通过LDAP查找AD User所属的ADGroupy
1 /// <summary>
2
///
获得用户所属组的SID
3 /// </summary>
4 /// <code> Comes From http://netwenchao.cnblogs.com </code>
5 /// <returns></returns>
6 public static IEnumerable< string > GetGroupSidsOfUser( string userLoginName, ADOperator operater)
7 {
8 using (DirectorySearcher directorySearcher = new DirectorySearcher(
9 new DirectoryEntry( string .Format( " LDAP://{0} " , operater.ManageDomainName), operater.UserLogonName, operater.Password, AuthenticationTypes.Secure),
10 string .Format( " (&(objectcategory=user)(samaccountname={0})) " , GetUserName(userLoginName)),
11 new string [] { ADUserAttributes.SamAccountName }))
12 {
13 var result = directorySearcher.FindOne();
14 if (result != null )
15 {
16 DirectoryEntry directoryEntry = result.GetDirectoryEntry();
17 directoryEntry.RefreshCache( new string [] { ADUserAttributes.TokenGroupsGlobalAndUniversal });
18 for ( int index = 0 ; index < directoryEntry.Properties[ADUserAttributes.TokenGroupsGlobalAndUniversal].Count; index++)
19 {
20 yield return ConvertBinarySidToString(( byte [])directoryEntry.Properties[ADUserAttributes.TokenGroupsGlobalAndUniversal][index]);
21 }
22 }
23 }
24 yield break ;
25 }
26
27 /// <summary>
28 /// 获得用户所属组的AccountName
29 /// </summary>
30 /// <param name="userLoginName"></param>
31 /// <param name="operater"></param>
32 /// <code> Comes From http://netwenchao.cnblogs.com </code>
33 /// <returns></returns>
34 public static IEnumerable< string > GetGroupsOfUser( string userLoginName, ADOperator operater)
35 {
36 using (DirectorySearcher directorySearcher = new DirectorySearcher(
37 new DirectoryEntry( string .Format( " LDAP://{0} " , operater.ManageDomainName), operater.UserLogonName, operater.Password, AuthenticationTypes.Secure),
38 "" ,
39 new string [] { ADUserAttributes.SamAccountName }))
40 {
41 IList< string > groups = new List< string >();
42 SearchResult sr = null ;
43 var sids = GetGroupSidsOfUser(userLoginName, operater);
44 if (!sids.Any()) return null ;
45 foreach ( var sid in sids)
46 {
47 directorySearcher.Filter = string .Format( " objectsid={0} " , sid);
48 sr = directorySearcher.FindOne();
49 if ( null != sr && sr.Properties[ADUserAttributes.SamAccountName].Count > 0 ) groups.Add(sr.Properties[ADUserAttributes.SamAccountName][ 0 ].ToString());
50 }
51 return groups;
52 }
53 }
3 /// </summary>
4 /// <code> Comes From http://netwenchao.cnblogs.com </code>
5 /// <returns></returns>
6 public static IEnumerable< string > GetGroupSidsOfUser( string userLoginName, ADOperator operater)
7 {
8 using (DirectorySearcher directorySearcher = new DirectorySearcher(
9 new DirectoryEntry( string .Format( " LDAP://{0} " , operater.ManageDomainName), operater.UserLogonName, operater.Password, AuthenticationTypes.Secure),
10 string .Format( " (&(objectcategory=user)(samaccountname={0})) " , GetUserName(userLoginName)),
11 new string [] { ADUserAttributes.SamAccountName }))
12 {
13 var result = directorySearcher.FindOne();
14 if (result != null )
15 {
16 DirectoryEntry directoryEntry = result.GetDirectoryEntry();
17 directoryEntry.RefreshCache( new string [] { ADUserAttributes.TokenGroupsGlobalAndUniversal });
18 for ( int index = 0 ; index < directoryEntry.Properties[ADUserAttributes.TokenGroupsGlobalAndUniversal].Count; index++)
19 {
20 yield return ConvertBinarySidToString(( byte [])directoryEntry.Properties[ADUserAttributes.TokenGroupsGlobalAndUniversal][index]);
21 }
22 }
23 }
24 yield break ;
25 }
26
27 /// <summary>
28 /// 获得用户所属组的AccountName
29 /// </summary>
30 /// <param name="userLoginName"></param>
31 /// <param name="operater"></param>
32 /// <code> Comes From http://netwenchao.cnblogs.com </code>
33 /// <returns></returns>
34 public static IEnumerable< string > GetGroupsOfUser( string userLoginName, ADOperator operater)
35 {
36 using (DirectorySearcher directorySearcher = new DirectorySearcher(
37 new DirectoryEntry( string .Format( " LDAP://{0} " , operater.ManageDomainName), operater.UserLogonName, operater.Password, AuthenticationTypes.Secure),
38 "" ,
39 new string [] { ADUserAttributes.SamAccountName }))
40 {
41 IList< string > groups = new List< string >();
42 SearchResult sr = null ;
43 var sids = GetGroupSidsOfUser(userLoginName, operater);
44 if (!sids.Any()) return null ;
45 foreach ( var sid in sids)
46 {
47 directorySearcher.Filter = string .Format( " objectsid={0} " , sid);
48 sr = directorySearcher.FindOne();
49 if ( null != sr && sr.Properties[ADUserAttributes.SamAccountName].Count > 0 ) groups.Add(sr.Properties[ADUserAttributes.SamAccountName][ 0 ].ToString());
50 }
51 return groups;
52 }
53 }