Active Directory Get User's groups using LDAP
通过LDAP查找AD User所属的ADGroupy
1 /// <summary>
2 /// 获得用户所属组的SID
3 /// </summary>
4 /// <code>Comes From http://netwenchao.cnblogs.com</code>
5 /// <returns></returns>
6 public static IEnumerable<string> GetGroupSidsOfUser(string userLoginName, ADOperator operater)
7 {
8 using (DirectorySearcher directorySearcher = new DirectorySearcher(
9 new DirectoryEntry(string.Format("LDAP://{0}", operater.ManageDomainName), operater.UserLogonName, operater.Password, AuthenticationTypes.Secure),
10 string.Format("(&(objectcategory=user)(samaccountname={0}))", GetUserName(userLoginName)),
11 new string[] { ADUserAttributes.SamAccountName }))
12 {
13 var result = directorySearcher.FindOne();
14 if (result != null)
15 {
16 DirectoryEntry directoryEntry = result.GetDirectoryEntry();
17 directoryEntry.RefreshCache(new string[] { ADUserAttributes.TokenGroupsGlobalAndUniversal });
18 for (int index = 0; index < directoryEntry.Properties[ADUserAttributes.TokenGroupsGlobalAndUniversal].Count; index++)
19 {
20 yield return ConvertBinarySidToString((byte[])directoryEntry.Properties[ADUserAttributes.TokenGroupsGlobalAndUniversal][index]);
21 }
22 }
23 }
24 yield break;
25 }
26
27 /// <summary>
28 /// 获得用户所属组的AccountName
29 /// </summary>
30 /// <param name="userLoginName"></param>
31 /// <param name="operater"></param>
32 /// <code>Comes From http://netwenchao.cnblogs.com</code>
33 /// <returns></returns>
34 public static IEnumerable<string> GetGroupsOfUser(string userLoginName, ADOperator operater)
35 {
36 using (DirectorySearcher directorySearcher = new DirectorySearcher(
37 new DirectoryEntry(string.Format("LDAP://{0}", operater.ManageDomainName), operater.UserLogonName, operater.Password, AuthenticationTypes.Secure),
38 "",
39 new string[] { ADUserAttributes.SamAccountName }))
40 {
41 IList<string> groups = new List<string>();
42 SearchResult sr = null;
43 var sids = GetGroupSidsOfUser(userLoginName, operater);
44 if (!sids.Any()) return null;
45 foreach (var sid in sids)
46 {
47 directorySearcher.Filter = string.Format("objectsid={0}", sid);
48 sr = directorySearcher.FindOne();
49 if (null != sr && sr.Properties[ADUserAttributes.SamAccountName].Count > 0) groups.Add(sr.Properties[ADUserAttributes.SamAccountName][0].ToString());
50 }
51 return groups;
52 }
53 }
3 /// </summary>
4 /// <code>Comes From http://netwenchao.cnblogs.com</code>
5 /// <returns></returns>
6 public static IEnumerable<string> GetGroupSidsOfUser(string userLoginName, ADOperator operater)
7 {
8 using (DirectorySearcher directorySearcher = new DirectorySearcher(
9 new DirectoryEntry(string.Format("LDAP://{0}", operater.ManageDomainName), operater.UserLogonName, operater.Password, AuthenticationTypes.Secure),
10 string.Format("(&(objectcategory=user)(samaccountname={0}))", GetUserName(userLoginName)),
11 new string[] { ADUserAttributes.SamAccountName }))
12 {
13 var result = directorySearcher.FindOne();
14 if (result != null)
15 {
16 DirectoryEntry directoryEntry = result.GetDirectoryEntry();
17 directoryEntry.RefreshCache(new string[] { ADUserAttributes.TokenGroupsGlobalAndUniversal });
18 for (int index = 0; index < directoryEntry.Properties[ADUserAttributes.TokenGroupsGlobalAndUniversal].Count; index++)
19 {
20 yield return ConvertBinarySidToString((byte[])directoryEntry.Properties[ADUserAttributes.TokenGroupsGlobalAndUniversal][index]);
21 }
22 }
23 }
24 yield break;
25 }
26
27 /// <summary>
28 /// 获得用户所属组的AccountName
29 /// </summary>
30 /// <param name="userLoginName"></param>
31 /// <param name="operater"></param>
32 /// <code>Comes From http://netwenchao.cnblogs.com</code>
33 /// <returns></returns>
34 public static IEnumerable<string> GetGroupsOfUser(string userLoginName, ADOperator operater)
35 {
36 using (DirectorySearcher directorySearcher = new DirectorySearcher(
37 new DirectoryEntry(string.Format("LDAP://{0}", operater.ManageDomainName), operater.UserLogonName, operater.Password, AuthenticationTypes.Secure),
38 "",
39 new string[] { ADUserAttributes.SamAccountName }))
40 {
41 IList<string> groups = new List<string>();
42 SearchResult sr = null;
43 var sids = GetGroupSidsOfUser(userLoginName, operater);
44 if (!sids.Any()) return null;
45 foreach (var sid in sids)
46 {
47 directorySearcher.Filter = string.Format("objectsid={0}", sid);
48 sr = directorySearcher.FindOne();
49 if (null != sr && sr.Properties[ADUserAttributes.SamAccountName].Count > 0) groups.Add(sr.Properties[ADUserAttributes.SamAccountName][0].ToString());
50 }
51 return groups;
52 }
53 }