active-directory

问题 Very simple question actually: I currently have IIS anonymous access disabled, users are automatically logged on using their Windows login. However calling User.IsInRole("Role name") returns false. I double-checked User.Identity.Name() and the "Role name" and it should return true. I currently have this in my Web.Config: UPDATE I was calling User.IsInRole("Role name") where I should call User.IsInRole("DOMAIN\Role name") However I still like to know if the <membership> entry is needed at all?

问题 How can you do an Active Directory lookup via PHP? Without needing to recompile PHP. PHP version is 5.3 I want to find a persons display name from their user name. Web server is IIS 6 and PHP is served using FastCGI. I get the username with: $cred = explode('\\',$_SERVER['REMOTE_USER']); if (count($cred) == 1) array_unshift($cred, "(no domain info - perhaps SSPIOmitDomain is On)"); list($domain, $user) = $cred; return $user; So how can I then find the name? e.g. DoeJ = John Doe Edit: Trying

问题 I need to set up SSL over Active Directory. I googled a lot but could not found a decent write up about how to do this. Please if you know some good resources about this let me know. Thanks! 回答1: Sounds easy - but I ran into quite a few problems getting trusted connections with SSL working in our environment. The article was about ADAM but is just as applicable for AD. In our environment I couldn't install domain-related services like cert-server, nor act as domain-admin. I blogged about how

问题 I have an 'intranet' site that I have built, which has a login system of its own (users register as new users, and use the username/password thereon to login to the site). However, now I want to extend it, and have the intranet site use the existing ActiveDirectory for authentication. This is what I am looking for, going forward - When a user access this intranet site ( http://intranetsite/mySite ), the user's domain credentials are validated against the active directory, and if the user's

问题 I see Active Directory examples that use PrincipalSearcher and other examples that do the same thing but use DirectorySearcher . What is the difference between these two examples? Example using PrincipalSearcher PrincipalContext context = new PrincipalContext(ContextType.Domain); PrincipalSearcher search = new PrincipalSearcher(new UserPrincipal(context)); foreach( UserPrincipal user in search.FindAll() ) { if( null != user ) Console.WriteLine(user.DistinguishedName); } Example using

问题 I want to add/update data of Active Directory located on another server. I have server details but I don't know how to do it. However, I know how to add/update data if I run PowerShell Script from same server. Here is my code which work if I add/update data by PowerShell Script located to same server. Can anybody please suggest me how can I add/update data to Active Directory located on another server? Code # Import active directory module for running AD cmdlets Import-Module activedirectory

问题 I have come across a very strange situation in PS. In a script I have, there is a cmdlet ( Get-Mailbox ) which pulls back a few mailboxes and stores them in $mailboxes . I then loop through this as follows to find a matching AD account. foreach ($user in $mailboxes) { Get-ADUser -Filter {UserPrincipalName -eq $user.UserPrincipalName} } When I run this it errors saying that it can't find the property UserPrincipalName on $user . I have debugged the script and tested it thoroughly. At the point

问题 This question already has answers here : Closed 8 years ago . Possible Duplicate: How can I get DOMAIN\USER from an AD DirectoryEntry? Here is what I have right now: DirectoryEntry de = new DirectoryEntry("LDAP://" + domain); SearchResult result; DirectorySearcher search = new DirectorySearcher(de); search.Filter = String.Format("(cn={0})", groupName); search.PropertiesToLoad.Add("member"); result = search.FindOne(); Note that groupName (which a parameter passed into the method representing

问题 I have a question about "Authorization Request Denied - Insufficient privileges to complete the operation" message that I keep getting back from my requests to Windows Graph API. Specifically, I'm working in Azure cloud. I have an iOS mobile app that invokes an API. I have turned on "Authentication for Active Directory" in my Portal. Then, on the client side (iOS): [self.todoService.client loginWithProvider:@"windowsazureactivedirectory" controller:self animated:YES completion:^(MSUser *user,

问题 Is there a .NET library for LDAP paths manipulations? I would like to have something equivalent to System.IO.Path , allowing e.g. to do something like string ou1 = LDAPPath.Combine("OU=users","DC=x,DC=y"); string ou2 = LDAPPath.Parent("CN=someone,OU=users,DC=x,DC=y"); Otherwise, what's the common way to deal with LDAP distinguished names in .NET? To clarify my question : I'm not asking about "directory services in .NET" in general; I've already worked with that and done some programs to