开发者

Given a GUID representing a user in Active Directory, how would I use this to determine the distinguished name?

问答 作者:

Given a GUID representing a user in Active Directory, how would I use this to determine the user's "distinguished name" using C#?

The GUID is retrieved earlier in our application using directoryEntry.G开发者_Python百科uid; MSDN Link

As you've made it clear a GUID is what you're searching on, try this:

using System;
using System.DirectoryServices.AccountManagement;

public static class DomainHelpers
{    
    public string GetDistinguishedName(string domain, string guid)
    {
        var context = new PrincipalContext(ContextType.Domain, domain); 
        var userPrincipal  = UserPrincipal.FindByIdentity(context, IdentityType.Guid, guid);

        return userPrincipal.DistinguishedName;
    }
}

I've used this with IdentityType.Name so can't be sure it'll work for IdentityType.Guid, but it's worth a try.

You can get the distinguishedName from the DirectoryEntry directly: 

public string GetDN(DirectoryEntry de)  
{  
    return de.Properties["distinguishedName"].Value.ToString();  
}

If you still need to bind via GUID you can do that as well:

public string GetDNviaGUID(Guid queryGuid)  
{  
    DirectoryEntry de = new DirectoryEntry("LDAP://<GUID=" + queryGuid + ">");  
    return de.Properties["distinguishedName"].Value.ToString();
}

The following properties and methods don't work when you bind via GUID or SID: ADsPath, Name, Parent, GetObject, Create, Delete, CopyHere, MoveHere.

You can get around this by retrieving the object via GUID, getting its distinguished name, and then binding using the DN.

You do not. The GUID is not a conversion to start with, it is totally random unique.

Basically, you have to have your SID, then CALL into active diretory and get the User object that has the same sid, then read out the distinguished name from that. Note that this is not a CONVERSION, o that is why the answer is no.

if a conversion back would be possible, the SID would be useless for conversion purposes, as I could always generate a SID from your distinguished name, which is - within the domain - public.

继续阅读:.netactive-directory

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9