System.DirectoryService namespace provides many useful utilitu to communicate with AD, especially when you are querying object information. However, when querying AD object by objectSID, there’s a trick.
To query AD via System.DirectoryService namespace, first we have to create searcher object.
private static DirectorySearcher GetSearcher()
{DirectoryEntry de = new DirectoryEntry("LDAP://dc=mydomain,dc=com");
DirectorySearcher ds = new DirectorySearcher(de); return ds;}
Then to set query filter, in this case , I am searching objects by its sid.
ds.Filter = string.Format("(&(objectClass=user)(objectSid={0}))", ConvertByteToStringSid(binaryForm));
And to get correct SID string for query.
private static string ConvertByteToStringSid(Byte[] sidBytes)
{ StringBuilder strSid = new StringBuilder();foreach (byte b in sidBytes)
{ strSid.Append("\\").Append(b.ToString("X2"));}
return strSid.ToString();}
We can not simply put filter like objectSid=S-1-5, to get this query work, we have to convert SID into format like \00\01\05…
沒有留言:
張貼留言