利用递归获取AD中的用户所在的组
AD中的组信息实际上并没有逻辑关系,因为一个用户可能在多个组中,一个组可能同时属于多个组,所以想到了用递归。
1 public class ADAccess
2 {
3 public StringBuilder GroupInfo { get; set; }
4 public ADAccess()
5 {
6 this.GroupInfo = new StringBuilder();
7 }
8 public void GetGroupsByUser(DirectoryEntry root, string userName)
9 {
10 List<string> uppers = GetGroups(root, TypeHelper.ADType.user, userName);
11 foreach (string up in uppers)
12 {
13 if (!GroupInfo.ToString().Contains(up))
14 GroupInfo.Append(up + ";");
15 GetUserGroups(root, up);
16 }
17 }
18 public void GetUserGroups(DirectoryEntry root, string groupName)
19 {
20 List<string> uppers = GetGroups(root, TypeHelper.ADType.group, groupName);
21 foreach (string up in uppers)
22 {
23 if (!GroupInfo.ToString().Contains(up))
24 GroupInfo.Append(up + ";");
25 GetUserGroups(root, up);
26 }
27 }
28 public string SplitString(string group)
29 {
30 string[] groups = group.Split(new char[] { ',' });
31 return groups[0];
32 }
33 public List<string> GetGroups(DirectoryEntry root, TypeHelper.ADType adType, string name)
34 {
35 List<string> groups = new List<string>();
36 DirectorySearcher searcher = new DirectorySearcher(root);
37 if(adType==TypeHelper.ADType.user)
38 searcher.Filter = "(&(objectClass=user) (cn=" + name + "))";
39 else if(adType==TypeHelper.ADType.group)
40 searcher.Filter = "(&(objectClass=group) (" + name + "))";
41 foreach (SearchResult result in searcher.FindAll())
42 {
43 DirectoryEntry group = result.GetDirectoryEntry();
44 if (group.Properties.Contains("memberOf"))
45 {
46 if (group.Properties["memberOf"].Count == 1)
47 groups.Add(SplitString(group.Properties["memberOf"].Value.ToString()));
48 else
49 {
50 foreach (object obj in (object[])group.Properties["memberOf"].Value)
51 {
52 groups.Add(SplitString(obj.ToString()));
53 }
54 }
55 }
56 }
57 return groups;
58 }
59 }
浙公网安备 33010602011771号