问题描述
我正在尝试使用 GroupPrincipal(System.DirectoryServices.AccountManagement 命名空间的一部分)来填充类型字符串的列表,因此我可以检查是否用户是 Active Directory 组的成员.这是我迄今为止编写的编辑类:
I am trying to use GroupPrincipal (part of the System.DirectoryServices.AccountManagement namespace) to populate a list of type string, so I can check to see if a user is a member of an Active Directory group. Here is the edited class that I have written so far:
public class ActiveDirectoryMembership { private PrincipalContext context = new PrincipalContext(ContextType.Domain, Environment.UserDomainName); private List<string> GroupName {get;set;} public ActiveDirectoryMembership() { //Code snipped - this part returns a list of users populateGroups(); } private void populateGroups() { GroupPrincipal SearchGroup = GroupPrincipal.FindByIdentity(context, "Group Name"); GroupName = new List<string>(); foreach (UserPrincipal p in GroupName.GetMembers()) { GroupName.add(p.SamAccountName); } }
那么,我哪里出错了?
提前致谢:)
推荐答案
此代码修改有效(我进行了测试以确保):
This modification of your code works (I made tests to ensure):
using System.DirectoryServices.AccountManagement; private static readonly string DomainName = "domaincontrollercomputer.domain.com"; private static readonly string DomainContainer = "DC=DOMAIN,DC=COM"; private static readonly string ADGroupName = "AD Group Name"; private List<string> GroupName {get;set;} private void populateGroups() { using (var ctx = new PrincipalContext(ContextType.Domain, DomainName, DomainContainer)) { using (var grp = GroupPrincipal.FindByIdentity(ctx, ADGroupName)) { GroupName = new List<string>(); foreach (var member in grp.GetMembers()) { GroupName.Add(member.SamAccountName); } } } }