不確定映射的域管理員。 我只是檢查用戶登錄到的域的本地和域管理員。 不要像「內建\ Admin」那樣訪問字符串,它們根據操作系統語言版本而有所不同。
我喜歡使用.net 4.5 Principals方法。 如果你可以使用4,你可以做類似的事情。5
關於問題的 我如何能夠區分
所以
- DomainUser和LocalUsers
- LocalUser和MappedDomainUser
- DomainUser和MappedDomainUser之間
示例代碼
using System;
using System.DirectoryServices.ActiveDirectory;
using System.Security.Principal
namespace xxxxx
{
public class UserEnvTools
{
public static bool IsDomainAdmin()
{ //returns TRUE for a machine that is on a workgroup So consider GetDomain methods based on scenario
if (WindowsIdentity.GetCurrent().User.AccountDomainSid == null)
return false;
var domainAdmins = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid,
WindowsIdentity.GetCurrent().User.AccountDomainSid);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(domainAdmins));
}
public static bool IsDomainUser()
{
//returns TRUE for a machine that is on a workgroup So consider GetDomain methods based on scenario
if (WindowsIdentity.GetCurrent().User.AccountDomainSid == null)
return false;
var domainUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid,
WindowsIdentity.GetCurrent().User.AccountDomainSid);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(domainUsers));
}
public static bool IsLocalAdmin()
{
var localAdmins = new SecurityIdentifier(WellKnownSidType.BuiltinAdministratorsSid, null);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(localAdmins));
}
public static bool IsLocalUser()
{
var localUsers = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
var prin = new WindowsPrincipal(WindowsIdentity.GetCurrent());
return prin != null && (prin.IsInRole(localUsers));
}
// Current security context applies
public static Domain GetCurrentUserDomain()
{
try
{
return System.DirectoryServices.ActiveDirectory.Domain.GetCurrentDomain();
}
// It may be better not to ctach such errors?
catch (ActiveDirectoryOperationException) // no Controller/AD Forest can not be contacted
{return null;}
catch (ActiveDirectoryObjectNotFoundException) // The USers Domain is not known to the controller
{return null;}
}
public static Domain GetCurrentMachineDomain()
{
try
{
return System.DirectoryServices.ActiveDirectory.Domain.GetComputerDomain();
}
// It may be better not to ctach such errors?
catch (ActiveDirectoryOperationException) // no controller or machine is not on a domain
{ return null; }
catch (ActiveDirectoryObjectNotFoundException) // controller found, but the machine is not known
{ return null; }
}
檢查用戶名以機器名開頭是否正常,並且正常工作。您還可以檢查該用戶是否存在於域中,並比較sids以查看它是否是同一用戶。 – Dorian
我在想,如果我可以使用衆所周知的SID類型和查看此用戶所屬的小島嶼發展中國家也是如此,但是WindowsIdentity.User似乎並不匹配任何衆所周知的SID。 –
這是不是很清楚你想在這裏實現什麼。首先,如果域中的帳戶不是域用戶組的成員,那麼您是否仍想將其計爲域帳戶?其次,爲什麼要區分屬於任何本地組的域帳戶和不是的域帳戶? (通常你只需要檢查一些特定組的成員資格。)第三,你是否想要包含嵌套組成員? –