c++ - 需要检索用户所属的所有组......在 C++ 中

Question

我需要找到特定用户所属的所有组。我使用的是 C++，而不是 Powershell，如果这是错误的论坛，我深表歉意。

根据我在 Web 上找到的内容，我需要检索 memberOf 属性，但我收到该属性不存在的错误消息。任何帮助，将不胜感激。这是代码:

HRESULT hrObj = E_FAIL;
HRESULT hr = E_FAIL;
ADS_SEARCHPREF_INFO SearchPrefs;
//  COL for iterations
ADS_SEARCH_COLUMN col;
//  Handle used for searching
ADS_SEARCH_HANDLE hSearch;

//  Search entire subtree from root.
SearchPrefs.dwSearchPref = ADS_SEARCHPREF_SEARCH_SCOPE;
SearchPrefs.vValue.dwType = ADSTYPE_INTEGER;
SearchPrefs.vValue.Integer = ADS_SCOPE_SUBTREE;

//  Set the search preference.
DWORD dwNumPrefs = 1;
hr = pSearchBase->SetSearchPreference(&SearchPrefs, dwNumPrefs);
if (FAILED(hr))
{
    return hr;
}

//  Create search filter.
LPWSTR pszFormat = L"(&(objectCategory=person)(objectClass=user)(sAMAccountName=%s))";
int len = wcslen(pszFormat) + wcslen(szFindUser) + 1;
LPWSTR pszSearchFilter = new WCHAR[len];
if(NULL == pszSearchFilter)
{
    return E_OUTOFMEMORY;
}

swprintf_s(pszSearchFilter, len, pszFormat, szFindUser);

//  Set attributes to return.
LPWSTR pszAttribute[NUM_ATTRIBUTES] = {L"ADsPath"};

//  Execute the search.
hr = pSearchBase->ExecuteSearch(pszSearchFilter,
                                pszAttribute,
                                NUM_ATTRIBUTES,
                                &hSearch);
if (SUCCEEDED(hr))
{    
    //  Call IDirectorySearch::GetNextRow() to retrieve the next row of data.
    while(pSearchBase->GetNextRow(hSearch) != S_ADS_NOMORE_ROWS)
    {
        //  Loop through the array of passed column names and
        //  print the data for each column.
        for (DWORD x = 0; x < NUM_ATTRIBUTES; x++)
        {
            //  Get the data for this column.
            hr = pSearchBase->GetColumn(hSearch, pszAttribute[x], &col);
            if (SUCCEEDED(hr))
            {
                //  Print the data for the column and free the column.
                //  Be aware that the requested attribute is type CaseIgnoreString.
                if (ADSTYPE_CASE_IGNORE_STRING == col.dwADsType)
                {
                    IADs *pADS;
                    hr = ADsOpenObject( col.pADsValues->CaseIgnoreString,
                        L"Administrator",
                        L"passW0rd",
                        ADS_SECURE_AUTHENTICATION,
                        IID_IADs,
                        (void**)&pADS);

                    VARIANT var;
                    VariantInit(&var);
                    if (SUCCEEDED(hr))
                    {
                        hr = pADS->GetEx(L"memberOf", &var);  <-- FAILS!!!
                        wprintf(L"Found User.\n",szFindUser); 
                        wprintf(L"%s: %s\r\n",pszAttribute[x],col.pADsValues->CaseIgnoreString); 
                        hrObj = S_OK;
                    }
                }

                pSearchBase->FreeColumn( &col );
            }
            else
            {
                hr = E_FAIL;
            }
        }
    }
    //  Close the search handle to cleanup.
    pSearchBase->CloseSearchHandle(hSearch);
}

delete pszSearchFilter;

if (FAILED(hrObj))
{
    hr = hrObj;
}

Answer 1

除非您打算直接使用 AD，否则使用 Windows Net* 函数可能更容易:

#include <windows.h>
#include <lm.h>
#include <stdio.h>

int main() {
    wchar_t user[256];
    DWORD size = sizeof(user)/sizeof(user[0]);
    GetUserNameW(user, &size);

    printf("User: %S\n", user);

    printf("Local groups: \n");

    LPBYTE buffer;
    DWORD entries, total_entries;

    NetUserGetLocalGroups(NULL, user, 0, LG_INCLUDE_INDIRECT, &buffer, MAX_PREFERRED_LENGTH, &entries, &total_entries);

    LOCALGROUP_USERS_INFO_0 *groups = (LOCALGROUP_USERS_INFO_0*)buffer;
    for (int i=0; i<entries; i++)
        printf("\t%S\n", groups[i].lgrui0_name);
    NetApiBufferFree(buffer);

    printf("Global groups: \n");

    NetUserGetGroups(NULL, user, 0, &buffer, MAX_PREFERRED_LENGTH, &entries, &total_entries);

    GROUP_USERS_INFO_0 *ggroups = (GROUP_USERS_INFO_0*)buffer;
    for (int i=0; i<entries; i++)
        printf("\t%S\n", ggroups[i].grui0_name);
    NetApiBufferFree(buffer);

    return 0;
}