1

I am working on a website to manage active directory. I want to check that whether user has permission to change password or not. So I have to find "ntSecurityDescriptor" property value after that I have to cast it into IADsSecurityDescriptor.

Now if I use DirectorySearcher class then property value is of type System._ComObject and easily casted to IADsSecurityDescriptor. But when I use LdapConnection and SearchResponse I get property value of type.

byte[] array which is unale to cast to IADsSecityDescriptor.

I am getting error 

Unable to cast System.Byte[] to IADsSecurityDescriptor

Is there some problem with SearchResponse or I have use some kind of casting technique to achieve this? I have some problem to use DirectoryEntry class so I can only use LdapConnction class.

4

2 回答 2

1

我终于找到了我的问题的答案。此类将 byte[] 转换为有效的安全描述符 comobject。

ActiveDs.ADsSecurityUtility secUtility = new ActiveDs.ADsSecurityUtility();
ActiveDs.IADsSecurityDescriptor sd = (IADsSecurityDescriptor)secUtility.ConvertSecurityDescriptor((byte[])attribute[0], (int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_RAW, (int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID);
于 2012-11-24T06:38:43.017 回答
0

我认为您应该努力尝试使用 DirectoryEntry 方法。您将很难尝试使用 LdapConnection 操作 AD 对象。

如果你想继续 Ldap 的方式,在快速搜索之后,我会尝试一下原生的(这个词说明了一切)自动化功能。里面似乎有一些有趣的东西,比如:

ConvertStringSecurityDescriptorToSecurityDescriptor

http://msdn.microsoft.com/en-us/library/windows/desktop/aa376401%28v=vs.85%29.aspx

 C# syntax

[return: MarshalAs(UnmanagedType.Bool)]
[DllImport("Advapi32.dll", CharSet=CharSet.Unicode, SetLastError=true)]
internal static extern bool ConvertStringSecurityDescriptorToSecurityDescriptor(string StringSecurityDescriptor, uint StringSDRevision, ref IntPtr SecurityDescriptor, IntPtr SecurityDescriptorSize);
于 2012-11-20T09:34:48.140 回答