从给定AD组中的Active Directory获取用户列表
[英]Get List of Users From Active Directory In A Given AD Group
问题描述
I have code that searches for all users in a department: 
我有搜索部门中所有用户的代码:
string Department = "Billing";
DirectorySearcher LdapSearcher = new DirectorySearcher();
LdapSearcher.PropertiesToLoad.Add("displayName");
LdapSearcher.PropertiesToLoad.Add("cn");
LdapSearcher.PropertiesToLoad.Add("department");
LdapSearcher.PropertiesToLoad.Add("title");
LdapSearcher.PropertiesToLoad.Add("memberOf");
LdapSearcher.Filter = string.Format("(&(objectClass=user)(department={0}))", Department);
SearchResultCollection src = LdapSearcher.FindAll();
What would the filter need to look like if I only wanted everyone in the "Manager Read Only" AD Group? 如果我只想要“经理只读”AD组中的每个人,那么过滤器需要看起来像什么?
Am I going about this all wrong? 我错了吗?
5 个解决方案
解决方案1
34 已采纳 2009-02-04 22:11:13
Looking at your search I have a couple of points for you. 看看你的搜索,我有几个要点。 First, the search uses objectClass (non-indexed) instead of objectCategory (indexed). 首先,搜索使用objectClass(非索引)而不是objectCategory(索引)。 Huge performance issue with that query. 该查询存在巨大的性能问题。 You would most always want to combine the two together depending on what you are trying to retrieve: 您总是希望将两者结合在一起,具体取决于您要检索的内容:
(&(objectCategory=person)(objectClass=user)) = All users (no contacts)
(&(objectCategory=person)(objectClass=contact)) = All contacts (no users)
(&(objectCategory=person)) = All users and contacts
As for looking up the users in a group you can enumerate the list of member objects of the specific group. 至于查找组中的用户,您可以枚举特定组的成员对象列表。 In the member attribute of the group object is the distinguishedName of each user. 在group对象的member属性中是每个用户的distinguishedName。
This article describes enumerating members of a group... 本文介绍枚举组的成员...
Don't forget that you may have to handle nested groups of the parent group, as there isn't a default way to handle this with LDAP queries. 不要忘记您可能必须处理父组的嵌套组,因为没有使用LDAP查询处理此方法的默认方法。 For that you may need to evaluate if the member object is a group and then get the member attribute for that child group. 为此,您可能需要评估成员对象是否为组,然后获取该子组的成员属性。
Lastly, you should get in the habit of specifying a dns prefix to your query. 最后,您应该养成为查询指定dns前缀的习惯。
Without DNS prefix: 没有DNS前缀:
LDAP://ou=ouname,dc=domain,dc=com
With DNS prefix (all three work): 使用DNS前缀(全部三个工作):
LDAP://servername/ou=ouname,dc=domain,dc=com
LDAP://servername.domain.com/ou=ouname,dc=domain,dc=com
LDAP://domain.com/ou=ouname,dc=domain,dc=com
A single domain won't cause you much issue but when you try and run a search in a multiple domain environment you will get bitten without this addition. 单个域不会给您带来太多问题,但是当您尝试在多域环境中运行搜索时,如果没有此添加,您将被咬住。 Hope this helps move you closer to your goal. 希望这有助于让您更接近目标。
解决方案2
11 2009-02-04 20:35:34
我总是找到Howto :(几乎)通过C#在Active Directory中的一切都有助于解决大多数AD问题。
解决方案3
6 2009-02-04 20:47:08
If you know the AD path to the group already it would probably be easier to open a DirectoryEntry on that, then do a DirectorySearcher from there. 如果您已经知道该组的AD路径,则可能更容易在其上打开DirectoryEntry,然后从那里执行DirectorySearcher。
using (DirectoryEntry de = new DirectoryEntry("LDAP://somedomain/CN=FooBar"))
{
DirectorySearcher search = new DirectorySearcher(de, ("(objectClass=user)"));
}
There is also a flag on the Searcher for whether to drill down to sub containers, I forget the name off hand. 搜索者还有一个标志,是否要钻到子容器,我忘了手边的名字。
解决方案4
3 2012-10-10 14:32:30
I use following code (from http://blogs.technet.com/b/brad_rutkowski/archive/2008/04/15/c-getting-members-of-a-group-the-easy-way-with-net-3-5-discussion-groups-nested-recursive-security-groups-etc.aspx ) it works fine. 我使用以下代码(来自http://blogs.technet.com/b/brad_rutkowski/archive/2008/04/15/c-getting-members-of-a-group-the-easy-way-with-net- 3-5-discussion-groups-nested-recursive-security-groups-etc.aspx )它工作正常。
IList<string> getMembers(string domainName, string groupName)
{
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domainName);
GroupPrincipal grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, groupName);
if (grp == null) {
throw new ApplicationException("We did not find that group in that domain, perhaps the group resides in a different domain?");
}
IList<string> members = new List<String>();
foreach (Principal p in grp.GetMembers(true))
{
members.Add(p.Name); //You can add more attributes, samaccountname, UPN, DN, object type, etc...
}
grp.Dispose();
ctx.Dispose();
return members;
}
解决方案5
0 2016-11-30 21:12:40
//Search for Group and list group members
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.DirectoryServices.AccountManagement;
namespace ExportActiveDirectoryGroupsUsers
{
class Program
{
static void Main(string[] args)
{
if (args == null)
{
Console.WriteLine("args is null, useage: ExportActiveDirectoryGroupsUsers OutputPath"); // Check for null array
}
else
{
Console.Write("args length is ");
Console.WriteLine(args.Length); // Write array length
for (int i = 0; i < args.Length; i++) // Loop through array
{
string argument = args[i];
Console.Write("args index ");
Console.Write(i); // Write index
Console.Write(" is [");
Console.Write(argument); // Write string
Console.WriteLine("]");
}
try
{
using (var ServerContext = new PrincipalContext(ContextType.Domain, ServerAddress, Username, Password))
{
/// define a "query-by-example" principal - here, we search for a GroupPrincipal
GroupPrincipal qbeGroup = new GroupPrincipal(ServerContext, args[0]);
// create your principal searcher passing in the QBE principal
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);
// find all matches
foreach (var found in srch.FindAll())
{
GroupPrincipal foundGroup = found as GroupPrincipal;
if (foundGroup != null)
{
// iterate over members
foreach (Principal p in foundGroup.GetMembers())
{
Console.WriteLine("{0}|{1}", foundGroup.Name, p.DisplayName);
// do whatever you need to do to those members
}
}
}
}
//Console.WriteLine("end");
}
catch (Exception ex)
{
Console.WriteLine("Something wrong happened in the AD Query module: " + ex.ToString());
}
Console.ReadLine();
}
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.