我正在尝试阅读AD ACE。问题是,我可以看到权限,继承等,但ObjectType(ACE的名称是GUID格式)。我试图获得ObjectType的友好名称。这是我的代码
System.DirectoryServices.DirectoryEntry userEntry = new DirectoryEntry("LDAP://xx");
System.Security.AccessControl.AuthorizationRuleCollection rules = userEntry.ObjectSecurity.GetAccessRules(true, true, typeof(System.Security.Principal.SecurityIdentifier));
foreach (System.Security.AccessControl.AuthorizationRule rule in rules)
{
System.DirectoryServices.ActiveDirectoryAccessRule oar = rule as System.DirectoryServices.ActiveDirectoryAccessRule;
Console.WriteLine(oar.ObjectType.ToString()); //GUID
....
}
请建议我如何获取对象名称,或者我应该使用不同的API。
由于
答案 0 :(得分:0)
必须对“ldapDisplayName”属性
的架构和配置进行另一次查询 public static string GetNameForGuidasd(string objectGuid, string targetAttribute, string propertyToQuery, DirectoryEntry searchRoot)
{
DirectoryEntry schemaContainer = new DirectoryEntry("LDAP://cn=schema,cn=configuration,DC=xx,DC=xx");
string attributeName = null;
DirectorySearcher searcher = new DirectorySearcher(schemaContainer);
searcher.SearchScope = SearchScope.OneLevel;
string filter = String.Format("(&({0}={1}))", propertyToQuery, BuildFilterOctetString(objectGuid));
searcher.Filter = filter;
using (searcher)
{
var result = searcher.FindOne();
if (result != null)
{
attributeName = (string)result.Properties[targetAttribute][0];
}
}
}
private static string BuildFilterOctetString(string objectGuid)
{
System.Guid guid = new Guid(objectGuid);
byte[] byteGuid = guid.ToByteArray();
string queryGuid = "";
foreach (byte b in byteGuid)
{
queryGuid += @"\" + b.ToString("x2");
}
return queryGuid;
}