问题
Let's say I'm in
OU=Groups,DC=contaco,DC=com,ct
I can find all the groups in a sub OU, but the only way to find all of the groups user 'bobdole' belongs to is for me to look at each group and see if he is in the 'member' field.
Unfortunately, when I look at user 'bobdole', I don't see a memberOf field that has all of these lists, hence I have to enumerate through each group\distribution list and see which he is a member of.
Is there no more efficient way to do this? I'm in c#
回答1:
This returns all the roles (Groups) that a user belongs to.
public string[] GetRolesForUser(DirectoryEntry user)
{
user.RefreshCache(new string[] { "tokenGroups" });
var irc = new IdentityReferenceCollection(user.Properties["tokenGroups"].Count);
foreach (byte[] sidBytes in user.Properties["tokenGroups"])
irc.Add(new SecurityIdentifier(sidBytes, 0));
var coll = new StringCollection();
irc = irc.Translate(typeof(NTAccount));
foreach (var ir in irc)
{
if (ir is NTAccount)
{
coll.Add(ir.ToString());
}
}
var accounts = new string[coll.Count];
coll.CopyTo(accounts, 0);
return accounts;
}
回答2:
Correct me if I'm wrong but I'm pretty sure that "tokenGroups" does not contain DistributionGroups, but only SecurityGroups/Roles.
来源:https://stackoverflow.com/questions/1506833/finding-what-groups-distribution-lists-a-specific-user-belongs-to-in-active-dire