问题
i found this post to get the security groups of a user.
I had to change it a bit so it looks like this:
public List<GroupPrincipal> GetGroups(string userName, string userPassword, string userDomain)
{
List<GroupPrincipal> result = new List<GroupPrincipal>();
// establish domain context
PrincipalContext yourDomain = new PrincipalContext(ContextType.Domain, userDomain, userName, userPassword);
// find your user
UserPrincipal user = UserPrincipal.FindByIdentity(yourDomain, IdentityType.SamAccountName, userName);
// if found - grab its groups
if (user != null)
{
PrincipalSearchResult<Principal> groups = user.GetAuthorizationGroups();
// iterate over all groups
foreach (Principal p in groups)
{
// make sure to add only group principals
if (p is GroupPrincipal)
{
result.Add((GroupPrincipal)p);
}
}
}
return result;
}
Unfortunately I now get every security group in the AD and not only the ones the user is in. My user is in 10 groups but it returns 71. I had to submit username and password or else I would not be allowed to look up the groups. It is an administrative account on a different domain so I couldn't use the current credentials.
If you need more info please let me know.
Greetings and thanks in advance IG
回答1:
Is there a chance that the 10 groups are members of other groups? According to the documentation:
UserPrincipal.GetAuthorizationGroups Method
This method searches all groups recursively and returns the groups in which the user is a member. The returned set may also include additional groups that system would consider the user a member of for authorization purposes.
来源:https://stackoverflow.com/questions/19178866/getauthorizationgroups-returns-more-groups-than-my-user-is-in