UserPrincipal GetUnderlyingObject：缺少属性

Question

我试图加载属性physicalDeliveryOfficeName从DirectoryEntry它由UserPrincipal实例的GetUnderlyingObject方法返回：

DirectoryEntry directoryEntry = principal.GetUnderlyingObject() as DirectoryEntry;

这意味着以下语句返回false：

directoryEntry.Properties.Contains("physicalDeliveryOfficeName");

我知道可以通过在使用所述DirectorySearcher时将名称添加到StringCollection DirectorySearcher.PropertiesToLoad来加载此属性。

我的问题是，为什么GetUnderlyingObject方法返回的DirectoryEntry不包含所有属性？ 如何在不使用DirectorySearcher情况下加载此属性？

Answer 1

访问DirectoryEntry的所有字段是一个可能缓慢而繁重的操作。 某些字段可能无法复制到所有域控制器，因此引入这些值可能需要访问远程且访问速度较慢的全局编录（GC）服务器。

一旦掌握了DirectoryEntry并且想要提取特定值，就可以调用RefreshCache方法，并为其传递所需属性的名称。

Answer 2

使用RefreshCache ：

        UserPrincipal up = ...
        using (DirectoryEntry de = up.GetUnderlyingObject() as DirectoryEntry)
        {
            foreach (var name in de.Properties.PropertyNames)
            {
                Console.WriteLine(name);
            }
            Console.WriteLine();

            // The canonicalName attribute is operational (also called constructed). 
            // Active Directory does not actually save the value, but calculates it on demand. This is probably the issue. In ADSI we use the GetInfoEx

            de.RefreshCache(new string[] { "canonicalName" });
            var canonicalName = de.Properties["canonicalName"].Value as string;
        }

PropertyNames ：

objectClass
cn
sn
givenName
distinguishedName
instanceType
whenCreated
whenChanged
displayName
uSNCreated
memberOf
uSNChanged
nTSecurityDescriptor
name
objectGUID
userAccountControl
badPwdCount
codePage
countryCode
badPasswordTime
lastLogoff
lastLogon
pwdLastSet
primaryGroupID
objectSid
accountExpires
logonCount
sAMAccountName
sAMAccountType
userPrincipalName
objectCategory
dSCorePropagationData
lastLogonTimestamp

缺少canonicalName属性。