我需要能够对接受组的列表来比较用户Active Directory组。这是不适合的认证
I need to be able to compare the users active directory groups against a list of acceptable groups. This is not for authentication.
我知道我可以使用System.DirectoryServices中,但我已经看到,说使用AccountManagement很多帖子,但我看到的是。主动目录。
I know i can use System.DirectoryServices but i have seen many posts that say to use AccountManagement but all i see is .Active Directory.
任何人都可以请帮助我在正确的方向?
Can anyone please assist me in the right direction?
尝试是这样的:检查出 System.DirectoryServices.AccountManagement
(S.DS.AM)命名空间。阅读所有关于它的:
Try something like this: check out the System.DirectoryServices.AccountManagement
(S.DS.AM) namespace. Read all about it here:
基本上,你可以定义域范围内,并很容易地找到在AD用户和/或组:
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
PrincipalSearchResult<Principal> authgroups = user.GetAuthorizationGroups();
// do your checking with the auth groups that the user has - against your list
}
新S.DS.AM使得它可以很容易地玩弄用户和组AD!
The new S.DS.AM makes it really easy to play around with users and groups in AD!