我编写了一些代码来获取组和嵌套组的所有用户.我还想确保如果组成员资格通过让第一个组成为最后一个组的成员而导致循环,则不会发生循环.
我写的代码工作正常,但有点慢.
这是我第一次尝试做AD查看.
有人可以看看,告诉我代码是好看还是坏编码(或者更糟糕),或者我的方法是错误的?
using System; using System.Collections.Generic; using System.Text; using System.DirectoryServices; using System.IO; namespace Tester3 { class Program3 { public static List<string> appGroupList = new List<string>(); public static List<string> userList = new List<string>(); public static List<string> groupList = new List<string>(); public static List<string> groupChecked = new List<string>(); static void Main(string[] args) { // Create Output File StreamWriter outputfile = new StreamWriter("output.txt",false); appGroupList.Add("GLB-SBCCitrixHelpdesk-DL"); appGroupList.Add("SBC_UKBSAVIA001_PROD_ROL_Siebel"); foreach (string appGroup in appGroupList) { string appGroupCN = GetCN(appGroup); GetMembers(appGroupCN); groupChecked.Clear(); } foreach (string item in userList) { Console.WriteLine(item); outputfile.WriteLine(item); } outputfile.Flush(); outputfile.Close(); Console.ReadLine(); } private static string GetCN(string group) { string groupCN = string.Empty; try { using (DirectorySearcher search = new DirectorySearcher()) { search.Filter = "(&(cn=" + group + ")(objectClass=group))"; search.PropertiesToLoad.Add("CN"); SearchResult result = search.FindOne(); if (result != null) { groupCN = result.Properties["adsPath"][0].ToString(); groupCN = groupCN.Replace("LDAP://",""); } return groupCN; } } catch (Exception) { return groupCN; } } public static void GetMembers(string group) // get members using the groups full cn { // Check if group has already been checked if (groupChecked.Contains(group)) { return; } // Add group to groupChecked list groupChecked.Add(group); try { // Connect to group object using (DirectoryEntry groupObject = new DirectoryEntry("LDAP://" + group)) { // Get member of group object PropertyValueCollection col = groupObject.Properties["member"] as PropertyValueCollection; // Loop through each member foreach (object member in col) { // Connect to member object using (DirectoryEntry memberObject = new DirectoryEntry("LDAP://" + member)) { // Get class of member object string memberClass = memberObject.Properties["objectClass"][1].ToString(); string memberCN = memberObject.Properties["Name"][0].ToString(); if (!groupChecked.Contains(member.ToString())) { if (memberClass.ToLower() == "group") { GetMembers(member.ToString()); } else { userList.Add(memberCN); } } else { if (memberClass.ToLower() != "group") { userList.Add(memberCN); } } } } } } catch (Exception) { } } } }
解决方法
如果您使用的是.NET 3.5及更高版本,则应该查看System.DirectoryServices.AccountManagement(S.DS.AM)命名空间.在这里阅读所有相关内容:
> Managing Directory Security Principals in the .NET Framework 3.5
> MSDN docs on System.DirectoryServices.AccountManagement
基本上,您可以定义域上下文并轻松查找AD中的用户和/或组:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx,"SomeUserName");
if(user != null)
{
// get a user's group memberships
foreach(Principal principal in me.GetGroups())
{
GroupPrincipal gp = (principal as GroupPrincipal);
if(gp != null)
{
// do something with the group
}
}
}
新的S.DS.AM使得在AD中与用户和组玩游戏变得非常容易.对.GetGroups()的调用也会为你处理嵌套组成员资格的所有问题等等 – 不再需要处理那些麻烦了!
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
