Active Directory。与DACL工作

Question

我想让自己的静态类与AD一起工作。 我写了一个静态方法：

public static void AddReadingAceForGroup(DirectoryEntry dirEntry, string groupName) 
    { 
     dirEntry.RefreshCache(); 
     DirectoryEntry root = new DirectoryEntry("LDAP://192.168.1.1/  dc=mydomain,dc=ru"); 
     using (DirectorySearcher ds = new DirectorySearcher(root, "CN="+groupName)) 
     { 
      SearchResult sr = ds.FindOne(); 
      root = sr.GetDirectoryEntry(); 
     } 
     try 
     { 
      ActiveDirectoryAccessRule accessRule = 
       new ActiveDirectoryAccessRule(root.ObjectSecurity.GetGroup(typeof(SecurityIdentifier)), 
               ActiveDirectoryRights.GenericRead, AccessControlType.Allow); 
      dirEntry.ObjectSecurity.AddAccessRule(accessRule); 
      dirEntry.CommitChanges(); 
     } 
     catch(Exception e) 
     { 
     } 
    } 

使用此功能我做模拟与远程凭据用户之前，然后代码工作无异常，但没有结果。去除ACE的类似功能工作正常。

Answer 1

最后的工作代码为：

public static SecurityIdentifier GetGroupSid(string groupName, string domainControllerIp) 
{ 
    SecurityIdentifier sid = null; 
    using (PrincipalContext dcx = new PrincipalContext(ContextType.Domain, domainControllerIp)) 
    { 
     GroupPrincipal group = GroupPrincipal.FindByIdentity(dcx, groupName); 
     if (group != null) 
     { 
      sid = group.Sid; 
      group.Dispose(); 
     } 
    } 
    return sid; 
} 
public static void AddDaclsAceForGroup(DirectoryEntry dirEntry, string groupName, string ip) 
{ 
    SecurityIdentifier sid = GetGroupSid(groupName,ip); 
    try 
    { 
     ActiveDirectoryAccessRule accessRule = 
      new ActiveDirectoryAccessRule(sid,ActiveDirectoryRights.GenericRead, AccessControlType.Allow); 
     dirEntry.ObjectSecurity.AddAccessRule(accessRule); 
     dirEntry.CommitChanges(); 
    } 
    catch(Exception e) 
    { 
    } 
} 

我只是有错误与SID组。代码完美无瑕，但不是我期待的。 对不起，我的英语不好。