如何使用C#按用户名搜索Active Directory?
[英]How can I search Active Directory by username using C#?
问题描述
I'm trying to search active directory by the username 'admin'. 
我正在尝试使用用户名“admin”搜索活动目录。 I know for a fact that there is a user with that username in the directory, but the search keeps coming back with nothing. 我知道在目录中有一个用户使用该用户名的事实,但搜索一直没有回来。
var attributeName = "userPrincipalName";
var searchString = "admin"
var ent = new DirectoryEntry("LDAP://"dc=corp,dc=contoso,dc=com")
var mySearcher = new DirectorySearcher(ent);
mySearcher.Filter = string.Format("(&(objectClass=user)({0}={1}))", attributeName, searchString);
var userResult = mySearcher.FindOne();
userResult always ends up null. userResult总是以null结尾。 I would love to know why, there must be something that I'm missing. 我很想知道为什么,必须有一些我不知道的东西。
5 个解决方案
解决方案1
7 2013-05-31 20:19:28
If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. 如果您使用的是.NET 3.5及更高版本,则应该查看System.DirectoryServices.AccountManagement (S.DS.AM)命名空间。 Read all about it here: 在这里阅读所有相关内容:
- Managing Directory Security Principals in the .NET Framework 3.5 管理.NET Framework 3.5中的目录安全性主体
- MSDN docs on System.DirectoryServices.AccountManagement System.DirectoryServices.AccountManagement上的MSDN文档
Basically, you can define a domain context and easily find users and/or groups in AD: 基本上,您可以定义域上下文并轻松查找AD中的用户和/或组:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "admin");
if(user != null)
{
// do something here....
}
With this code, you'll be searching for that user by the following attributes: 使用此代码,您将通过以下属性搜索该用户:
-
DistinguishedName: The identity is a Distinguished Name (DN).DistinguishedName:标识是专有名称(DN)。 -
Guid: The identity is a Globally Unique Identifier (GUID).Guid:身份是全球唯一标识符(GUID)。 -
Name: The identity is a name.Name:身份是一个名称。 -
SamAccountName: The identity is a Security Account Manager (SAM) name.SamAccountName:标识是安全帐户管理器(SAM)名称。 -
Sid: The identity is a Security Identifier (SID) in Security Descriptor Definition Language (SDDL) format.Sid:标识是安全描述符定义语言(SDDL)格式的安全标识符(SID)。 -
UserPrincipalName: The identity is a User Principal Name (UPN).UserPrincipalName:标识是用户主体名称(UPN)。
The new S.DS.AM makes it really easy to play around with users and groups in AD! 新的S.DS.AM使得在AD中与用户和群组玩游戏变得非常容易!
解决方案2
3 2016-11-22 21:32:20
this should work 这应该工作
private void showUsers(string pUserName)
{
string uid = Properties.Settings.Default.uid;
string pwd = Properties.Settings.Default.pwd;
using (var context = new PrincipalContext(ContextType.Domain, "YOURDOMAIN", uid, pwd))
{
using (UserPrincipal user = new UserPrincipal(context))
{
user.SamAccountName = pUserName;
using (var searcher = new PrincipalSearcher(user))
{
foreach (var result in searcher.FindAll())
{
DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
Console.WriteLine("First Name: " + de.Properties["givenName"].Value);
Console.WriteLine("Last Name : " + de.Properties["sn"].Value);
Console.WriteLine("SAM account name : " + de.Properties["samAccountName"].Value);
Console.WriteLine("User principal name: " + de.Properties["userPrincipalName"].Value);
Console.WriteLine("Mail: " + de.Properties["mail"].Value);
PrincipalSearchResult<Principal> groups = result.GetGroups();
foreach (Principal item in groups)
{
Console.WriteLine("Groups: {0}: {1}", item.DisplayName, item.Name);
}
Console.WriteLine();
}
}
}
}
Console.WriteLine("End");
Console.ReadLine();
}
解决方案3
2 2013-05-31 20:38:08
if you want to stick to DirectorySearcher, try searching by cn or samaccountname instead 如果您想坚持使用DirectorySearcher,请尝试使用cn或samaccountname搜索
var attributeName = "cn";
var searchString = "admin"
var ent = new DirectoryEntry("LDAP://"dc=corp,dc=contoso,dc=com")
var mySearcher = new DirectorySearcher(ent);
mySearcher.Filter = string.Format("(&(objectcategory=user)({0}={1}))", attributeName, searchString);
var userResult = mySearcher.FindOne();
解决方案4
2 已采纳 2013-06-04 17:10:47
It turns out that "userPrincipalName" needed to be all lower-case ("userprincipalname"). 事实证明,“userPrincipalName”必须全部为小写(“userprincipalname”)。 Good to know, thanks for your responses. 很高兴知道,感谢您的回复。
解决方案5
0 2013-08-06 18:49:01
var attributeName = "userPrincipalName";
var = "admin"
You need change filter like this 您需要像这样更改过滤器
string filter="(&(objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)(attributeName =searchString))";
var ent = new DirectoryEntry("LDAP://"dc=corp,dc=contoso,dc=com")
var mySearcher = new DirectorySearcher(ent);
mySearcher.Filter = filter;
var userResult = mySearcher.FindOne();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.