2

我正在尝试阅读 AD ACE。问题是,我可以看到权限、继承等,但 ObjectType(ACE 的名称是 GUID 格式)。我正在尝试获取 ObjectType 的友好名称。这是我的代码

System.DirectoryServices.DirectoryEntry userEntry = new DirectoryEntry("LDAP://xx");

System.Security.AccessControl.AuthorizationRuleCollection rules = userEntry.ObjectSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));

foreach (System.Security.AccessControl.AuthorizationRule rule in rules)
{
   System.DirectoryServices.ActiveDirectoryAccessRule oar = rule as System.DirectoryServices.ActiveDirectoryAccessRule;
   Console.WriteLine(oar.ObjectType.ToString()); //GUID
   ....                     
}

请建议我如何获取对象名称,或者我应该使用不同的 API。

谢谢

4

1 回答 1

0

必须对“ldapDisplayName”属性的架构和配置进行另一个查询

        public static string GetNameForGuidasd(string objectGuid, string targetAttribute, string propertyToQuery, DirectoryEntry searchRoot)
        {
            DirectoryEntry schemaContainer = new DirectoryEntry("LDAP://cn=schema,cn=configuration,DC=xx,DC=xx");
            string attributeName = null;
            DirectorySearcher searcher = new DirectorySearcher(schemaContainer);
            searcher.SearchScope = SearchScope.OneLevel;
            string filter = String.Format("(&({0}={1}))", propertyToQuery, BuildFilterOctetString(objectGuid));
            searcher.Filter = filter;
            using (searcher)
            {
                var result = searcher.FindOne();
                if (result != null)
                {
                    attributeName = (string)result.Properties[targetAttribute][0];
                }
            }
        }

        private static string BuildFilterOctetString(string objectGuid)
        {
            System.Guid guid = new Guid(objectGuid);
            byte[] byteGuid = guid.ToByteArray();
            string queryGuid = "";
            foreach (byte b in byteGuid)
            {
                queryGuid += @"\" + b.ToString("x2");
            }
            return queryGuid; 
        }
于 2013-03-25T13:44:28.910 回答