Batallas con Grupos del Directorio Activo con System.DirectoryServices.AccountManagement
3 views
Skip to first unread message
Carlos Admirador
Sep 9, 2022, 7:08:50 AM9/9/22
to AltNet-Hispano
Utilizo System.DirectoryServices.AccountManagement para manejar el directorio activo en NET (C#).
Escenario 1: Obtener grupos de un usuario
user.GetGroups() tiene limitaciones y bugs, problemas de rendimiento también.
https://www.gabescode.com/active-directory/2018/06/08/finding-all-of-a-users-groups.html
https://www.gabescode.com/active-directory/2018/12/15/better-performance-activedirectory.html
UserPrincipal.GetGroups vs. UserPrincipal.GetAuthorizationGroups?
So GetGroups gets all groups of which the user is a direct member,
and GetAuthorizationGroups gets all authorization groups of which the user is a direct or indirect member.
I assume GetAuthorizationGroups() calls in to tokenGroups in AD. To read that, your service account (or IIS machine account if Network Service) needs to be in the Windows Authorization Access group in AD.
Escenario 1: Obtener grupos de un usuario
user.GetGroups() tiene limitaciones y bugs, problemas de rendimiento también.
https://www.gabescode.com/active-directory/2018/06/08/finding-all-of-a-users-groups.html
https://www.gabescode.com/active-directory/2018/12/15/better-performance-activedirectory.html
UserPrincipal.GetGroups vs. UserPrincipal.GetAuthorizationGroups?
So GetGroups gets all groups of which the user is a direct member,
and GetAuthorizationGroups gets all authorization groups of which the user is a direct or indirect member.
I assume GetAuthorizationGroups() calls in to tokenGroups in AD. To read that, your service account (or IIS machine account if Network Service) needs to be in the Windows Authorization Access group in AD.
Reply all
Reply to author
Forward
0 new messages