問題描述
我試圖弄清楚如何從 C# 搜索 AD,類似于查找用戶、聯系人和組"在 Active Directory 用戶和計算機工具中的工作方式.我有一個包含組名或用戶名的字符串(通常格式為 firstname middleinitial [if they have one] lastname,但并非總是如此).即使我對組和用戶進行單獨的查詢,我也無法想出一種可以捕獲大多數用戶帳戶的搜索方法.查找用戶、聯系人和組工具幾乎每次都會將它們帶回來.有人有什么建議嗎?
I'm trying to figure out how to search AD from C# similarly to how "Find Users, Contacts, and Groups" works in the Active Directory Users and Computers tool. I have a string that either contains a group name, or a user's name (usually in the format firstname middleinitial [if they have one] lastname, but not always). Even if I do a seperate query for groups vs. users, I can't come up with a way to search that captures most user accounts. The Find Users, Contacts, and Groups tool brings them back almost every time. Anyone have any suggestions?
我已經知道如何使用 DirectorySearcher 類,問題是我找不到可以執行我想要的查詢.cn 和 samaccount 名稱都與此中的用戶名無關,因此我無法搜索這些名稱.拆分并搜索 sn 和 givenName 并沒有像該工具那樣捕獲任何地方.
I already know how to use the DirectorySearcher class, the issue is that I can't find a query that does what I'd like. Neither cn nor samaccount name has anything to do with the user's name in this, so I'm unable to search on those. Splitting things up and searching on sn and givenName doesn't catch anywhere near as much as that tool does.
推薦答案
您使用 .NET 3.5 嗎?如果是這樣 - AD 在 .NET 3.5 中有很棒的新功能 - 查看這篇文章 在 .NET 3.5 中管理目錄安全主體,作者 Ethan Wilanski 和 Joe Kaplan.
Are you on .NET 3.5 ? If so - AD has great new features in .NET 3.5 - check out this article Managing Directory Security Principals in .NET 3.5 by Ethan Wilanski and Joe Kaplan.
其中一個重要的新功能是PrincipalSearcher"類,它應該可以大大簡化在 AD 中查找用戶和/或組的過程.
One of the big new features is a "PrincipalSearcher" class which should greatly simplify finding users and/or groups in AD.
如果您不能使用 .NET 3.5,可以讓您的生活更輕松的一件事稱為歧義名稱解析",它是一種鮮為人知的特殊搜索過濾器,可以一次性搜索幾乎所有與名稱相關的屬性.
If you cannot use .NET 3.5, one thing that might make your life easier is called "Ambiguous Name Resolution", and it's a little known special search filter that will search in just about any name-related attribute all at once.
像這樣指定您的 LDAP 搜索查詢:
Specify your LDAP search query like this:
searcher.Filter = string.Format("(&(objectCategory=person)(anr={0}))", yourSearchTerm)
另外,我建議過濾objectCategory"屬性,因為它是單值的并且在 AD 中默認索引,這比使用objectClass"快很多.
Also, I would recommend filtering on the "objectCategory" attribute, since that's single-valued and indexed by default in AD, which is a lot faster than using "objectClass".
馬克
這篇關于如何從 C# 中找到活動目錄中的用戶?的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網!