使用部分组名检查某人是多个组之一的成员
Checking Someone is a Member Of One of Many Groups Using Partial Group Name
我在尝试将某些东西融入我的代码时遇到了困难。
我想要做的是确定某人是否是一组集合中任何一个的成员。我不担心具体是哪个组,我只想知道:
"Is user "X" 至少是这个组集合中的一个成员?"
好消息是,所有这些组名都以相同的方式开头:
- Google-完全访问
- Google-受限访问
- Google-MailOnly
- Google-企业等
这是我用来检查特定组的内容:
Dim ctx As DirectoryServices.AccountManagement.PrincipalContext = New DirectoryServices.AccountManagement.PrincipalContext(DirectoryServices.AccountManagement.ContextType.Domain, "net.mydomain.co.uk")
Dim user As DirectoryServices.AccountManagement.UserPrincipal = DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(ctx, tbxuserID.Text)
Dim googleFull As DirectoryServices.AccountManagement.GroupPrincipal = DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(ctx, "Google-FullAccess")
If user.IsMemberOf(googleFull) Then
GoogleAccess = 1
GoTo Proceed
End If
然后我重复此代码块以检查下一组,依此类推。
有没有一种方法可以让我对其进行调整以检查 以 "Google-" 开头的任何组?这是我想做的,但显然行不通:
Dim googleCheck As DirectoryServices.AccountManagement.GroupPrincipal = DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(ctx, "Google-*")
非常感谢帮助!
我找到了解决办法!以下对我有用(在计算出 DistinguishedName 并将其存储在先前查询的字符串变量中后 - 我还预先将 GoogleCheck 声明为布尔变量):
Dim rootEntry As DirectoryServices.DirectoryEntry = New DirectoryServices.DirectoryEntry("LDAP://DC=net,DC=mydomain,DC=co,DC=uk")
Dim srch As DirectoryServices.DirectorySearcher = New DirectoryServices.DirectorySearcher(rootEntry)
srch.SearchScope = DirectoryServices.SearchScope.Subtree
srch.Filter = "(&(CN=Google-*)(objectCategory=group)(member=" + DistinguishedName + "))"
Dim res = srch.FindOne()
If res IsNot Nothing Then
GoogleCheck = True
Else
GoogleCheck = False
End If
我在尝试将某些东西融入我的代码时遇到了困难。
我想要做的是确定某人是否是一组集合中任何一个的成员。我不担心具体是哪个组,我只想知道:
"Is user "X" 至少是这个组集合中的一个成员?"
好消息是,所有这些组名都以相同的方式开头:
- Google-完全访问
- Google-受限访问
- Google-MailOnly
- Google-企业等
这是我用来检查特定组的内容:
Dim ctx As DirectoryServices.AccountManagement.PrincipalContext = New DirectoryServices.AccountManagement.PrincipalContext(DirectoryServices.AccountManagement.ContextType.Domain, "net.mydomain.co.uk")
Dim user As DirectoryServices.AccountManagement.UserPrincipal = DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(ctx, tbxuserID.Text)
Dim googleFull As DirectoryServices.AccountManagement.GroupPrincipal = DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(ctx, "Google-FullAccess")
If user.IsMemberOf(googleFull) Then
GoogleAccess = 1
GoTo Proceed
End If
然后我重复此代码块以检查下一组,依此类推。
有没有一种方法可以让我对其进行调整以检查 以 "Google-" 开头的任何组?这是我想做的,但显然行不通:
Dim googleCheck As DirectoryServices.AccountManagement.GroupPrincipal = DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(ctx, "Google-*")
非常感谢帮助!
我找到了解决办法!以下对我有用(在计算出 DistinguishedName 并将其存储在先前查询的字符串变量中后 - 我还预先将 GoogleCheck 声明为布尔变量):
Dim rootEntry As DirectoryServices.DirectoryEntry = New DirectoryServices.DirectoryEntry("LDAP://DC=net,DC=mydomain,DC=co,DC=uk")
Dim srch As DirectoryServices.DirectorySearcher = New DirectoryServices.DirectorySearcher(rootEntry)
srch.SearchScope = DirectoryServices.SearchScope.Subtree
srch.Filter = "(&(CN=Google-*)(objectCategory=group)(member=" + DistinguishedName + "))"
Dim res = srch.FindOne()
If res IsNot Nothing Then
GoogleCheck = True
Else
GoogleCheck = False
End If