用VB.NET搜索用户权限的LDAP

Question

我想从VB.NET获取Active Directory中的一些信息。 我有一个用户的“primaryGroupID”，在这种情况下是2096。 如何使用VB.NET获得该组的CN？

最终，我需要做的是找到用户所属组的列表（包括属于另一个组的组）。我已经有一个函数可以获取除主要组以外的主要组，另一个函数可以返回主要组的ID。两者详述如下。

Public Function getUserGroups(ByVal Username) 
    Dim grupos As New ArrayList() 
    Try 
     Dim Entry As New System.DirectoryServices.DirectoryEntry(ldapPath, ldapAdminUser, ldapAdminPass) 
     Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry) 
     Searcher.SearchScope = DirectoryServices.SearchScope.Subtree 
     Searcher.Filter = "(&(objectcategory=user)(SAMAccountName=" & Username & "))" 
     Dim res As SearchResult = Searcher.FindOne 

     For i = 0 To res.Properties("memberOf").Count() - 1 
      grupos.Add(res.Properties("memberOf")(i).ToString) 
     Next 
    Catch ex As Exception 
    End Try 
    Return grupos 
End Function 


Public Function GetUserPrimaryGroupID(ByVal user As String) As String 
    Dim grupoID As String = "" 
    Try 
     Dim Entry As New System.DirectoryServices.DirectoryEntry(ldapPath, ldapAdminUser, ldapAdminPass) 
     Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry) 
     Searcher.SearchScope = DirectoryServices.SearchScope.Subtree 
     Searcher.Filter = "(&(objectcategory=user)(SAMAccountName=" & user & "))" 
     Dim res As SearchResult = Searcher.FindOne 

     For i = 0 To res.Properties("primaryGroupID").Count() - 1 
      grupoID = (res.Properties("primaryGroupID")(i).ToString) 'Esto devuelve la ruta "CN" del grupo 
      'grupoID = (res.Properties("primaryGroupID")(i).ToString) 
      'Dim de As DirectoryEntry = New DirectoryEntry("LDAP://" + res.Properties("primaryGroupID")(i).ToString()) 
     Next 
    Catch ex As Exception 
    End Try 
    Return grupoID 
End Function 

Answer 1

这里有一个VBScript示例 - http://support.microsoft.com/kb/297951。

基本上，主要组ID是组的一个RID（SID的最后一个组件）。因此，要找到该组，可以将域SID和主组ID一起连接起来。