带有子结果的 LDAP 查询
我已经为此绞尽脑汁有一段时间了,但无法让它发挥作用。我有一个 LDAP 查询,我确实在 AD 用户和计算机中工作,但不知道如何在 C# 中以编程方式执行它。
以下是我在 AD 工具中正常运行的 LDAP 查询: (memberOf=CN=AccRght,OU=Groups,OU=P,OU=Server,DC=mydomain,DC=com)(objectCategory=user)(objectClass=user) (l=City)
我已使用此代码来获取用户帐户以获取 CN=AccRght 的成员,但我没有成功限制属于特定城市的用户。
public StringCollection GetGroupMembers(string strDomain, string strGroup)
{
StringCollection groupMemebers = new StringCollection();
try
{
DirectoryEntry ent = new DirectoryEntry("LDAP://DC=" + strDomain + ",DC=com");
DirectorySearcher srch = new DirectorySearcher("(CN=" + strGroup + ")");
SearchResultCollection coll = srch.FindAll();
foreach (SearchResult rs in coll)
{
ResultPropertyCollection resultPropColl = rs.Properties;
foreach( Object memberColl in resultPropColl["member"])
{
DirectoryEntry gpMemberEntry = new DirectoryEntry("LDAP://" + memberColl);
System.DirectoryServices.PropertyCollection userProps = gpMemberEntry.Properties;
object obVal = userProps["sAMAccountName"].Value;
if (null != obVal)
{
groupMemebers.Add(obVal.ToString());
}
}
}
}
catch (Exception ex)
{
Console.Write(ex.Message);
}
return groupMemebers;
}
感谢您的帮助!
I have been banging my head for quite a while with this and can't get it to work. I have a LDAP Query I do have working in AD Users and Computers but dont know how to do it programatically in C#.
Here are my LDAP Query that works fine in the AD Tool: (memberOf=CN=AccRght,OU=Groups,OU=P,OU=Server,DC=mydomain,DC=com)(objectCategory=user)(objectClass=user)(l=City)
I have used this code to get the user accounts to get members of CN=AccRght but I'm not succeeding on limiting users belonging to a specific city.
public StringCollection GetGroupMembers(string strDomain, string strGroup)
{
StringCollection groupMemebers = new StringCollection();
try
{
DirectoryEntry ent = new DirectoryEntry("LDAP://DC=" + strDomain + ",DC=com");
DirectorySearcher srch = new DirectorySearcher("(CN=" + strGroup + ")");
SearchResultCollection coll = srch.FindAll();
foreach (SearchResult rs in coll)
{
ResultPropertyCollection resultPropColl = rs.Properties;
foreach( Object memberColl in resultPropColl["member"])
{
DirectoryEntry gpMemberEntry = new DirectoryEntry("LDAP://" + memberColl);
System.DirectoryServices.PropertyCollection userProps = gpMemberEntry.Properties;
object obVal = userProps["sAMAccountName"].Value;
if (null != obVal)
{
groupMemebers.Add(obVal.ToString());
}
}
}
}
catch (Exception ex)
{
Console.Write(ex.Message);
}
return groupMemebers;
}
Thanks for any help!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
嗯,基本上您需要的只是将工具中使用的 LDAP 过滤器传输到 DirectorySearcher 中 - 类似这样:
应该将该过滤器应用于您的搜索,例如,您现在应该只返回该特定城市的用户。
请务必查看这篇 MSDN 文章 在 .NET Framework 3.5 中管理目录安全主体 - S.DS.AM 的精彩介绍! :-)
Well, basically all you need is to transfer that LDAP filter you're using in the tool into your DirectorySearcher - something like this:
That should apply that filter to your search, e.g. you should now only get back users for that specific city.
Definitely check out this MSDN article Managing Directory Security Principals in the .NET Framework 3.5 - excellent intro to S.DS.AM ! :-)
如果您实际上正在寻找一种递归枚举组成员的方法,也许您需要使用 memberof 的递归版本(您可以通过使用
(memberof:1.2.840.113556.1.4.1941:=(cn= Group1,OU=groupsOU,DC=x)))语法)。更多信息请参见:http://msdn.microsoft.com /en-us/library/aa746475(VS.85).aspx
If you are actually looking for a way to recursively enumerate group members, maybe you need to use the recursive version of memberof (which you can achieve by using the
(memberof:1.2.840.113556.1.4.1941:=(cn=Group1,OU=groupsOU,DC=x)))syntax).More info here: http://msdn.microsoft.com/en-us/library/aa746475(VS.85).aspx