Active Directory Get User's groups using LDAP

通过LDAP查找AD User所属的ADGroupy

  1         /// <summary>

 2         /// 获得用户所属组的SID
 3         /// </summary>
 4         /// <code>Comes From http://netwenchao.cnblogs.com</code>
 5         /// <returns></returns>
 6         public static IEnumerable<string> GetGroupSidsOfUser(string userLoginName, ADOperator operater)
 7         {
 8             using (DirectorySearcher directorySearcher = new DirectorySearcher(
 9                 new DirectoryEntry(string.Format("LDAP://{0}", operater.ManageDomainName), operater.UserLogonName, operater.Password, AuthenticationTypes.Secure),
10                 string.Format("(&(objectcategory=user)(samaccountname={0}))", GetUserName(userLoginName)),
11                 new string[] { ADUserAttributes.SamAccountName }))
12             {
13                 var result = directorySearcher.FindOne();
14                 if (result != null)
15                 {
16                     DirectoryEntry directoryEntry = result.GetDirectoryEntry();
17                     directoryEntry.RefreshCache(new string[] { ADUserAttributes.TokenGroupsGlobalAndUniversal });
18                     for (int index = 0; index < directoryEntry.Properties[ADUserAttributes.TokenGroupsGlobalAndUniversal].Count; index++)
19                     {
20                         yield return ConvertBinarySidToString((byte[])directoryEntry.Properties[ADUserAttributes.TokenGroupsGlobalAndUniversal][index]);
21                     }
22                 }
23             }
24             yield break;
25         }
26 
27         /// <summary>
28         /// 获得用户所属组的AccountName
29         /// </summary>
30         /// <param name="userLoginName"></param>
31         /// <param name="operater"></param>
32         /// <code>Comes From http://netwenchao.cnblogs.com</code>
33         /// <returns></returns>
34         public static IEnumerable<string> GetGroupsOfUser(string userLoginName, ADOperator operater)
35         {
36             using (DirectorySearcher directorySearcher = new DirectorySearcher(
37                 new DirectoryEntry(string.Format("LDAP://{0}", operater.ManageDomainName), operater.UserLogonName, operater.Password, AuthenticationTypes.Secure),
38                 "",
39                 new string[] { ADUserAttributes.SamAccountName }))
40             {
41                 IList<string> groups = new List<string>();
42                 SearchResult sr = null;
43                 var sids = GetGroupSidsOfUser(userLoginName, operater);
44                 if (!sids.Any()) return null;
45                 foreach (var sid in sids)
46                 {
47                     directorySearcher.Filter = string.Format("objectsid={0}", sid);
48                     sr = directorySearcher.FindOne();
49                     if (null != sr && sr.Properties[ADUserAttributes.SamAccountName].Count > 0) groups.Add(sr.Properties[ADUserAttributes.SamAccountName][0].ToString());
50                 }
51                 return groups;
52             }
53         }

Comes From http://netwenchao.cnblogs.com

【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/netwenchao/p/2518229.html