我知道 SAMAccountName,现在想用反射(reflect)该用户在整个目录中的组成员资格的条目填充组列表。这是我的开始,但我很困惑:
Dim path As String = WebConfigurationManager.AppSettings("ldapPath")
Dim entry As New DirectoryEntry(path)
Dim search As DirectorySearcher = New DirectorySearcher(entry)
Dim groupList As StringBuilder = New StringBuilder()
search.Filter = "(SAMAccountName=" & _thisUser.UserName & ")"
search.PropertiesToLoad.Add("memberOf")
'search.SearchScope = SearchScope.Subtree
For Each res As SearchResult In search.FindAll
Next ''Just doing this so I can look at "res" objects in debug
我不知道如何遍历它。请问有什么指点吗?
最佳答案
如果您使用的是 .NET 3.5 及更高版本,则应查看 System.DirectoryServices.AccountManagement
(S.DS.AM) 命名空间。在这里阅读所有相关信息:
- Managing Directory Security Principals in the .NET Framework 3.5
- MSDN docs on System.DirectoryServices.AccountManagement
基本上,您可以定义域上下文并在 AD 中轻松找到用户和/或组:
// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, yourSamAccountName);
if(user != null)
{
var groups = user.GetGroups();
// iterate over groups or do whatever else you need to do....
}
}
新的 S.DS.AM 使得在 AD 中与用户和组一起玩真的很容易!
关于vb.net - 在 VB.NET 中查询 LDAP。我有用户帐户,我想要一个用户所在组的列表,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/17530833/