从组名开头的组中删除 Active Directory 用户
Removing Active Directory User from Groups where Group Name Starts With
我在尝试解决 VB.net 中的问题时遇到问题。我想要实现的是从组名称以 "Google"...
开头的所有组中删除一个特定的 AD 用户
如果我知道组的全名,这很简单,我可以执行以下操作:
Dim ctx As DirectoryServices.AccountManagement.PrincipalContext = New DirectoryServices.AccountManagement.PrincipalContext(DirectoryServices.AccountManagement.ContextType.Domain, "Company.co.uk")
Dim googleremove As DirectoryServices.AccountManagement.GroupPrincipal = DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(ctx, "Google-Group1")
googleremove.Members.Remove(ctx, DirectoryServices.AccountManagement.IdentityType.SamAccountName, "UserID")
googleremove.Save()
但问题是我的应用程序并不总是知道需要从哪个特定组中删除用户。有 28 个不同的组,每个组都有数千名用户,组名以 "Google-" 开头。有没有一种有效的方法可以将用户从组名称以 "Google-" 开头的所有组中删除,并且不会严重降低速度?
您说您知道如何获取 MemberOf 信息。您是否会遍历该数组以查找以 "Google".
开头的组?
但请记住,MemberOf 数组是一个可分辨名称数组,因此组名的前缀为 "CN="。所以你真的需要做这样的事情:
For Each groupDn as String in memberOf
If groupDn.StartsWith("CN=Google"))
//remove user from this group
End If
Next
我有一段时间没有使用 VB,所以它可能无法按原样工作。但这就是想法。
我解决了!以下是我如何为其他人解决我的问题:
Dim ctx As DirectoryServices.AccountManagement.PrincipalContext = New DirectoryServices.AccountManagement.PrincipalContext(DirectoryServices.AccountManagement.ContextType.Domain, "MyCompany.co.uk")
Dim usr As DirectoryServices.AccountManagement.UserPrincipal = DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(ctx, "User ID")
Dim grp As DirectoryServices.AccountManagement.GroupPrincipal = New DirectoryServices.AccountManagement.GroupPrincipal(ctx)
grp.Name = "Google-*"
grp.Members.Contains(usr)
Dim srch As DirectoryServices.AccountManagement.PrincipalSearcher = New DirectoryServices.AccountManagement.PrincipalSearcher(grp)
For Each s As DirectoryServices.AccountManagement.GroupPrincipal In srch.FindAll()
s.Members.Remove(ctx, DirectoryServices.AccountManagement.IdentityType.SamAccountName, "User ID")
s.Save()
Next
我在尝试解决 VB.net 中的问题时遇到问题。我想要实现的是从组名称以 "Google"...
开头的所有组中删除一个特定的 AD 用户如果我知道组的全名,这很简单,我可以执行以下操作:
Dim ctx As DirectoryServices.AccountManagement.PrincipalContext = New DirectoryServices.AccountManagement.PrincipalContext(DirectoryServices.AccountManagement.ContextType.Domain, "Company.co.uk")
Dim googleremove As DirectoryServices.AccountManagement.GroupPrincipal = DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(ctx, "Google-Group1")
googleremove.Members.Remove(ctx, DirectoryServices.AccountManagement.IdentityType.SamAccountName, "UserID")
googleremove.Save()
但问题是我的应用程序并不总是知道需要从哪个特定组中删除用户。有 28 个不同的组,每个组都有数千名用户,组名以 "Google-" 开头。有没有一种有效的方法可以将用户从组名称以 "Google-" 开头的所有组中删除,并且不会严重降低速度?
您说您知道如何获取 MemberOf 信息。您是否会遍历该数组以查找以 "Google".
开头的组?但请记住,MemberOf 数组是一个可分辨名称数组,因此组名的前缀为 "CN="。所以你真的需要做这样的事情:
For Each groupDn as String in memberOf
If groupDn.StartsWith("CN=Google"))
//remove user from this group
End If
Next
我有一段时间没有使用 VB,所以它可能无法按原样工作。但这就是想法。
我解决了!以下是我如何为其他人解决我的问题:
Dim ctx As DirectoryServices.AccountManagement.PrincipalContext = New DirectoryServices.AccountManagement.PrincipalContext(DirectoryServices.AccountManagement.ContextType.Domain, "MyCompany.co.uk")
Dim usr As DirectoryServices.AccountManagement.UserPrincipal = DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(ctx, "User ID")
Dim grp As DirectoryServices.AccountManagement.GroupPrincipal = New DirectoryServices.AccountManagement.GroupPrincipal(ctx)
grp.Name = "Google-*"
grp.Members.Contains(usr)
Dim srch As DirectoryServices.AccountManagement.PrincipalSearcher = New DirectoryServices.AccountManagement.PrincipalSearcher(grp)
For Each s As DirectoryServices.AccountManagement.GroupPrincipal In srch.FindAll()
s.Members.Remove(ctx, DirectoryServices.AccountManagement.IdentityType.SamAccountName, "User ID")
s.Save()
Next