I'm using ASP.net with C# and have a very little idea about Active Directory. I've been given a task to write a program in steps below:
我正在使用ASP.net与C#,并对Active Directory有一点了解。我已经完成了以下步骤编写程序的任务:
The ASP.net application is given the username of a user.
ASP.net应用程序被赋予用户的用户名。
The application should query all the groups of the user with the given username.
应用程序应使用给定的用户名查询用户的所有组。
Then the application should display these groups in two separate lists one consisting of the distribution groups and in other list, the rest of the groups.
然后,应用程序应将这些组显示在两个单独的列表中,其中一个由通讯组组成,另一个列表中包含其余组。
Now, the querying for all the groups is easy. But how can I check whether the group is in distribution group or not?
现在,查询所有组很容易。但是,如何检查该组是否在分发组中?
I have not been given more information.
我没有得到更多的信息。
Any attribute or something I can check?
我可以检查的任何属性或东西?
3 个解决方案
#1
3
You can retreive this information from an attribute called Groupe-Type(last line).
您可以从名为Groupe-Type(最后一行)的属性中检索此信息。
(0x00000001) : Specifies a group that is created by the system.
(0x00000002) : Specifies a group with global scope.
(0x00000004) : Specifies a group with domain local scope.
(0x00000008) : Specifies a group with universal scope.
(0x00000010) : Specifies an APP_BASIC group for Windows Server Authorization Manager.
(0x00000020) : Specifies an APP_QUERY group fir Windows Server Authorization Manager.
(0x80000000) :Specifies a security group. If this flag is not set, then the group is a distribution group.
You can find in this answer or at the botton of this other one different ways to retreive groups a user belongs to.
你可以在这个答案中找到或者在另一个方面找到一个不同的方法来检索用户所属的组。
You can find here how to retreive user.
您可以在这里找到如何撤消用户。
#2
3
Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement
(S.DS.AM) namespace. Read all about it here:
由于您使用的是.NET 3.5及更高版本,因此您应该查看System.DirectoryServices.AccountManagement(S.DS.AM)命名空间。在这里阅读所有相关内容:
- Managing Directory Security Principals in the .NET Framework 3.5
- MSDN docs on System.DirectoryServices.AccountManagement
管理.NET Framework 3.5中的目录安全性主体
System.DirectoryServices.AccountManagement上的MSDN文档
Basically, you can define a domain context and easily find users and/or groups in AD:
基本上,您可以定义域上下文并在AD中轻松查找用户和/或组:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
// get all roles for that user
var roles = user.GetGroups();
// set up two lists for each type of groups
List<GroupPrincipal> securityGroups = new List<GroupPrincipal>();
List<GroupPrincipal> distributionGroups = new List<GroupPrincipal>();
// iterate over groups found
foreach (Principal p in roles)
{
// cast to GroupPrincipal
GroupPrincipal gp = (p as GroupPrincipal);
if (gp != null)
{
// check whether it's a security group or a distribution group
if (gp.IsSecurityGroup)
securityGroups.Add(gp);
else
distributionGroups.Add(gp);
}
}
}
The new S.DS.AM makes it really easy to play around with users and groups in AD!
新的S.DS.AM使得在AD中与用户和群组玩起来非常容易!
#3
3
This code will retrieve all your email enabled groups, regardless of whether it is a security or distribution group. (Having seen your comment to marc_s's answer, I'm guessing this is actually what your managers are looking for).
此代码将检索所有启用电子邮件的组,无论它是安全组还是通讯组。 (看过你对marc_s答案的评论,我猜这实际上是你的经理们正在寻找的)。
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
Principal prototype = new GroupPrincipal(ctx);
PrincipalSearcher searcher = new PrincipalSearcher(prototype);
List<string> groupNames = new List<string>();
PropertyValueCollection email;
foreach (var gp in searcher.FindAll()) using (gp)
{
GroupPrincipal group = gp as GroupPrincipal;
using (DirectoryEntry groupEntry = ((DirectoryEntry)group.GetUnderlyingObject())
{
email = groupEntry.Properties["mail"];
if (email.Value != null)
{
groupNames.Add(group.Name);
}
}
}
}
#1
3
You can retreive this information from an attribute called Groupe-Type(last line).
您可以从名为Groupe-Type(最后一行)的属性中检索此信息。
(0x00000001) : Specifies a group that is created by the system.
(0x00000002) : Specifies a group with global scope.
(0x00000004) : Specifies a group with domain local scope.
(0x00000008) : Specifies a group with universal scope.
(0x00000010) : Specifies an APP_BASIC group for Windows Server Authorization Manager.
(0x00000020) : Specifies an APP_QUERY group fir Windows Server Authorization Manager.
(0x80000000) :Specifies a security group. If this flag is not set, then the group is a distribution group.
You can find in this answer or at the botton of this other one different ways to retreive groups a user belongs to.
你可以在这个答案中找到或者在另一个方面找到一个不同的方法来检索用户所属的组。
You can find here how to retreive user.
您可以在这里找到如何撤消用户。
#2
3
Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement
(S.DS.AM) namespace. Read all about it here:
由于您使用的是.NET 3.5及更高版本,因此您应该查看System.DirectoryServices.AccountManagement(S.DS.AM)命名空间。在这里阅读所有相关内容:
- Managing Directory Security Principals in the .NET Framework 3.5
- MSDN docs on System.DirectoryServices.AccountManagement
管理.NET Framework 3.5中的目录安全性主体
System.DirectoryServices.AccountManagement上的MSDN文档
Basically, you can define a domain context and easily find users and/or groups in AD:
基本上,您可以定义域上下文并在AD中轻松查找用户和/或组:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
// get all roles for that user
var roles = user.GetGroups();
// set up two lists for each type of groups
List<GroupPrincipal> securityGroups = new List<GroupPrincipal>();
List<GroupPrincipal> distributionGroups = new List<GroupPrincipal>();
// iterate over groups found
foreach (Principal p in roles)
{
// cast to GroupPrincipal
GroupPrincipal gp = (p as GroupPrincipal);
if (gp != null)
{
// check whether it's a security group or a distribution group
if (gp.IsSecurityGroup)
securityGroups.Add(gp);
else
distributionGroups.Add(gp);
}
}
}
The new S.DS.AM makes it really easy to play around with users and groups in AD!
新的S.DS.AM使得在AD中与用户和群组玩起来非常容易!
#3
3
This code will retrieve all your email enabled groups, regardless of whether it is a security or distribution group. (Having seen your comment to marc_s's answer, I'm guessing this is actually what your managers are looking for).
此代码将检索所有启用电子邮件的组,无论它是安全组还是通讯组。 (看过你对marc_s答案的评论,我猜这实际上是你的经理们正在寻找的)。
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
Principal prototype = new GroupPrincipal(ctx);
PrincipalSearcher searcher = new PrincipalSearcher(prototype);
List<string> groupNames = new List<string>();
PropertyValueCollection email;
foreach (var gp in searcher.FindAll()) using (gp)
{
GroupPrincipal group = gp as GroupPrincipal;
using (DirectoryEntry groupEntry = ((DirectoryEntry)group.GetUnderlyingObject())
{
email = groupEntry.Properties["mail"];
if (email.Value != null)
{
groupNames.Add(group.Name);
}
}
}
}