如何知道DirectoryEntry是一個用戶還是一個組？

Question

您好，

我有以下代碼從當前AD創建樹：

public static ActiveDirectory GetActiveDirectoryTree(string pathToAD = "") 
{ 
    DirectoryEntry objADAM = default(DirectoryEntry); 
    // Binding object. 
    DirectoryEntry objGroupEntry = default(DirectoryEntry); 
    // Group Results. 
    DirectorySearcher objSearchADAM = default(DirectorySearcher); 
    // Search object. 
    SearchResultCollection objSearchResults = default(SearchResultCollection); 
    // Binding path. 
    ActiveDirectory result = new ActiveDirectory(); 
    ActiveDirectoryItem treeNode; 

    // Get the AD LDS object. 
    try 
    { 
     if (pathToAD.Length > 0) 
      objADAM = new DirectoryEntry(); 
     else 
      objADAM = new DirectoryEntry(pathToAD); 
     objADAM.RefreshCache(); 
    } 
    catch (Exception e) 
    { 
     throw e; 
    } 

    // Get search object, specify filter and scope, 
    // perform search. 
    try 
    { 
     objSearchADAM = new DirectorySearcher(objADAM); 
     objSearchADAM.Filter = "(&(objectClass=group))"; 
     objSearchADAM.SearchScope = SearchScope.Subtree; 
     objSearchResults = objSearchADAM.FindAll(); 
    } 
    catch (Exception e) 
    { 
     throw e; 
    } 

    // Enumerate groups 
    try 
    { 
     if (objSearchResults.Count != 0) 
     { 
      //SearchResult objResult = default(SearchResult); 
      foreach (SearchResult objResult in objSearchResults) 
      { 
       objGroupEntry = objResult.GetDirectoryEntry(); 
       result.ActiveDirectoryTree.Add(new ActiveDirectoryItem() { Id = objGroupEntry.Guid, ParentId = objGroupEntry.Parent.Guid, AccountName = objGroupEntry.Name, Type = ActiveDirectoryType.Group, PickableNode = false }); 

       foreach (object child in objGroupEntry.Properties["member"]) 
       { 
        treeNode = new ActiveDirectoryItem(); 
        var path = "LDAP://" + child.ToString().Replace("/", "\\/"); 
        using (var memberEntry = new DirectoryEntry(path)) 
        { 
         if (memberEntry.Properties.Contains("sAMAccountName") && memberEntry.Properties.Contains("objectSid")) 
         { 
          treeNode.Id = Guid.NewGuid(); 
          treeNode.ParentId = objGroupEntry.Guid; 
          treeNode.AccountName = memberEntry.Properties["sAMAccountName"][0].ToString(); 
          treeNode.Type = ActiveDirectoryType.User; 
          treeNode.PickableNode = true; 
          treeNode.FullName = memberEntry.Properties["Name"][0].ToString(); 

          byte[] sidBytes = (byte[])memberEntry.Properties["objectSid"][0]; 
          treeNode.ObjectSid = new System.Security.Principal.SecurityIdentifier(sidBytes, 0).ToString(); 

          result.ActiveDirectoryTree.Add(treeNode); 
         } 
        } 
       } 
      } 
     } 
     else 
     { 
      throw new Exception("No groups found"); 
     } 
    } 
    catch (Exception e) 
    { 
     throw new Exception(e.Message); 
    } 

    return result; 
} 

的問題是，使用（VAR memberEntry =新的DirectoryEntry（路徑））返回DomainUsers作爲用戶到這棵樹，我不知道這是否正確？

說我存儲sidId爲DomainUsers節點，然後將其發送到下面的方法：

public static Boolean GetActiveDirectoryName(string sidId,out string samAccountName,out string fullName) 
     { 
      samAccountName = string.Empty; 
      fullName = string.Empty; 


      if (sidId != null && sidId.Length > 0) 
      { 
       var ctx = new System.DirectoryServices.AccountManagement.PrincipalContext(ContextType.Domain, null); 
       using (var up = UserPrincipal.FindByIdentity(ctx, IdentityType.Sid, sidId)) 
       { 
        samAccountName = up.SamAccountName; 
        fullName = up.Name; 

        return true; 
       } 
      } 
      return false; 
     } 

的行動將被設置爲空？如果我在AD中選擇另一個用戶，那麼它工作得很好。我懷疑DomainUsers是一個組，但是如何在DirectoryEntry上檢查這個？

BestRegards

Answer 1

關閉我的頭頂：你有沒有考慮檢查返回結果的架構特性？我想你可以通過使用DirectoryEntry.SchemaEntry.Name輕鬆地找出一個組。如果您的模式條目是一個組，它應該返回group。

參考：MSDN: DirectoryEntry.SchemaEntry

---

只是出於好奇和一點題外話在你的代碼上面：

if (pathToAD.Length > 0) 
     objADAM = new DirectoryEntry(); 
else 
     objADAM = new DirectoryEntry(pathToAD); 
objADAM.RefreshCache(); 

你不希望使用pathToAD IF的Length>0？