问题描述
我有一个关于确定帐户名称类型(用户或组)的问题.
例如,我有两个字符串,比如Adventure-worksdavid"和Adventure-worksadmins",第一个代表名为 david 的用户,第二个代表一个 AD 组.
I have a question about determining the type (User or Group) of a account name.
For example, I have two strings, say "Adventure-worksdavid" and "Adventure-worksadmins",
the first represents a user named david, and the second represents an AD group.
我的问题是如何确定这些帐户的类型(用户或 AD 组)?有什么方便的方法可以用吗?
My question is how can I determin the type(User or AD group) of these account? Are there convenient method I can use?
感谢任何评论.谢谢.
推荐答案
您使用的是哪个版本的 .NET?
What version of .NET are you on??
如果您使用 .NET 3.5,请参阅这篇优秀的MSDN 文章,了解如何Active Directory 界面发生了很大变化.
If you're on .NET 3.5, see this excellent MSDN article on how the Active Directory interface has changed quite a bit.
如果你使用 .NET 3.5,你可以写:
If you're on .NET 3.5, you could write:
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN");
Principal myObject = Principal.FindByIdentity(ctx, "your name value");
通常,您必须只传入用户名 - 反斜杠后的部分 - 而不是整个 DOMAINUSERNAME 字符串.
Typically, you'd have to pass in just the user name - the part after the backslash - not the whole DOMAINUSERNAME string.
这个主体"现在要么是 UserPrincipal
要么是 GroupPrincipal
(或者它可以是其他类型的主体,例如 ComputerPrincipal
):
This "Principal" now either is a UserPrincipal
or a GroupPrincipal
(or it could some other type of principal, e.g. ComputerPrincipal
):
if(myObject is UserPrincipal)
{
// you have a user
}
else if(myObject is GroupPrincipal)
{
// you have a group
}
你可以从那里继续.
如果您使用的是 .NET 1.x/2.0/3.0,则必须使用稍微复杂一点的过程来创建 DirectorySearcher
并搜索您的对象:
If you're on .NET 1.x/2.0/3.0, you'd have to use the slightly more involved procedure of creating a DirectorySearcher
and searching for your object:
// create root DirectoryEntry for your search
DirectoryEntry deRoot = new DirectoryEntry("LDAP://dc=YourCompany,dc=com");
// create searcher
DirectorySearcher ds = new DirectorySearcher(deRoot);
ds.SearchScope = SearchScope.Subtree;
// define LDAP filter - all you can specify is the "anr" (ambiguous name
// resolution) attribute of the object you're looking for
ds.Filter = string.Format("(anr={0})", "YourNameValue");
// define properties you want in search result(s)
ds.PropertiesToLoad.Add("objectCategory");
ds.PropertiesToLoad.Add("displayName");
// search
SearchResult sr = ds.FindOne();
// check if we get anything back, and if we can check the "objectCategory"
// property in the search result
if (sr != null)
{
if(sr.Properties["objectCategory"] != null)
{
// objectType will be "Person" or "Group" (or something else entirely)
string objectType = sr.Properties["objectCategory"][0].ToString();
}
}
马克
这篇关于如何确定帐户的类型(AD 用户与 AD 组)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!