Jus*_*son 7 .net active-directory
我正在尝试从活动目录组中获取用户列表和有关用户的一些属性.
更新:
以下是我目前拥有的两种方法:
Dim adGroup As New DirectoryEntry("LDAP://CN=MyGroup,OU=Groups,OU=Accounts,OU=All,DC=domain,DC=com")
Dim adMembers As Object
Dim objUser As ActiveDirectoryUser
Dim objUserList As New List(Of ActiveDirectoryUser)
Dim directoryEntry As DirectoryEntry
adMembers = adGroup.Invoke("Members", Nothing)
For Each adMember As Object In CType(adMembers, IEnumerable)
directoryEntry = New DirectoryEntry(adMember)
objUser = New ActiveDirectoryUser
objUser.UserId = directoryEntry.Properties.Item("sAMAccountName").Value.ToString()
objUser.Contract = directoryEntry.Properties.Item("ou").Value.ToString()
objUser.LastName = directoryEntry.Properties.Item("sn").Value.ToString()
objUser.FirstName = directoryEntry.Properties.Item("givenName").Value.ToString()
objUser.Email = directoryEntry.Properties.Item("mail").Value.ToString()
objUserList.Add(objUser)
Next
第一部分有效,但看起来效率很低.我的内存使用率随着执行而攀升和爬升,我得到了这个错误,虽然它看起来可以修复.第二种方法:
Dim results As SearchResultCollection
Dim directoryEntry2 As New DirectoryEntry("LDAP://DC=domain,DC=com")
Dim directorySearcher As New DirectorySearcher(directoryEntry2)
directorySearcher.PageSize = 1000
directorySearcher.Filter = "(&(objectCategory=person)" & _
"(objectClass=user)" & _
"(memberOf=CN=MyGroup,OU=Groups,OU=Accounts,OU=All,DC=domain,DC=com))"
directorySearcher.PropertiesToLoad.Add("ou")
directorySearcher.PropertiesToLoad.Add("sn")
directorySearcher.PropertiesToLoad.Add("givenName")
directorySearcher.PropertiesToLoad.Add("sAMAccountName")
directorySearcher.PropertiesToLoad.Add("mail")
results = directorySearcher.FindAll
结果计数似乎与应用程序的每次执行有所不同,我觉得很奇怪.我不确定这是否是一种让用户恢复的可靠方式,或者我是否需要修改我的搜索内容?
mar*_*c_s 15
如果可以,请升级到.NET 3.5并使用新改进的System.DirectoryServices.AccountManagement命名空间.在.NET Framework 3.5中管理目录安全主体中可以找到这些新类的简介.
有了这个,你的工作变得微不足道:
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN");
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "MyGroup");
PrincipalSearchResult<Principal> members = group.GetMembers();
那对你有用吗?
如果您不能使用.NET 3.5,则应检查member该组的属性.组成员不会在逻辑上作为子级存储在层次结构中的组下面,因此您无法使用a找到它们DirectorySearcher.
DirectoryEntry group = new DirectoryEntry("LDAP://CN=MyGroup,OU=Groups,OU=All,DC=Domain,DC=com");
foreach(object groupMemberDN in group.Properties["member"])
{
// grab the group member's DN
}
有关此代码段的MSDN库,请参阅Active Directory 的C#代码示例快速列表(或Visual Basic .NET中的相同代码示例).
更新:如果您需要属于特定组的用户(因为您要更新其属性或其他内容),您可以撤消该方法:搜索具有memberOf与组的DN等效的属性的所有用户:
DirectoryEntry root = new DirectoryEntry("LDAP://dc=domain,dc=com");
DirectorySearcher searcher = new DirectorySearcher(root);
searcher.Filter = "(&(objectCategory=user)(memberOf=CN=MyGroup,OU=Groups,OU=All,DC=Domain,DC=com))";
// set other properties on the searcher
foreach(object result in searcher.FindAll())
{
// do whatever you need to do with the entry
}