VB.NET查找用户组成员递归(间接)
问题描述:
我使用下面的代码来获取组特定用户的直接VB.NET查找用户组成员递归(间接)
Public Function IsInGroup(ByVal username As String, ByVal password As String) As Collection
Dim Groups As New Collection
Dim domain = "registry"
Dim dirEntry As New DirectoryEntry("LDAP://" & domain, username, password, DirectoryServices.AuthenticationTypes.Secure)
Dim dirSearcher As New DirectorySearcher(dirEntry)
dirSearcher.Filter = "(SAMAccountName=" + username + ")"
dirSearcher.PropertiesToLoad.Add("memberOf")
Dim propCount As Integer
Try
Dim dirSearchResults As SearchResult = dirSearcher.FindOne()
propCount = dirSearchResults.Properties("memberOf").Count
Dim dn As String
Dim equalsIndex As String
Dim commaIndex As String
For i As Integer = 0 To propCount - 1
dn = dirSearchResults.Properties("memberOf")(i)
equalsIndex = dn.IndexOf("=", 1)
commaIndex = dn.IndexOf(",", 1)
If equalsIndex = -1 Then
Return Nothing
End If
If Not Groups.Contains(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1)) Then
Groups.Add(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1))
End If
Next
Catch ex As Exception
If ex.GetType Is GetType(System.NullReferenceException) Then
MessageBox.Show("Selected user isn't a member of any groups at this time.", "No groups listed", MessageBoxButtons.OK, MessageBoxIcon.Error)
'they are still a good user just does not
'have a "memberOf" attribute so it errors out.
'code to do something else here if you want
Else
MessageBox.Show(ex.Message.ToString, "Search Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
End If
End Try
'Console.WriteLine(Groups)
Return Groups
End Function
成员,但我怎么拿到团体用户是InDirectly的成员?
想法?
答
而不是查询和枚举递归组成员资格,你应该有Active Directory通过查询tokenGroups属性来为你做这件事。
tokenGroups属性是由Active Directory计算并用于验证用户访问的SID的数组。
我们需要将这些SID转换为它们的sAMAccountNames以获取实际的组名称。
在非托管代码中,可以通过调用DsCrackNames API或IADsNameTranslate接口来完成。 (VB).NET最简单的方法是使用UserPrincipal类(需要.NET Framework 3.5或更高版本),它公开GetAuthorizationGroups方法。
查看https://www.remkoweijnen.nl/blog/2011/01/18/recursive-group-membership-in-powershell/举例。它在PowerShell中,但转换为VB.NET很简单。
谢谢你 - 我会看看,如果tokenGroups更快,更好,那么听起来不错:) –