3
我想讓自己的靜態類與AD一起工作。 我寫了一個靜態方法:Active Directory。與DACL工作
public static void AddReadingAceForGroup(DirectoryEntry dirEntry, string groupName)
{
dirEntry.RefreshCache();
DirectoryEntry root = new DirectoryEntry("LDAP://192.168.1.1/ dc=mydomain,dc=ru");
using (DirectorySearcher ds = new DirectorySearcher(root, "CN="+groupName))
{
SearchResult sr = ds.FindOne();
root = sr.GetDirectoryEntry();
}
try
{
ActiveDirectoryAccessRule accessRule =
new ActiveDirectoryAccessRule(root.ObjectSecurity.GetGroup(typeof(SecurityIdentifier)),
ActiveDirectoryRights.GenericRead, AccessControlType.Allow);
dirEntry.ObjectSecurity.AddAccessRule(accessRule);
dirEntry.CommitChanges();
}
catch(Exception e)
{
}
}
使用此功能我做模擬與遠程憑據用戶之前,然後代碼工作無異常,但沒有結果。去除ACE的類似功能工作正常。