开发者

get user names in an Active Directory Group via .net

开发者 https://www.devze.com 2023-02-08 09:38 出处:网络
The below code gets me the users in the group but it is returned \"CN=johnson\\,Tom,OU=Users,OU=Main,DC=company,DC=com\"

The below code gets me the users in the group but it is returned "CN=johnson\,Tom,OU=Users,OU=Main,DC=company,DC=com"

I want to just return the First and Last name. How can I accomplish this?

DirectoryEntry ou = new DirectoryEntry();
DirectorySearcher src = new DirectorySearcher();

src.Filter = ("(&(objectClass=group)(CN=Gname))");
SearchResult res = src.FindOne();
if (r开发者_如何学运维es != null)
{
    DirectoryEntry deGroup = new DirectoryEntry(res.Path);
    PropertyCollection pcoll = deGroup.Properties;

    foreach (object obj in deGroup.Properties["member"])
    {
            ListBox1.Items.Add(obj.ToString());
    }
}


I prefer using the classes in System.DirectoryServices.AccountManagement:

PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);
GroupPrincipal group = GroupPrincipal.FindByIdentity(principalContext, "GName");

Search through the group.Members property until you have a Principal that you want. Then extract the name like this:

foreach (Principal principal in group.Members)
{
   string name = principal.Name;
}


Using your code, the givenName (first name) and sn (last name) properties should work.

If you use the System.DIrectoryServices.AccountManagement namespace UserPrincipal (as @russell-mcclure suggested), you will find GivenName and Surname properties also.

AccountManagement is very handy unless you have to traverse a trusted forest and need the global catalog to find the user.


This is a PowerShell script that I made to do it without using the AccountManagement classes. It should be easy enough to translate it to C#:

[void][System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices");

$groupName = "Grupo Domain";

$directoryEntry = New-Object System.DirectoryServices.DirectoryEntry;
$directorySearcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, "(&(objectClass=group)(CN=$groupName))");
[void]$directorySearcher.PropertiesToLoad.Add("objectSid");
[void]$directorySearcher.PropertiesToLoad.Add("member");
$result = $directorySearcher.FindOne();

if ($result -eq $null) { return; }

# Try get the group members through the "member" property.
if ($result.Properties["member"].Count -gt 0) {
    foreach ($member in $result.Properties["member"]) {
        $memberSearcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, "(&(objectClass=*)(distinguishedName=$member))");
        [void]$memberSearcher.PropertiesToLoad.Add("msDS-PrincipalName");
        $memberResult = $memberSearcher.FindOne();
        if ($memberResult -eq $null) { continue; }
        Write-Output $memberResult.Properties["msDS-PrincipalName"];
    }
    return;
}
if ($result.Properties["objectSid"].Count -gt 0) {
    # The group might be an AD primary group. Try get the members by the PrimaryGroupID.
    $groupSid = New-Object System.Security.Principal.SecurityIdentifier($result.Properties["objectSid"][0], 0);
    # Hacky way to get only the last RID.
    $primaryGroupSid = $groupSid.Value.Replace($groupSid.AccountDomainSid.ToString(), [String]::Empty).TrimStart('-');
    $memberSearcher = New-Object System.DirectoryServices.DirectorySearcher($directoryEntry, "(&(objectClass=*)(primaryGroupId=$primaryGroupSid))");
    [void]$memberSearcher.PropertiesToLoad.Add("msDS-PrincipalName");
    $memberResult = $memberSearcher.FindAll();
    if ($memberResult -eq $null) { continue; }
    foreach ($member in $memberResult) {
        Write-Output $member.Properties["msDS-PrincipalName"];
    }
}
0

精彩评论

暂无评论...
验证码 换一张
取 消