如何判断用户是否为AD域组成员
如何判断用户是否属于某个域组中成员呢,查了很多资料.下面将找到的资料共享下.
UserisGroupMember(UserLogin, RoleName) 用来判断用户是否为域组成员
注: 由于域组存在嵌套在其他域组的情况,我们需要进行遍历操作.
Code
private static string ADPath = "LDAP://domain";
/**//// <summary>
/// 判断用户是否为域组成员
/// </summary>
/// <param name="UserLogin">用户名</param>
/// <param name="RoleName">域组名</param>
/// <returns></returns>
private static bool UserisGroupMember(string UserLogin, string RoleName)
{
DirectoryEntry entry = new DirectoryEntry(ADPath);
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.Filter = string.Format("(&(objectClass=user)(sAMAccountName={0})) ", UserLogin);
mySearcher.PropertiesToLoad.Add("memberof");
SearchResult mysr = mySearcher.FindOne();
if (mysr.Properties.Count > 1) // 返回两个属性,一个是内置的adspath,另一个是PropertiesToLoad加载的
{
string[] memberof = new string[mysr.Properties["memberof"].Count];
int i = 0;
foreach (Object myColl in mysr.Properties["memberof"])
{
memberof[i] = myColl.ToString().Substring(3, myColl.ToString().IndexOf(",") - 3);
if (memberof[i] == RoleName)
return true;
i++;
}
//其实这一层循环是广度优先算法,因为考虑到一个人直接属于某个安全组的可能性要大一些,这样做效率更高.如果把下面这个循环放到上面的if的esle中,就是完全的深度优先了.
foreach (string GroupName in memberof)
{
if (MemberisGroupMember(GroupName, RoleName))
return true;
}
}
return false;
}
private static bool MemberisGroupMember(string GroupName, string RoleName)
{
bool isfind = false;
DirectoryEntry entry = new DirectoryEntry(ADPath);
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.Filter = string.Format("(&(objectClass=group)(CN={0})) ", GroupName);
mySearcher.PropertiesToLoad.Add("memberof");
SearchResult mysr = mySearcher.FindOne();
string memberof;
try
{
if (mysr.Properties.Count > 1) // 返回两个属性,一个是内置的adspath,另一个是PropertiesToLoad加载的
{
foreach (Object myColl in mysr.Properties["memberof"])
{
memberof = myColl.ToString().Substring(3, myColl.ToString().IndexOf(",") - 3);
if (memberof == RoleName)
{
isfind = true;
break;
}
else if (MemberisGroupMember(memberof, RoleName))
{
isfind = true;
break;
}
}
}
}
catch (Exception ex)
{ }
return isfind;
}
UserisGroupMember(UserLogin, RoleName) 用来判断用户是否为域组成员
注: 由于域组存在嵌套在其他域组的情况,我们需要进行遍历操作.
Code private static string ADPath = "LDAP://domain"; /**//// <summary> /// 判断用户是否为域组成员 /// </summary> /// <param name="UserLogin">用户名</param> /// <param name="RoleName">域组名</param> /// <returns></returns> private static bool UserisGroupMember(string UserLogin, string RoleName) { DirectoryEntry entry = new DirectoryEntry(ADPath); DirectorySearcher mySearcher = new DirectorySearcher(entry); mySearcher.Filter = string.Format("(&(objectClass=user)(sAMAccountName={0})) ", UserLogin); mySearcher.PropertiesToLoad.Add("memberof"); SearchResult mysr = mySearcher.FindOne(); if (mysr.Properties.Count > 1) // 返回两个属性,一个是内置的adspath,另一个是PropertiesToLoad加载的 { string[] memberof = new string[mysr.Properties["memberof"].Count]; int i = 0; foreach (Object myColl in mysr.Properties["memberof"]) { memberof[i] = myColl.ToString().Substring(3, myColl.ToString().IndexOf(",") - 3); if (memberof[i] == RoleName) return true; i++; } //其实这一层循环是广度优先算法,因为考虑到一个人直接属于某个安全组的可能性要大一些,这样做效率更高.如果把下面这个循环放到上面的if的esle中,就是完全的深度优先了. foreach (string GroupName in memberof) { if (MemberisGroupMember(GroupName, RoleName)) return true; } } return false; } private static bool MemberisGroupMember(string GroupName, string RoleName) { bool isfind = false; DirectoryEntry entry = new DirectoryEntry(ADPath); DirectorySearcher mySearcher = new DirectorySearcher(entry); mySearcher.Filter = string.Format("(&(objectClass=group)(CN={0})) ", GroupName); mySearcher.PropertiesToLoad.Add("memberof"); SearchResult mysr = mySearcher.FindOne(); string memberof; try { if (mysr.Properties.Count > 1) // 返回两个属性,一个是内置的adspath,另一个是PropertiesToLoad加载的 { foreach (Object myColl in mysr.Properties["memberof"]) { memberof = myColl.ToString().Substring(3, myColl.ToString().IndexOf(",") - 3); if (memberof == RoleName) { isfind = true; break; } else if (MemberisGroupMember(memberof, RoleName)) { isfind = true; break; } } } } catch (Exception ex) { } return isfind; }
参考资料:
http://www.cnblogs.com/zyk/archive/2004/11/02/59707.html
