[英]Can I create a DirectorySearcher filter using only extensionAttribute4?
I'm using DirectorySearcher and I want to get all AD users that have not set extensionAttribute4.我正在使用 DirectorySearcher,我想获取所有未设置 extensionAttribute4 的 AD 用户。
Here I'm using this DirectorySearcher that returns all AD users but I need help that how can I change this DirectorySearcher in a way that it returns those AD users that have not set extensionAttribute4.在这里,我正在使用返回所有 AD 用户的 DirectorySearcher,但我需要帮助我如何更改此 DirectorySearcher,使其返回未设置 extensionAttribute4 的那些 AD 用户。 Any help will be highly appreciated.
任何帮助将不胜感激。
using (DirectorySearcher oSearch = new DirectorySearcher(oSearchRoot))
{
oSearch.Filter = "(&(objectClass=user)(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2))";
SearchResultCollection oResultCol = oSearch.FindAll();
}
You are already most of the way there.你已经走了大部分路。 This part:
这部分:
(objectClass=user)(objectCategory=person)
tells it to look for user objects.告诉它寻找用户对象。 So you want to keep that.
所以你想保留它。 This part:
这部分:
(!userAccountControl:1.2.840.113556.1.4.803:=2)
tells it to find accounts that do not have the second bit set on the userAccountControl
attribute (the second bit is a flag that means "disabled").告诉它查找未在
userAccountControl
属性上设置第二位的帐户(第二位是表示“禁用”的标志)。
So to find an account that does not have the extensionAttribute4
attribute set, you still use the !
因此,要查找没有设置
extensionAttribute4
属性的帐户,您仍然使用!
operator, but you use it with the wildcard operator *
, so it means "this attribute is not set to anything".运算符,但是您将它与通配符运算符
*
一起使用,因此它意味着“此属性未设置为任何内容”。
So your final filter will look like this:所以你的最终过滤器将如下所示:
(&(objectClass=user)(objectCategory=person)(!extensionAttribute4=*))
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.