与TFS 2015交互(内部部署)
我正在创建一个导出文件,其中包含特定TFS集合的所有TFS项目、用户及其关联的TFS组。(使用ITeamProjectCollectionService、IIdentityManagementService)
我注意到我也收到了被禁用的广告用户。如何将禁用的AD用户从该列表中筛选出来?我没有直接访问AD环境的权限。Microsoft.TeamFoundation.Server.Identity不包含此属性。
Uri configurationServerUri = new Uri(environmentConfig.Uri);
TfsConfigurationServer configurationServer = TfsConfigurationServerFactory.GetConfigurationServer(configurationServerUri);
var tpcService = configurationServer.GetService<ITeamProjectCollectionService>();
foreach (TeamProjectCollection tpc in tpcService.GetCollections())
{
var tfsProjectCollection = new TfsTeamProjectCollection(new Uri(environmentConfig.Uri + "/" + tpc.Name), environmentCredential);
var vcs = tfsProjectCollection.GetService<VersionControlServer>();
var sec = tfsProjectCollection.GetService<IGroupSecurityService>();
var teamProjects = vcs.GetAllTeamProjects(false);
foreach (var teamProject in teamProjects)
{
var appGroups = sec.ListApplicationGroups(teamProject.ArtifactUri.AbsoluteUri);
foreach (var group in appGroups)
{
Identity[] groupMembers = sec.ReadIdentities(SearchFactor.Sid, new string[] { group.Sid }, QueryMembership.Expanded);
foreach (Identity member in groupMembers)
{
if (member.Members != null)
{
foreach (string memberSid in member.Members)
{
Identity memberInfo = sec.ReadIdentity(SearchFactor.Sid, memberSid, QueryMembership.Expanded);
if (memberInfo.Type != IdentityType.WindowsUser)
continue;
result.Add(new TfsPermission { Collection = tfsProjectCollection.Name, TeamProject = teamProject.Name,
User = memberInfo.AccountName, Domain = memberInfo.Domain, Group = group.DisplayName });
}
}
}
}
}
}致以最好的问候,Jens
回答 1
Stack Overflow用户
发布于 2017-03-10 14:54:01
您可以使用memberInfo.Domain == "DomainName"来判断此帐户是否为AD帐户。通常,如果标识是在TFS中添加的windows帐户,则其memberInfo.Domain属性等于服务器名称而不是域名。
foreach (string memberSid in member.Members)
{
Identity memberInfo = sec.ReadIdentity(SearchFactor.Sid, memberSid, QueryMembership.Expanded);
if (memberInfo.Type == IdentityType.WindowsUser && memberInfo.Domain == "DomainName")
{
result.Add(new TfsPermission
{
Collection = tfsProjectCollection.Name,
TeamProject = teamProject.Name,
User = memberInfo.AccountName,
Domain = memberInfo.Domain,
Group = group.DisplayName
});
}
}然后检查这些帐户是否在AD中被禁用,就像Starain所说的那样,使用TFS API无法做到这一点。但你可以使用下面的方法来帮助你检查上面得到的每个帐户,如果它在AD:find if user account is enabled or disabled in AD中被禁用了
const string accountName = "name"; // The accountName of AD user
var principalContext = new PrincipalContext(ContextType.Domain, "domainNameHere", "AdminUser", "AdminPass");
var userPrincipal = UserPrincipal.FindByIdentity(principalContext, accountName);
if (userPrincipal != null)
{
var dirEntry = userPrincipal.GetUnderlyingObject() as DirectoryEntry;
var status = IsAccountDisabled(dirEntry);
}
//Jugde if it is disabled in AD
public static bool IsAccountDisabled(DirectoryEntry user)
{
const string uac = "userAccountControl";
if (user.NativeGuid == null) return false;
if (user.Properties[uac] != null && user.Properties[uac].Value != null)
{
var userFlags = (UserFlags)user.Properties[uac].Value;
return userFlags.Contains(UserFlags.AccountDisabled);
}
return false;
}但是,memberInfo.Type只能区分身份是用户帐户还是TFS组。众所周知,当您设置某人的权限时,您会选择添加帐号或TFS组。
https://stackoverflow.com/questions/42699566
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号