch(pszSearchFilter, 
           pszAttribute, 
           NUM_ATTRIBUTES, 
           &hSearch); 
if (SUCCEEDED(hr)) 
{  
    // Call IDirectorySearch::GetNextRow() to retrieve the next row of data. 
    while(pSearchBase->GetNextRow(hSearch) != S_ADS_NOMORE_ROWS) 
    { 
     // Loop through the array of passed column names and 
     // print the data for each column. 
     for (DWORD x = 0; x < NUM_ATTRIBUTES; x++) 
     { 
      // Get the data for this column. 
      hr = pSearchBase->GetColumn(hSearch, pszAttribute[x], &col); 
      if (SUCCEEDED(hr)) 
      { 
       // Print the data for the column and free the column. 
       // Be aware that the requested attribute is type CaseIgnoreString. 
       if (ADSTYPE_CASE_IGNORE_STRING == col.dwADsType) 
       { 
        IADs *pADS; 
        hr = ADsOpenObject(col.pADsValues->CaseIgnoreString, 
         L"Administrator", 
         L"passW0rd", 
         ADS_SECURE_AUTHENTICATION, 
         IID_IADs, 
         (void**)&pADS); 

        VARIANT var; 
        VariantInit(&var); 
        if (SUCCEEDED(hr)) 
        { 
         hr = pADS->GetEx(L"memberOf", &var); <-- FAILS!!! 
         wprintf(L"Found User.\n",szFindUser); 
         wprintf(L"%s: %s\r\n",pszAttribute[x],col.pADsValues->CaseIgnoreString); 
         hrObj = S_OK; 
        } 
       } 

       pSearchBase->FreeColumn(&col); 
      } 
      else 
      { 
       hr = E_FAIL; 
      } 
     } 
    } 
    // Close the search handle to cleanup. 
    pSearchBase->CloseSearchHandle(hSearch); 
} 

delete pszSearchFilter; 

if (FAILED(hrObj)) 
{ 
    hr = hrObj; 
}
+0

尝试在请求的属性字段中请求'memberOf'和'isMemberOf'。 –

感谢您的答复,我想我发现我在MSDN中寻找的东西。

HRESULT CheckUserGroups(IADsUser *pUser) 
{ 

    IADsMembers *pGroups; 
    HRESULT hr = S_OK; 

    hr = pUser->Groups(&pGroups); 
    pUser->Release(); 
    if (FAILED(hr)) return hr; 

    IUnknown *pUnk; 
    hr = pGroups->get__NewEnum(&pUnk); 
    if (FAILED(hr)) return hr; 
    pGroups->Release(); 

    IEnumVARIANT *pEnum; 
    hr = pUnk->QueryInterface(IID_IEnumVARIANT,(void**)&pEnum); 
    if (FAILED(hr)) return hr; 

    pUnk->Release(); 

    // Enumerate. 
    BSTR bstr; 
    VARIANT var; 
    IADs *pADs; 
    ULONG lFetch; 
    IDispatch *pDisp; 

    VariantInit(&var); 
    hr = pEnum->Next(1, &var, &lFetch); 
    while(hr == S_OK) 
    { 
     if (lFetch == 1) 
     { 
      pDisp = V_DISPATCH(&var); 
      pDisp->QueryInterface(IID_IADs, (void**)&pADs); 
      pADs->get_Name(&bstr); 
      printf("Group belonged: %S\n",bstr); 
      SysFreeString(bstr); 
      pADs->Release(); 
     } 
     VariantClear(&var); 
     pDisp=NULL; 
     hr = pEnum->Next(1, &var, &lFetch); 
    }; 
    hr = pEnum->Release(); 
    return S_OK; 
}
+0

样品是在这里:http://msdn.microsoft.com/en-us/library/aa746342(v=vs.85).aspx – Liviu

除非你直接使用AD设置,它可能更容易使用Windows网络*函数作业:

#include <windows.h> 
#include <lm.h> 
#include <stdio.h> 

int main() { 
    wchar_t user[256]; 
    DWORD size = sizeof(user)/sizeof(user[0]); 
    GetUserNameW(user, &size); 

    printf("User: %S\n", user); 

    printf("Local groups: \n"); 

    LPBYTE buffer; 
    DWORD entries, total_entries; 

    NetUserGetLocalGroups(NULL, user, 0, LG_INCLUDE_INDIRECT, &buffer, MAX_PREFERRED_LENGTH, &entries, &total_entries); 

    LOCALGROUP_USERS_INFO_0 *groups = (LOCALGROUP_USERS_INFO_0*)buffer; 
    for (int i=0; i<entries; i++) 
     printf("\t%S\n", groups[i].lgrui0_name); 
    NetApiBufferFree(buffer); 

    printf("Global groups: \n"); 

    NetUserGetGroups(NULL, user, 0, &buffer, MAX_PREFERRED_LENGTH, &entries, &total_entries); 

    GROUP_USERS_INFO_0 *ggroups = (GROUP_USERS_INFO_0*)buffer; 
    for (int i=0; i<entries; i++) 
     printf("\t%S\n", ggroups[i].grui0_name); 
    NetApiBufferFree(buffer); 

    return 0; 
}
+0

感谢您的回复,但不幸的是我没有选项。我必须使用AD/C++来检索特定用户所属的所有LDAP组。顺便说一句,在我的代码中可能会被忽略的是我正在检索LDAP组,而不是本地组。谢谢。 – user1375218

相关推荐