Finding users that are members of two active directory groups

前端未结

关注

 3  1031

你的背包 2020-12-20 02:42

I need to find all users that are members of two groups (GroupA and GroupB). I also need to take into account nested groups. What is the best way to do this?

I kno

3条回答

猫巷女王i (楼主)

2020-12-20 03:33

Is there a requirement that you use ldap search to do this? The WindowsPrincipal.IsInRole() method will test for membership both directly and via a nested group - at least it did for the test I ran.

This code tests the current thread's identity against GroupA and GroupB but you could use a similar approach to enumerate the members of GroupA and then test each of those against GroupB by calling IsInRole...

AppDomain myDomain = Thread.GetDomain();

myDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);

WindowsPrincipal myPrincipal = (WindowsPrincipal)Thread.CurrentPrincipal;

NTAccount groupA = new NTAccount("Domain\\GroupA");

SecurityIdentifier sidGroupA = (SecurityIdentifier)groupA.Translate(typeof(SecurityIdentifier));

bool inGroupA = myPrincipal.IsInRole(sidGroupA);

NTAccount groupB = new NTAccount("Domain\\GroupB");

SecurityIdentifier sidGroupB = (SecurityIdentifier)groupB.Translate(typeof(SecurityIdentifier));

bool inGroupB = myPrincipal.IsInRole(sidGroupB);

Console.WriteLine("{0}, {1}", groupA, inGroupA);

Console.WriteLine("{0}, {1}", groupB, inGroupB);

Console.ReadLine();

0 讨论(0)

查看其它3个回答