get local groups and not the primary groups for a domain user
i have a code to get the groups a user belongs to.
try
{
DirectoryEntry adRoot = new DirectoryEntry(string.Format("WinNT://{0}", Environment.UserDomainName));
DirectoryEntry user = adRoot.Children.Find(completeUserName, "User");
object obGroups = user.Invoke("Groups");
foreach (object ob in (IEnumerable)obGroups)
{
// Create object for each group.
DirectoryEntry obGpEntry = new DirectoryEntry(ob);
listOfMyWindowsGroups.Add(obGpEntry.Name);
}
return true;
}
catch (Exception ex)
{
new GUIUtility().LogMessageToFile("Error in getting User MachineGroups = " + ex);
return false;
}
the above code works fine when i have to find the groups of a local user but
for a domain user it returns a value "Domain User" which is kind of wierd as it is a part of 2 local groups.
Please can some1 help in solving this mystery. thanks
Research
I did some finding and got that i am being returned the primary group of the domain user
called "Domain User" group
but what i actually want is the groups of the local machines the domain user is a part of... i cannot get that.. any suggestions
another code using LDAP
string domain = Environment.UserDomainName;
DirectoryEntry DE = new DirectoryEntry("LDAP://" + domain, null, null, AuthenticationTypes.Secure);
DirectorySearcher se开发者_运维问答arch = new DirectorySearcher();
search.SearchRoot = DE;
search.Filter = "(SAMAccountName=" + completeUserName + ")"; //Searches active directory for the login name
search.PropertiesToLoad.Add("displayName"); // Once found, get a list of Groups
try
{
SearchResult result = search.FindOne(); // Grab the records and assign them to result
if (result != null)
{
DirectoryEntry theUser = result.GetDirectoryEntry();
theUser.RefreshCache(new string[] { "tokenGroups" });
foreach (byte[] resultBytes in theUser.Properties["tokenGroups"])
{
System.Security.Principal.SecurityIdentifier mySID = new System.Security.Principal.SecurityIdentifier(resultBytes, 0);
DirectorySearcher sidSearcher = new DirectorySearcher();
sidSearcher.SearchRoot = DE;
sidSearcher.Filter = "(objectSid=" + mySID.Value + ")";
sidSearcher.PropertiesToLoad.Add("distinguishedName");
SearchResult sidResult = sidSearcher.FindOne();
if (sidResult != null)
{
listOfMyWindowsGroups.Add((string)sidResult.Properties["distinguishedName"][0]);
}
}
}
else
{
new GUIUtility().LogMessageToFile("no user found");
}
return true;
}
catch (Exception ex)
{
new GUIUtility().LogMessageToFile("Error obtaining group names: " + ex.Message + " Please contact your administrator."); // If an error occurs report it to the user.
return false;
}
this works too but i get the same result "Domain Users" . Please can some1 tell me how to get the local machine groups...????
If you are using .NET 3.5, you can use System.DirectoryService.AccountManagement to do all the user and group management. In particular, UserPrincipal.GetAuthorizationGroups is exactly what you are looking for. It retrieves both local group and machine group for a particular users. If the group is a local group, GroupPrincipal.Context.Name is showing the machine name where the group come from. If the group is a domain group, GroupPrincipal.Context.Domain is showing the domain name where the group comes from.
PrincipalContext context = new PrincipalContext(ContextType.Domain, "yourdomain.com");
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, "youruser");
foreach (GroupPrincipal group in userPrincipal.GetAuthorizationGroups())
{
Console.Out.WriteLine("{0}\\{1}", group.Context.Name, group.SamAccountName);
}
I would say the problem is that you're search is starting in the domain. You want to change the location of the search to the local machine.
Something like this would do it;
DirectoryEntry AD = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");
加载中,请稍侯......
精彩评论