开发者

Active Directory nested groups

I have a C# 4.0 program working that retrieves all the members for a specific AD group. In this AD group are other AD groups containing other members. I need my program to identity that it 开发者_如何学Cis a group and retrieve the members in that group.

I know I need to write a recursive program but I was hoping somebody out there might have already done it. If not, could somebody tell me the AD property attribute to identify that the member is actual a group?


Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

  • Managing Directory Security Principals in the .NET Framework 3.5
  • MSDN docs on System.DirectoryServices.AccountManagement

Basically, you can define a domain context and easily find users and/or groups in AD. Also: the GroupPrincipal has a method called GetMembers which will list all members of that group - optionally, it will do so recursively for you!

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find the group you're interested in
GroupPrincipal myGroup = GroupPrincipal.FindByIdentity(ctx, "SomeGroup");

// if you found it - get its members
if (myGroup != null)
{
   // if your call the GetMembers, you can optionally specify a "Recursive" flag - done here
   var allMembers = myGroup.GetMembers(true);
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!


Assuming you're using the LDAP view into ActiveDirectory, the attribute you're looking for is called "objectClass". A group shows up with an objectClass of "groupOfNames", I believe; possibly "group". Alternatively, just look to see if the object has any "member"s, regardless of object class, and if it does, assume it's some sort of group and recurse.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜