I have code which as been w开发者_运维问答orking against an older Active Directory server and now I have pointed it to a new Windows Server 2008 AD system. Now the group names are coming back with SIDs and not names. I do not know enough about the AD side to know if there is a way to make the new AD server work like the older AD server.
My code is based on the Active Directory Role Provider for BlogEngine.NET on Codeplex.
http://blogengineadrp.codeplex.com/sourcecontrol/network/Show?projectName=BlogEngineADRP&changeSetId=5843#138380
I believe this the line that I will need to adjust.
IdentityReferenceCollection irc = ExpandTokenGroups(user).Translate(typeof(NTAccount));
Right now ExpandTokenGroups is returning the SID value while Translate has worked to change it into the human readable group name. I would like to know if I should pass in a different type than NTAccount to Translate.
What can I do to get the group name?
There is a nice explanation of a solution at: Translating Between Names and SIDs.
Basically, you call the LsaLookupSids function call.
Hope this helps!
This is my solution in C# which is not optimal but it is working.
public override string[] GetRolesForUser(string username)
{
// list to store names of roles
List<String> roles = new List<string>();
// get the user directory entry
DirectoryEntry user = getUser(username);
foreach (String prop in user.Properties["memberOf"])
{
if (prop.IndexOf("CN=") == 0 && prop.IndexOf(",") != -1)
{
var groupName = prop.Substring("CN=".Length, prop.IndexOf(",") - "CN=".Length);
roles.Add(groupName);
}
}
return roles.ToArray();
}
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论