列出活动目录中的所有计算机

Question

Im wondering how to get a list of all computers / machines / pc from active directory?我想知道如何从活动目录中获取所有计算机/机器/个人电脑的列表？

(Trying to make this page a search engine bait, will reply myself. If someone has a better reply il accept that ) （试图让这个页面成为搜索引擎的诱饵，我自己会回复。如果有人有更好的回复，我会接受）

Answer 1

If you have a very big domain, or your domain has limits configured on how how many items can be returned per search, you might have to use paging. 如果您的网域很大，或者您的网域配置了每次搜索可以返回多少项的限制，则可能必须使用分页。

using System.DirectoryServices;  //add to references

public static List<string> GetComputers()
{
    List<string> ComputerNames = new List<string>();

    DirectoryEntry entry = new DirectoryEntry("LDAP://YourActiveDirectoryDomain.no");
    DirectorySearcher mySearcher = new DirectorySearcher(entry);
    mySearcher.Filter = ("(objectClass=computer)");
    mySearcher.SizeLimit = int.MaxValue;
    mySearcher.PageSize = int.MaxValue;

    foreach(SearchResult resEnt in mySearcher.FindAll())
    {
        //"CN=SGSVG007DC"
        string ComputerName = resEnt.GetDirectoryEntry().Name;
        if (ComputerName.StartsWith("CN="))
            ComputerName = ComputerName.Remove(0,"CN=".Length);
        ComputerNames.Add(ComputerName);
    }

    mySearcher.Dispose();
    entry.Dispose();

    return ComputerNames;
}

Answer 2

What EKS suggested is correct , but is performing a little bit slow . EKS的建议是正确的 ，但执行速度有点慢。

The reason for that is the call to GetDirectoryEntry() on each result. 这样做的原因是对每个结果调用GetDirectoryEntry() 。 This creates a DirectoryEntry object, which is only needed if you need to modify the active directory (AD) object. 这将创建DirectoryEntry对象，仅当您需要修改活动目录（AD）对象时才需要。 It's OK if your query would return a single object, but when listing all object in AD, this greatly degrades performance. 如果您的查询返回单个对象就可以了，但是在AD中列出所有对象时，这会大大降低性能。

If you only need to query AD, its better to just use the Properties collection of the result object. 如果只需要查询AD，最好使用结果对象的Properties集合。 This will improve performance of the code several times. 这将多次提高代码的性能。

This is explained in documentation for SearchResult class : SearchResult类的文档中对此进行了说明：

Instances of the SearchResult class are very similar to instances of DirectoryEntry class. SearchResult类的实例与DirectoryEntry类的实例非常相似。 The crucial difference is that the DirectoryEntry class retrieves its information from the Active Directory Domain Services hierarchy each time a new object is accessed, whereas the data for SearchResult is already available in the SearchResultCollection , where it gets returned from a query that is performed with the DirectorySearcher class. 关键的区别在于，每次访问新对象时， DirectoryEntry类都会从Active Directory域服务层次结构中检索其信息，而SearchResult的数据已经在SearchResultCollection提供了，在该结果中，该数据是通过使用DirectorySearcher类。

Here is an example on how to use the Properties collection: 这是有关如何使用Properties集合的示例：

public static List<string> GetComputers()
{
    List<string> computerNames = new List<string>();

    using (DirectoryEntry entry = new DirectoryEntry("LDAP://YourActiveDirectoryDomain.no")) {
        using (DirectorySearcher mySearcher = new DirectorySearcher(entry)) {
            mySearcher.Filter = ("(objectClass=computer)");

            // No size limit, reads all objects
            mySearcher.SizeLimit = 0;

            // Read data in pages of 250 objects. Make sure this value is below the limit configured in your AD domain (if there is a limit)
            mySearcher.PageSize = 250; 

            // Let searcher know which properties are going to be used, and only load those
            mySearcher.PropertiesToLoad.Add("name");

            foreach(SearchResult resEnt in mySearcher.FindAll())
            {
                // Note: Properties can contain multiple values.
                if (resEnt.Properties["name"].Count > 0)
                {
                    string computerName = (string)resEnt.Properties["name"][0];
                    computerNames.Add(computerName);
                }
            }
        }
    }

    return computerNames;
}

Documentation for SearchResult.Properties SearchResult.Properties文档

Note that properties can have multiple values, that is why we use Properties["name"].Count to check the number of values. 请注意，属性可以有多个值，这就是为什么我们使用Properties["name"].Count来检查值的数量的原因。

To improve things even further, use the PropertiesToLoad collection to let the searcher know what properties you are going to use in advance. 为了进一步改善PropertiesToLoad ，请使用PropertiesToLoad集合让搜索者提前知道您将要使用哪些属性。 This allows the searcher to only read the data that is actually going to be used. 这使搜索者只能读取实际将要使用的数据。

Note that the DirectoryEntry and DirectorySearcher objects should be properly disposed in order to release all resources used. 请注意， DirectoryEntry和DirectorySearcher对象应正确处理，以释放所有使用的资源。 Its best done with a using clause. 最好using子句。

Answer 3

像这样的LDAP查询： (objectCategory=computer)应该可以解决问题。

Answer 4

if you only want to get the enabled computers:如果您只想获得启用的计算机：

(&(objectclass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

列出活动目录中的所有计算机

问题描述

4 个解决方案

解决方案1
26 已采纳 2009-10-22 07:37:57

解决方案2
12 2016-08-23 10:32:36

解决方案3
1 2009-11-06 09:17:41

解决方案4
1 2022-05-05 10:03:44

列出活动目录中的所有计算机

问题描述

4 个解决方案

解决方案1 26 已采纳 2009-10-22 07:37:57

解决方案2 12 2016-08-23 10:32:36

解决方案3 1 2009-11-06 09:17:41

解决方案4 1 2022-05-05 10:03:44

解决方案1
26 已采纳 2009-10-22 07:37:57

解决方案2
12 2016-08-23 10:32:36

解决方案3
1 2009-11-06 09:17:41

解决方案4
1 2022-05-05 10:03:44