I have a C# 4.0 program working that retrieves all the members for a specific AD group. In this AD group are other AD groups containing other members. I need my program to identity that it 开发者_如何学Cis a group and retrieve the members in that group.
I know I need to write a recursive program but I was hoping somebody out there might have already done it. If not, could somebody tell me the AD property attribute to identify that the member is actual a group?
Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement
(S.DS.AM) namespace. Read all about it here:
- Managing Directory Security Principals in the .NET Framework 3.5
- MSDN docs on System.DirectoryServices.AccountManagement
Basically, you can define a domain context and easily find users and/or groups in AD. Also: the GroupPrincipal
has a method called GetMembers
which will list all members of that group - optionally, it will do so recursively for you!
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find the group you're interested in
GroupPrincipal myGroup = GroupPrincipal.FindByIdentity(ctx, "SomeGroup");
// if you found it - get its members
if (myGroup != null)
{
// if your call the GetMembers, you can optionally specify a "Recursive" flag - done here
var allMembers = myGroup.GetMembers(true);
}
The new S.DS.AM makes it really easy to play around with users and groups in AD!
Assuming you're using the LDAP view into ActiveDirectory, the attribute you're looking for is called "objectClass". A group shows up with an objectClass of "groupOfNames", I believe; possibly "group". Alternatively, just look to see if the object has any "member"s, regardless of object class, and if it does, assume it's some sort of group and recurse.
精彩评论