3
我想让自己的静态类与AD一起工作。 我写了一个静态方法:Active Directory。与DACL工作
public static void AddReadingAceForGroup(DirectoryEntry dirEntry, string groupName)
{
dirEntry.RefreshCache();
DirectoryEntry root = new DirectoryEntry("LDAP://192.168.1.1/ dc=mydomain,dc=ru");
using (DirectorySearcher ds = new DirectorySearcher(root, "CN="+groupName))
{
SearchResult sr = ds.FindOne();
root = sr.GetDirectoryEntry();
}
try
{
ActiveDirectoryAccessRule accessRule =
new ActiveDirectoryAccessRule(root.ObjectSecurity.GetGroup(typeof(SecurityIdentifier)),
ActiveDirectoryRights.GenericRead, AccessControlType.Allow);
dirEntry.ObjectSecurity.AddAccessRule(accessRule);
dirEntry.CommitChanges();
}
catch(Exception e)
{
}
}
使用此功能我做模拟与远程凭据用户之前,然后代码工作无异常,但没有结果。去除ACE的类似功能工作正常。