As the title mentions I need a way to get all groups a group is member of in ActiveDirectory.
正如标题所提到的,我需要一种方法来让所有群组成为ActiveDirectory中的成员。
To get all groups a user is member of I use
要获得所有组,用户是我使用的成员
public static DirectoryEntry[] GetGroupsUserIsMemberOf(DirectoryEntry directoryEntry)
{
ArrayList groupsUserIsMemberOf = new ArrayList();
object groups = null;
DirectoryEntry[] userGroupEntries = null;
if (directoryEntry != null && directoryEntry.SchemaClassName == "user") {
groups = directoryEntry.Invoke("Groups", null);
foreach (object group in (IEnumerable)groups) {
groupsUserIsMemberOf.Add(new DirectoryEntry(group));
}
userGroupEntries = (DirectoryEntry[])groupsUserIsMemberOf.ToArray(typeof(DirectoryEntry));
}
return userGroupEntries;
}
but when trying
但是在尝试时
public static DirectoryEntry[] GetGroupsGroupIsMemberOf(DirectoryEntry directoyEntry)
{
ArrayList groupsGroupIsMemberOf = new ArrayList();
object groups = null;
DirectoryEntry[] groupEntry = null;
if (directoyEntry != null && directoyEntry.SchemaClassName == "group") {
groups = directoyEntry.Invoke("Groups", null); // throws exception (see below)
foreach (object group in (IEnumerable)groups) {
groupsGroupIsMemberOf.Add(new DirectoryEntry(group));
}
groupEntry = (DirectoryEntry[])groupsGroupIsMemberOf.ToArray(typeof(DirectoryEntry));
}
return groupEntry;
}
to get all groups a group is member of the line
要获得所有组,组成为该行的成员
groups = directoyEntry.Invoke("Groups", null); // throws exception (see below)
throws an exception:
抛出异常:
"Unknown name. (exception HRESULT: 0x80020006 (DISP_E_UNKNOWNNAME))"
Does someone know a performant way to get all groups a group is member of?
有人知道一个高效的方法来让一个团队成为所有团体的成员吗?
2 个解决方案
#1
Think I've got it on my own:
想想我自己得到了它:
To get all groups a group is member of you can use
要使所有组成为您可以使用的成员
directoryEntry.Properties["memberOf"][0]
and you get a string object with all ADObjects your group is member of.
并获得一个字符串对象,其中包含您的组所属的所有ADObject。
Split it into single AD-Object strings, check if group und you got it.
将其拆分为单个AD-Object字符串,检查是否得到了组。
#2
This code will get you a list of groups from the current logged on user, it is faster than querying the domain controller for the information because it comes out of the cached security identifer:
此代码将为您提供当前登录用户的组列表,它比查询域控制器的信息更快,因为它来自缓存的安全标识符:
WindowsIdentity currentIdent = WindowsIdentity.GetCurrent();
IdentityReferenceCollection currentGroups = currentIdent.Groups;
List<String> groups = new List<string>();
foreach (IdentityReference indentity in currentGroups)
{
groups.Add(indentity.Translate(typeof(NTAccount)).ToString());
}
#1
Think I've got it on my own:
想想我自己得到了它:
To get all groups a group is member of you can use
要使所有组成为您可以使用的成员
directoryEntry.Properties["memberOf"][0]
and you get a string object with all ADObjects your group is member of.
并获得一个字符串对象,其中包含您的组所属的所有ADObject。
Split it into single AD-Object strings, check if group und you got it.
将其拆分为单个AD-Object字符串,检查是否得到了组。
#2
This code will get you a list of groups from the current logged on user, it is faster than querying the domain controller for the information because it comes out of the cached security identifer:
此代码将为您提供当前登录用户的组列表,它比查询域控制器的信息更快,因为它来自缓存的安全标识符:
WindowsIdentity currentIdent = WindowsIdentity.GetCurrent();
IdentityReferenceCollection currentGroups = currentIdent.Groups;
List<String> groups = new List<string>();
foreach (IdentityReference indentity in currentGroups)
{
groups.Add(indentity.Translate(typeof(NTAccount)).ToString());
}