1
要获取Active Directory中的所有组,我已使用C#编写此代码。它的工作原理非常清楚,因为我不需要通过任何服务器名,OU,DC等活动目录获取除特殊组以外的所有组
UserPrincipal current_user = UserPrincipal.Current;
PrincipalContext current_context = current_user.Context;
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal qbeUser = new GroupPrincipal(ctx);
Principal userOrGroup = qbeUser as Principal;
userOrGroup.Name = "*";
PrincipalSearcher searcher = new PrincipalSearcher(userOrGroup);
List<string> AllGroups = new List<string>();
// enumerate the results - you need to check what kind of principal you get back
foreach (Principal found in searcher.FindAll())
{
// is it a UserPrincipal - do what you need to do with that...
if (found is UserPrincipal)
{
// ......
}
else if (found is GroupPrincipal)
{
AllGroups.Add(found.Name);
//GroupPrincipal gp = found as GroupPrincipal;
//var data = gp.GetMembers();
// if it's a group - do whatever you need to do with a group....
}
}
//return AllGroups;
的问题是,它列出了我不需要像
PerformanceLogUsers,SchemaAdmins,HelpServiceGroups,远程登录太多组客户等。
我只需要管理员,访客和其他用户创建组等组。我已阅读有关这些是特殊组等等等
在这方面的任何帮助,高度赞赏。