如何使用 C# 和 ADODB 查询 Active Directory?
寻找使用 C# 通过 ADODB 连接到 Active Directory 的示例。
我的目标是能够运行查找,根据用户属性(用户 ID、电子邮件地址等)验证用户在 Active Directory 中是否有效。
[想强调的是,使用 ADODB 是对此的要求,使用 DirectoryServices 不是有效的响应。]
我当前的方法不起作用(cmd.Execute 位例外):
object parms = null;
object recs = null;
ADODB.Connection conn = new ADODB.Connection();
ADODB.Command cmd = new ADODB.Command();
ADODB.Recordset rs = new ADODB.Recordset();
conn.Open("Provider=ADsDSOObject",obfsUser,obfsPass,0);
cmd.ActiveConnection = conn;
cmd.CommandText = "<LDAP://OU=obfsOU,DC=obfsDC,DC=corp,DC=Net>;;name;subtree";
rs = cmd.Execute(out recs, ref parms, 0);
我不确定我是否/在哪里应该提供服务器引用,但我不太确定通过 ref 传递到 cmd.Execute 方法的参数应该是什么。 关于通过 ADODB 从 C# 连接到 ActiveDirectory 的文档并不多。
conn.State 返回 1 所以我相信我正在建立一个活跃的连接。 我认为问题出在传递给 cmd.Execute() 方法的参数中。
Looking for an example of connecting via ADODB to Active Directory using C#.
My goal is to be able to run a lookup to verify that a user is valid in Active Directory based on one that of that users attributes (user id, email address, etc).
[Would like to stress that using ADODB is a requirement for this, using DirectoryServices is not a valid response.]
My current approach isn't working (exception at cmd.Execute bit):
object parms = null;
object recs = null;
ADODB.Connection conn = new ADODB.Connection();
ADODB.Command cmd = new ADODB.Command();
ADODB.Recordset rs = new ADODB.Recordset();
conn.Open("Provider=ADsDSOObject",obfsUser,obfsPass,0);
cmd.ActiveConnection = conn;
cmd.CommandText = "<LDAP://OU=obfsOU,DC=obfsDC,DC=corp,DC=Net>;;name;subtree";
rs = cmd.Execute(out recs, ref parms, 0);
I'm not sure if/where I'm supposed to provide the server reference and I'm not really sure what the parameteres passed into the cmd.Execute method by ref should be. Not a ton of documentation out there for connecting to ActiveDirectory from C# via ADODB.
conn.State is returning 1 so I believe I am getting an active connection. I think the problem is in the parameters passed to the cmd.Execute() method.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
查看 Richard Mueller 在 Active Directory 上的网站 - 他专门有一个关于 AD 的 ADO 搜索提示的页面:
http: //www.rlmueller.net/ADOSearchTips.htm
他的网站上还有大量优秀的参考资料,例如包含所有 AD 属性及其特征的 Excel 工作表。
强烈推荐!
马克
Check out Richard Mueller's web site on Active Directory - he specifically has a page on ADO Search Tips for AD:
http://www.rlmueller.net/ADOSearchTips.htm
There's also a slew of excellent reference material on his web site, like Excel sheets with all the AD properties and their characteristics.
Highly recommended!
Marc
这有效。
希望这可以帮助其他有与我相同需求和问题的人。
[注意缺少 ADODB.Command 对象以及使用 SQL 格式而不是 ADSI 格式进行查询。]
This works.
Hope this helps someone else having the same need and problems I had.
[Note the lack of an ADODB.Command object and the use of SQL format for the query instead of ADSI format.]
ScottCher 的答案有效,但它有局限性,特别是您无法处理 1000 条记录结果限制。 要做到这一点,唯一的方法是使用 Command 对象,相信我,这是一个雷区,因为 (a) 没有关于 C# 接口的良好文档,并且 (b) 令人难以置信截至撰写本文时,还没有可以通过 Google 搜索到的完整解决方案。
我花了最后几天的时间来解决这个问题,并取得了一些成果,我想将这些成果回馈给我阅读过的所有资源,其中包含各种拼图的碎片。
首先,正如很多地方所指出的(不幸的是,只有 VB 示例!),如果您不做一些特殊的事情,那么所有 ADSI 查询都将限制为 1000 行结果。 避免这种情况的关键是在 Command 对象上设置“Page Size”属性。 我们稍后会介绍这一点,但首先我们需要使用命令来进行基本查询。 如果您在此线程中使用原始代码,您将在 cmd.Execute 上收到异常,抱怨参数不匹配。 您可能认为传入 null 作为 ref 对象就足够了,特别是因为 LDAP 语法(显然)没有参数。
我在两个地方找到了这个问题的答案。 首先,即使您没有显式指定参数,LDAP SQL 语法中的“:”似乎也足以使 ADO 认为参数是必需的。 奇怪,但似乎是真的。 方法是将值设置为 Type.Missing,而不是 null,如下所示:
其次,指定“无参数”情况的正确
对象参数 = Type.Missing;
这是让 Execute 不抛出异常的关键。
现在,通过有效的命令,我们现在可以解决 1000 行的限制。 这“简单”地通过在命令上指定“页面大小”属性来实现,但从 C# 界面中可以明显看出,它与 C# 属性不同。 您需要将其放入 Properties 集合中,但这不会公开一个很好的集合接口来执行此操作。 经过一番尝试和错误后,正确的语法是:
cmd.Properties["页面大小"].Value = 500;
我认为页面大小到底是什么并不重要(仍在考虑),但将其设置为足以告诉 ADSI 获取所有结果。 我真诚地希望这对某人有帮助。
The answer by ScottCher works but it has limitations, notably that you cannot deal with the 1000 record result limit. To do that, the only way is to use a Command object, and believe me, that is a minefield because there is (a) no good documentation on the C# interfaces, and (b) there is incredibly no full solution that can be Googled as of this writing.
I have spent the last bunch of days on this, and have something working that I would like to give back to all the sources I have read with various bits and pieces to the puzzle.
First, as noted in a ton of places (sadly with VB examples only!), if you don't do something special then all ADSI queries are limited to 1000 rows of results. The key to avoiding this is to set the "Page Size" property on the Command object. We'll get to that in a sec, but first we need to get the basic query working using a Command. If you use the original code in this thread, you will get an exception on cmd.Execute complaining about parameters mismatching. You would think that passing in null as the ref object would suffice, especially since the LDAP syntax does not (apparently) have parameters.
I found the answer to this in two places. First, even though you are not explicitly specifying parameters, it would seem that the ":" in the LDAP SQL syntax is enough to make ADO think that parameters are required. Odd, but seemingly true. Second, the CORRECT way to specify the "no parameters" case is to set the value to Type.Missing, not null, as in:
object parms = Type.Missing;
This was key to getting Execute to not throw an exception.
Now with a working Command we can now address the 1000 row limit. This is "simply" by specifying the "Page Size" property on the Command but, as it obvious from the C# interface, it is not the same as a C# property. You need to put it into the Properties collection, but this does not expose a nice collection interface to do that with. After some trial and error, the correct syntax is:
cmd.Properties["Page Size"].Value = 500;
I don't think it is important exactly what the page size is (still playing with that) but setting it to something is enough to tell ADSI to get all the results. And I sincerely hope this helps somebody.