5

I have a security group (pictured below) in active directory that has an e-mail address associated with it. How do I get the e-mail address of the group? The GroupPrincipal object does not have any e-mail address properties on it.

This is how I am retrieving all the groups:

using (PrincipalContext context = new PrincipalContext(DirectoryContextType, Domain)) {
    using (var groupSearcher = new GroupPrincipal(context)) {
        using (var searcher = new PrincipalSearcher(groupSearcher)) {
            foreach (GroupPrincipal group in searcher.FindAll()) {
                //How do I get the e-mail address?
            }
        }
    }
}

Security Group

4

3 回答 3

6

I just wanted to add this here because I think it might be helpful. The account management library is great for quickly doing things like resetting passwords on AD users or getting common properties. But it definitely doesn't have all of them. What I do is get the Underlying directory object, like so... 

// Pretend you have a groupprincipal object called 'group' 
// This will get all of the properties of that group object not accounted for in 
// System.DirectoryServices.AccountManagement
DirectoryEntry groupDE = group.GetUnderlyingObject() as DirectoryEntry();
// We all know that a distro group in AD will have at least 1 email address. 
// However, A
// security group will have 0, and since the mail property is of type
// PropertyValueCollection, if you try to access the first member of the collection
// and it has no length, an exception will be thrown. The following code 
// accounts for this problem. 

// Get the mail attribute of the AD object 
PropertyValueCollection group_email_addresses = groupDe.Properties["mail"];
// Make sure there is at least one address
if (group_email_addresses.Count > 0){
   // knowing that you have at least one address, you can access the first entry or 
   // loop and grab all entries on a property, depending on the appropriate use case
   Console.WriteLine(group_email_addresses[0]); 
}

// This concept can be applied to all Principal Objects. Just look for the // GetUnderlyingObject() method to get started!

于 2019-09-06T16:42:03.867 回答
3

If you want to do this from Account Management you will need to make a new class that exposes that property.

[DirectoryObjectClass("group")]
[DirectoryRdnPrefix("CN")]
public class GroupPrincipalsEx : GroupPrincipal
{
    public GroupPrincipalsEx(PrincipalContext context) : base(context) { }

    public GroupPrincipalsEx(PrincipalContext context, string samAccountName)
        : base(context, samAccountName)
    {
    }

    [DirectoryProperty("mail")]
    public string EmailAddress
    {
        get
        {
            if (ExtensionGet("mail").Length != 1)
                return null;

            return (string)ExtensionGet("mail")[0];

        }
        set { this.ExtensionSet("mail", value); }
    }
}
于 2013-01-07T21:40:21.003 回答
-1

You need to cast everything as type UserPrincipal:

var mailList = new List<MailAddress>();
var adDomain = "yourdomain";
var adGroup = "yourgroup";

using (var context = new PrincipalContext(ContextType.Domain, adDomain))
{
    using (var groupContext = GroupPrincipal.FindByIdentity(context, adGroup))
    {
        mailList = groupContext.GetMembers(true)
                               .Cast<UserPrincipal>()
                               .Where(x => !string.IsNullOrEmpty(x.EmailAddress) && !string.IsNullOrEmpty(x.DisplayName))
                               .Select(x => new MailAddress(x.EmailAddress, x.DisplayName))
                               .ToList();
    }

}

return mailList;
于 2017-04-06T23:51:55.950 回答