问题
How would I go about querying what active directory group the currently logged in user belongs to? I am assuming it will be through LDAP but I havnt been able to find much on how to get this particular information.
I have put together some code but im not quite sure what I need to do next
// Open the access token associated with the calling process.
if (OpenProcessToken(GetCurrentProcess(),
TOKEN_QUERY,
&hToken) == FALSE)
{
dwErrorCode = GetLastError();
wprintf(L"OpenProcessToken failed. GetLastError returned: %d\n", dwErrorCode);
return HRESULT_FROM_WIN32(dwErrorCode);
}
// Retrieve the token information in a TOKEN_USER structure.
GetTokenInformation(hToken,
TokenUser, // Request for a TOKEN_USER structure.
NULL,
0,
&dwBufferSize);
pTokenUser = (PTOKEN_USER) new BYTE[dwBufferSize];
memset(pTokenUser, 0, dwBufferSize);
if (GetTokenInformation(hToken,
TokenUser,
pTokenUser,
dwBufferSize,
&dwBufferSize))
{
CloseHandle(hToken);
}
else
{
dwErrorCode = GetLastError();
wprintf(L"GetTokenInformation failed. GetLastError returned: %d\n", dwErrorCode);
return HRESULT_FROM_WIN32(dwErrorCode);
}
if (IsValidSid(pTokenUser->User.Sid) == FALSE)
{
wprintf(L"The owner SID is invalid.\n");
delete [] pTokenUser;
}
回答1:
In your particular case I think you can do without any LDAP calls. Here's a suggestion:
- use
GetCurrentProcessId
andOpenProcess
to get a handle to the current process - call
OpenProcessToken
on that handle to open the access token associated with the current process - call
GetTokenInformation
on that access token, with a token information class ofTokenGroups
- the resulting
TOKEN_GROUPS
structure contains a list with the SIDs and attributes of all the groups in the access token - call
LookupAccountSid
on the SID of each group in the list to obtain its name
MSDN should provide more detailed information about the calls mentioned above.
来源:https://stackoverflow.com/questions/3505336/find-current-users-active-directory-group-c