的memberOf是在描述用户组的成员详细介绍Active Directory用户帐户的属性。如果我们用.NET或Java来获取用户详细信息，然后我们得到的这些用户的成员组的专有名称条款的memberOf属性值。那么，有没有办法得到的objectGUID上看，这些组名称无论是在Java或.NET？

'memberof' is the attribute on the Active Directory user account which describes user's group membership detail. If we use .Net or Java to get the users detail then we get the 'memberof' attribute value in terms of 'Distinguished Name' of the groups of which user is member of. So is there any way to get these group names in terms of objectGUID either in JAVA or .NET ?

推荐答案

您可以使用扩展DNLDAP的扩展控制。它只能用于在AD中搜索

You can make use of the "Extended DN" LDAP extended control. It can be used only in AD search.

C＃code：

// Here I get the user object and then do a AD search.
// Instead, you may search for that user object directly.
DirectoryEntry userEntry = new DirectoryEntry("LDAP://<server>/<user DN>", "user", "pwd");

DirectorySearcher searcher = new DirectorySearcher(userEntry);
searcher.SearchScope = SearchScope.Base;
searcher.ExtendedDN = ExtendedDN.Standard;
searcher.PropertiesToLoad.Clear();
searcher.PropertiesToLoad.Add("memberOf");

SearchResult result = searcher.FindOne();

foreach (string val in result.Properties["memberOf"])
{
    Console.WriteLine(val);
}

根据传递到值 ExtendedDN ，它会返回值

<GUID=guid_value>;<SID=sid_value>;dn

ExtendedDN.None （仅DN，这是默认）： CN =管理员，CN =用户​​，DC = Fabrikam目录，DC = COM

ExtendedDN.None (only DN, this is the default): CN=Administrator, CN=Users,DC=Fabrikam,DC=com

ExtendedDN.Standard （标准字符串格式）： <GUID=bdbfd4b3-453c-42ee-98e2-7b4a698a61b8>;<SID=S-1-5-21-2354834273-1534127952-2340477679-500>;CN=Administrator, CN =用户​​，DC = Fabrikam目录，DC = COM

ExtendedDN.Standard (Standard string format): <GUID=bdbfd4b3-453c-42ee-98e2-7b4a698a61b8>;<SID=S-1-5-21-2354834273-1534127952-2340477679-500>;CN=Administrator, CN=Users,DC=Fabrikam,DC=com

ExtendedDN.HexString （十六进制格式）： <GUID=b3d4bfbd3c45ee4298e27b4a698a61b8>;<SID=01050000000000051500000061eb5b8c50ef705befda808bf4010000>;CN=Administrator, CN =用户​​，DC = Fabrikam目录，DC = COM

ExtendedDN.HexString (Hexadecimal format): <GUID=b3d4bfbd3c45ee4298e27b4a698a61b8>;<SID=01050000000000051500000061eb5b8c50ef705befda808bf4010000>;CN=Administrator, CN=Users,DC=Fabrikam,DC=com

如果该对象不具有的SID，该SID部分将被省略：

If the object don't have SID, the SID part will be omitted:

<GUID=guid_value>;dn

有关扩展DN的详细信息，请查询：

For details about Extended DN, please check:

http://msdn.microsoft.com/en-us/library/ cc223349.aspx