我有一个检索所有特定AD组的成员一个C＃4.0程序的工作。在此广告组是包含其他成员的其他广告组。我需要我的程序的标识，它是一组和检索该组中的成员。

I have a C# 4.0 program working that retrieves all the members for a specific AD group. In this AD group are other AD groups containing other members. I need my program to identity that it is a group and retrieve the members in that group.

我知道我需要写一个递归程序，但我希望有人在那里可能已经做到了。如果不是，可能有人告诉我AD property属性，以确定该成员是实际的一组？

I know I need to write a recursive program but I was hoping somebody out there might have already done it. If not, could somebody tell me the AD property attribute to identify that the member is actual a group?

推荐答案

既然你在.NET 3.5及以上，你应该看看 System.DirectoryServices.AccountManagement （S.DS.AM）命名空间。阅读所有关于它的：

Since you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

基本上，你可以定义域范围内，轻松地查找用户和/或组的AD。另外： GroupPrincipal 有一个名为 GetMembers方法这将列出该组的所有成员 - 可选，它会这么做递归地为您服务！

Basically, you can define a domain context and easily find users and/or groups in AD. Also: the GroupPrincipal has a method called GetMembers which will list all members of that group - optionally, it will do so recursively for you!

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find the group you're interested in
GroupPrincipal myGroup = GroupPrincipal.FindByIdentity(ctx, "SomeGroup");

// if you found it - get its members
if (myGroup != null)
{
   // if your call the GetMembers, you can optionally specify a "Recursive" flag - done here
   var allMembers = myGroup.GetMembers(true);
}

新S.DS.AM使得它可以很容易地玩弄用户和组AD！

The new S.DS.AM makes it really easy to play around with users and groups in AD!