问题
Possible Duplicate:
How can I get DOMAIN\USER from an AD DirectoryEntry?
Here is what I have right now:
DirectoryEntry de = new DirectoryEntry("LDAP://" + domain);
SearchResult result;
DirectorySearcher search = new DirectorySearcher(de);
search.Filter = String.Format("(cn={0})", groupName);
search.PropertiesToLoad.Add("member");
result = search.FindOne();
Note that groupName (which a parameter passed into the method representing the name of the group to search in) can be a universal group, which means it might contain accounts from other domains.
Which property in the searchresultcollection should I use to find the domain the account originates from, or even better is there a webpage that has a list of all the properties available to this particular collection?
回答1:
The distinguishedName property of any AD object should always contain the full LDAP compatible path to that object, e.g.
CN=John Doe,OU=Marketing,OU=IntlSales,DC=YourMegaCorp,DC=com
Based on that DN you can figure out the domain (DC=YourMegaCorp,DC=com) that this user came from. I don't think there's any other (default) AD attribute that would give you just the domain, though - you'll need to "crack and parse" that DN to get the info you need.
来源:https://stackoverflow.com/questions/8289574/determine-the-domain-of-a-user-in-an-active-directory-search-result