問題描述
我正在嘗試通過 Active Directory 遞歸地獲取用戶的所有直接報告.所以給定一個用戶,我最終會得到一個所有用戶的列表,這些用戶有這個人作為經理,或者有一個人作為經理,有一個人作為經理......最終將輸入用戶作為經理.
I'm trying to get all the direct reports of a User through Active Directory, recursively. So given a user, i will end up with a list of all users who have this person as manager or who have a person as manager who has a person as manager ... who eventually has the input user as manager.
我目前的嘗試相當緩慢:
My current attempt is rather slow:
private static Collection<string> GetDirectReportsInternal(string userDN, out long elapsedTime)
{
Collection<string> result = new Collection<string>();
Collection<string> reports = new Collection<string>();
Stopwatch sw = new Stopwatch();
sw.Start();
long allSubElapsed = 0;
string principalname = string.Empty;
using (DirectoryEntry directoryEntry = new DirectoryEntry(string.Format("LDAP://{0}",userDN)))
{
using (DirectorySearcher ds = new DirectorySearcher(directoryEntry))
{
ds.SearchScope = SearchScope.Subtree;
ds.PropertiesToLoad.Clear();
ds.PropertiesToLoad.Add("directReports");
ds.PropertiesToLoad.Add("userPrincipalName");
ds.PageSize = 10;
ds.ServerPageTimeLimit = TimeSpan.FromSeconds(2);
SearchResult sr = ds.FindOne();
if (sr != null)
{
principalname = (string)sr.Properties["userPrincipalName"][0];
foreach (string s in sr.Properties["directReports"])
{
reports.Add(s);
}
}
}
}
if (!string.IsNullOrEmpty(principalname))
{
result.Add(principalname);
}
foreach (string s in reports)
{
long subElapsed = 0;
Collection<string> subResult = GetDirectReportsInternal(s, out subElapsed);
allSubElapsed += subElapsed;
foreach (string s2 in subResult)
{
result.Add(s2);
}
}
sw.Stop();
elapsedTime = sw.ElapsedMilliseconds + allSubElapsed;
return result;
}
本質上,這個函數將一個可分辨的名稱作為輸入(CN=Michael Stum,OU=test,DC=sub,DC=domain,DC=com),因此,對 ds.FindOne() 的調用很慢.
Essentially, this function takes a distinguished Name as input (CN=Michael Stum, OU=test, DC=sub, DC=domain, DC=com), and with that, the call to ds.FindOne() is slow.
我發現搜索 userPrincipalName 的速度要快得多.我的問題:sr.Properties["directReports"] 只是一個字符串列表,也就是distinguishedName,搜索起來似乎很慢.
I found that it is a lot faster to search for the userPrincipalName. My Problem: sr.Properties["directReports"] is just a list of strings, and that is the distinguishedName, which seems slow to search for.
我想知道,有沒有一種快速的方法可以在 distinctName 和 userPrincipalName 之間進行轉換?或者,如果我只有可使用的專有名稱,是否有更快的方法來搜索用戶?
I wonder, is there a fast way to convert between distinguishedName and userPrincipalName? Or is there a faster way to search for a user if I only have the distinguishedName to work with?
感謝您的回答!搜索經理字段將功能從 90 秒改進為 4 秒.這是新的和改進的代碼,它更快、更易讀(請注意,elapsedTime 功能中很可能存在錯誤,但該函數的實際核心是有效的):
Thanks to the answer! Searching the Manager-Field improved the function from 90 Seconds to 4 Seconds. Here is the new and improved code, which is faster and more readable (note that there is most likely a bug in the elapsedTime functionality, but the actual core of the function works):
private static Collection<string> GetDirectReportsInternal(string ldapBase, string userDN, out long elapsedTime)
{
Collection<string> result = new Collection<string>();
Stopwatch sw = new Stopwatch();
sw.Start();
string principalname = string.Empty;
using (DirectoryEntry directoryEntry = new DirectoryEntry(ldapBase))
{
using (DirectorySearcher ds = new DirectorySearcher(directoryEntry))
{
ds.SearchScope = SearchScope.Subtree;
ds.PropertiesToLoad.Clear();
ds.PropertiesToLoad.Add("userPrincipalName");
ds.PropertiesToLoad.Add("distinguishedName");
ds.PageSize = 10;
ds.ServerPageTimeLimit = TimeSpan.FromSeconds(2);
ds.Filter = string.Format("(&(objectCategory=user)(manager={0}))",userDN);
using (SearchResultCollection src = ds.FindAll())
{
Collection<string> tmp = null;
long subElapsed = 0;
foreach (SearchResult sr in src)
{
result.Add((string)sr.Properties["userPrincipalName"][0]);
tmp = GetDirectReportsInternal(ldapBase, (string)sr.Properties["distinguishedName"][0], out subElapsed);
foreach (string s in tmp)
{
result.Add(s);
}
}
}
}
}
sw.Stop();
elapsedTime = sw.ElapsedMilliseconds;
return result;
}
推薦答案
首先,當您已經擁有要查找的 DN 時,不需要將 Scope 設置為subtree".
First off, setting Scope to "subtree" is unnecessary when you already have the DN you are looking for.
此外,如何查找manager"屬性是您要查找的人的所有對象,然后迭代它們.這通常應該比其他方式更快.
Also, how about finding all objects whose "manager" property is the person you look for, then iterating them. This should generally be faster than the other way around.
(&(objectCategory=user)(manager=<user-dn-here>))
以下內容很重要,但到目前為止僅在對此答案的評論中提及:
當過濾器字符串按上述方式構建時,存在用對 DN 有效但在過濾器中具有特殊含義的字符破壞它的風險.這些必須轉義:
When the filter string is built as indicated above, there is the risk of breaking it with characters that are valid for a DN, but have special meaning in a filter. These must be escaped:
* as 2a
( as 28
) as 29
as 5c
NUL as
主站蜘蛛池模板:
97视频在线播放
|
福利视频在线
|
亚洲永久免费视频
|
麻豆成人91精品二区三区
|
久久久久久久久国产
|
亚洲欧洲视频
|
干少妇视频
|
国产精品香蕉
|
日韩国产在线
|
欧美精品在线观看视频
|
91在线看片|
四虎免费视频
|
亚洲综合自拍
|
亚洲淫片
|
国产精选av|
91一区二区
|
欧美激情一区二区三区
|
日本中文字幕在线观看
|
亚洲欧美日韩一区
|
欧美日韩精品一区二区三区
|
亚洲在线一区
|
婷婷综合
|
看毛片网站
|
糖心vlog精品一区二区
|
免费午夜视频
|
视频一二三区
|
一区二区免费视频
|
91欧美日韩
|
亚洲天堂视频在线
|
中文字幕在线免费观看视频
|
h片免费看
|
欧美日日日
|
91亚洲国产
|
久久久黄色片
|
超碰免费在线观看
|
天天干网
|
国产wwwwww|
曰韩毛片|
成人毛片在线
|
色婷婷色
|
国产欧美日韩
|