stackoom
  简体   繁体   中英

LDAP query to get only OUs having atleast one Group in it from Active Directory

 原文  2011-10-18 13:13:48       c#/ .net/ active-directory

Question

Looking for LDAP query to get only those OUs from Active Directory having group in it.

most important is only using LDAP query, I don't want to filter each OU using C# code.

Thanks

2 answers

solution1
 0  2011-10-18 14:06:46

Groups can be stored in organizationalUnits but also in domain, containers.

Using DirectoryEntry or AccountManagement you can do the following :

  1. Find all the groups from the domain root
  2. Foreach group add the container property to a list of OUs
  3. Get unique entries from the list of OUs

Here is a solution using System.DirectoryServices.AccountManagement and System.DirectoryServices 

/* Retreiving a principal context
 */
PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "jpb", "PWD");

/* Look for all the groups from the root
 */
GroupPrincipal allGroups = new GroupPrincipal(domainContext);
allGroups.Name = "*";


/* Bind a searcher
 */
PrincipalSearcher searcher = new PrincipalSearcher();
searcher.QueryFilter = allGroups;
PrincipalSearchResult<Principal> hRes = searcher.FindAll();

/* Read The result
 */
List<DirectoryEntry> listContainerWithGroups = new List<DirectoryEntry>();
foreach (GroupPrincipal grp in hRes)
{
  DirectoryEntry deGrp = grp.GetUnderlyingObject() as DirectoryEntry;
  if (deGrp != null)
    listContainerWithGroups.Add(deGrp.Parent);
}

/* Get Unique Entries
 */
var listContainerWithGroupsUnique = from o in listContainerWithGroups
                                    group o by o.Properties["distinguishedName"].Value into dePackets
                                    select dePackets.First();
foreach (DirectoryEntry deTmp in listContainerWithGroupsUnique)
{
  Console.WriteLine(deTmp.Properties["distinguishedName"].Value);
}

solution2
 0  2011-10-21 02:08:10

This isn't possible with a single search. You'll need to grab each OU and then do a one-level search of that OU for (&(objectCategory=group)(objectClass=group)). This is not going to be particuarly efficient when you consider how many searches you might need to perform. Also consider whether or not you need to handle the scenario where you have OU=A\\OU=B. If OU=B includes the group, do you include OU=A (the parent)?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Error to get user group from Active Directory use LDAP in mono Getting All OUs from a Active Directory How do I get group description of a user from external active directory using LDAP Authenticating to multiple OUs in Active Directory C# list sub OUs from Active Directory Searching Users in Multiple OUS in Active Directory Is it possible to get Group Notes from Active Directory? Get all users from Active Directory group get contacts and users from active directory group get all users from a group in Active Directory
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM