閱讀活動目錄的ACE

Question

我想讀AD的ACE。問題是，我可以看到權限，繼承等，但ObjectType（這是ACE的名稱是GUID格式）。我正在嘗試獲取ObjectType的友好名稱。這裏是我的代碼

System.DirectoryServices.DirectoryEntry userEntry = new DirectoryEntry("LDAP://xx"); 

System.Security.AccessControl.AuthorizationRuleCollection rules = userEntry.ObjectSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier)); 

foreach (System.Security.AccessControl.AuthorizationRule rule in rules) 
{ 
    System.DirectoryServices.ActiveDirectoryAccessRule oar = rule as System.DirectoryServices.ActiveDirectoryAccessRule; 
    Console.WriteLine(oar.ObjectType.ToString()); //GUID 
    ....      
} 

請建議我我如何能得到對象名稱，或者也許有，我應該使用不同的API。

感謝

Answer 1

不得不做出的架構和配置的「ldapDisplayName，可」屬性

 public static string GetNameForGuidasd(string objectGuid, string targetAttribute, string propertyToQuery, DirectoryEntry searchRoot) 
     { 
      DirectoryEntry schemaContainer = new DirectoryEntry("LDAP://cn=schema,cn=configuration,DC=xx,DC=xx"); 
      string attributeName = null; 
      DirectorySearcher searcher = new DirectorySearcher(schemaContainer); 
      searcher.SearchScope = SearchScope.OneLevel; 
      string filter = String.Format("(&({0}={1}))", propertyToQuery, BuildFilterOctetString(objectGuid)); 
      searcher.Filter = filter; 
      using (searcher) 
      { 
       var result = searcher.FindOne(); 
       if (result != null) 
       { 
        attributeName = (string)result.Properties[targetAttribute][0]; 
       } 
      } 
     } 

     private static string BuildFilterOctetString(string objectGuid) 
     { 
      System.Guid guid = new Guid(objectGuid); 
      byte[] byteGuid = guid.ToByteArray(); 
      string queryGuid = ""; 
      foreach (byte b in byteGuid) 
      { 
       queryGuid += @"\" + b.ToString("x2"); 
      } 
      return queryGuid; 
     }