如何检索用户在一组，包括小学组用户

本文介绍了如何检索用户在一组，包括小学组用户的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我工作在.NET 2.0和需要找回某个广告组的所有用户。我有一个不返回该组的所有成员下面的方法，但它不返回具有传递组作为主要的用户群。什么我需要做的就是这些用户包括在内？

///＆LT;总结＆gt; ///获取该组孩子的用户。 ///＆LT; /总结＆gt; ///＆LT; PARAM NAME =parentGroup＆gt;在母集团＆LT; /参数＆GT; ///＆LT;返回＆GT;＆LT; /回报＆GT; 公开名单＆LT; ADUser便有＆GT; GetGroupChildUsers（广告组parentGroup） {     名单＆LT; ADUser便有＆GT;名单=新的名单，其中，ADUser便有＆GT;（）;     的DirectoryEntry条目= GetDirectoryEntry（LdapBaseString）;     DirectorySearcher从搜索=新DirectorySearcher从（输入）;     sea​​rcher.Filter =的String.Format（（及（objectCategory属性=人）（的memberOf = {0}）），parentGroup.DN）;     sea​​rcher.PropertiesToLoad.Add（的objectGUID）;     sea​​rcher.SizeLimit = MaxReturnCount;     SearchResultCollection结果= searcher.FindAll（）;     的foreach（信息搜索结果导致的结果）{         GUID GUID =新的GUID（（字节[]）result.Properties [的objectGUID] [0]）;         list.Add（GetUserByGuid（GUID））;     }     如果（list.Count＆所述; = 0）{         返回null;     } 其他 {         返回列表;     } }

解决方案

用户的主要组是由用户的 primaryGroupID 属性给出。事实上 primaryGroupID 包含RID的字符串格式的主组。这就是为什么，我先帮你寻找的用户组的SID，那么我计算（不好）的RID，我搜索用户提供了 primaryGroupID 包含RID

/ *连接到Active Directory  * / 的DirectoryEntry贬低=新的DirectoryEntry（LDAP：// WM2008R2ENT：389 / DC = DOM，DC = FR）; / *目录搜索agroup  * / 字符串givenGrpName =MonGrpSec; DirectorySearcher从dsLookFor =新DirectorySearcher从（贬低）; dsLookFor.Filter =的String.Format（（sAMAccountName赋= {0}），givenGrpName）; dsLookFor.SearchScope = SearchScope.Subtree; dsLookFor.PropertiesToLoad.Add（CN）; dsLookFor.PropertiesToLoad.Add（的objectSID）; 信息搜索结果srcGrp = dsLookFor.FindOne（）; / *获取SID  * / 的SecurityIdentifier secId =新的SecurityIdentifier（srcGrp.Properties [的objectSID] [0]作为字节[]，0）; / *查找的RID（肯定存在一个最好的方法）  * / 正则表达式REGRID =新的正则表达式（@^ S * - （\ d +）$）; 比赛matchRID = regRID.Match（secId.Value）; 字符串SRID = matchRID.Groups [1] .value的; / *电话号码簿搜索用户具有特定主组  * / DirectorySearcher从dsLookForUsers =新DirectorySearcher从（贬低）; dsLookForUsers.Filter =的String.Format（（primaryGroupID = {0}），SRID）; dsLookForUsers.SearchScope = SearchScope.Subtree; dsLookForUsers.PropertiesToLoad.Add（CN）; SearchResultCollection srcUsers = dsLookForUsers.FindAll（）; 的foreach（在srcUsers信息搜索结果的用户） {   Console.WriteLine（{0} {1}的主组，givenGrpName，user.Properties [CN] [0]）; }

I'm working in 2.0 and need to retrieve all the users of a given AD group. I have the following method that does return all the members of the group, but it does not return users that have the passed group as their primary group. What do I need to do to get those users included as well?

/// <summary> /// Gets the group child users. /// </summary> /// <param name="parentGroup">The parent group.</param> /// <returns></returns> public List<ADUser> GetGroupChildUsers(ADGroup parentGroup) { List<ADUser> list = new List<ADUser>(); DirectoryEntry entry = GetDirectoryEntry(LdapBaseString); DirectorySearcher searcher = new DirectorySearcher(entry); searcher.Filter = string.Format("(&(objectCategory=person)(memberOf={0}))", parentGroup.DN); searcher.PropertiesToLoad.Add("objectGUID"); searcher.SizeLimit = MaxReturnCount; SearchResultCollection results = searcher.FindAll(); foreach (SearchResult result in results) { Guid guid = new Guid((byte[])result.Properties["objectGUID"][0]); list.Add(GetUserByGuid(guid)); } if (list.Count <= 0) { return null; } else { return list; } }

解决方案

The primary group of a user is given by primaryGroupID attribute of a user. In fact primaryGroupID contains the RID of the primary group in a string format. That's why, I first get the SID of the group you are looking for users, then I compute (badly) the RID, and I search for users with a primaryGroupID containing the RID.

/* Connection to Active Directory */ DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/dc=dom,dc=fr"); /* Directory Search for agroup */ string givenGrpName = "MonGrpSec"; DirectorySearcher dsLookFor = new DirectorySearcher(deBase); dsLookFor.Filter = string.Format ("(sAMAccountName={0})", givenGrpName); dsLookFor.SearchScope = SearchScope.Subtree; dsLookFor.PropertiesToLoad.Add("cn"); dsLookFor.PropertiesToLoad.Add("objectSid"); SearchResult srcGrp = dsLookFor.FindOne(); /* Get the SID */ SecurityIdentifier secId = new SecurityIdentifier(srcGrp.Properties["objectSid"][0] as byte[], 0); /* Find The RID (sure exists a best method) */ Regex regRID = new Regex(@"^S.*-(\d+)$"); Match matchRID = regRID.Match(secId.Value); string sRID = matchRID.Groups[1].Value; /* Directory Search for users that has a particular primary group */ DirectorySearcher dsLookForUsers = new DirectorySearcher(deBase); dsLookForUsers.Filter = string.Format("(primaryGroupID={0})", sRID); dsLookForUsers.SearchScope = SearchScope.Subtree; dsLookForUsers.PropertiesToLoad.Add("cn"); SearchResultCollection srcUsers = dsLookForUsers.FindAll(); foreach (SearchResult user in srcUsers) { Console.WriteLine("{0} is the primary group of {1}", givenGrpName, user.Properties["cn"][0]); }