读取/过滤活动目录的分发组子组？

发布于 2024-09-07 11:26:41 字数 238 浏览 6 评论 0原文

我有一个域为 myDomain.local 的 Active Directory，其下存在一个包含许多组的分发组。
我如何（以编程方式）读取所有这些子组以检索其名称列表？
以及如何优化查询来过滤结果，以便它只检索以单词 Region 结尾的所有组？
顺便说一句，我正在使用 C#.Net、ASP.Net 和 sharepoint，而且我对 AD 没有经验。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

凡尘雨 2024-09-14 11:26:41

如果您使用的是 .NET 3.5（或可以升级到它），则可以通过 System.DirectoryServices.AccountManagement 命名空间使用此代码：

// create the "context" in which to operate - your domain here, 
// as the old-style NetBIOS domain, and the container where to operate in
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN", "cn=Distribution Group,dc=YourDomain,dc=local");

// define a "prototype" - an example of what you're searching for
// Here: just a simple GroupPrincipal - you want all groups
GroupPrincipal prototype = new GroupPrincipal(ctx);

// define a PrincipalSearcher to find those principals that match your prototype
PrincipalSearcher searcher = new PrincipalSearcher(prototype);

// define a list of strings to hold the group names        
List<string> groupNames = new List<string>();

// iterate over the result of the .FindAll() call
foreach(var gp in searcher.FindAll())
{
    // cast result to GroupPrincipal
    GroupPrincipal group = gp as GroupPrincipal;

    // if everything - grab the group's name and put it into the list
    if(group != null)
    {
       groupNames.Add(group.Name);
    }
}

这满足您的需求吗？

有关 System.DirectoryServices.AccountManagement 命名空间的详细信息，请阅读 MSDN 杂志中的管理 .NET Framework 3.5 中的目录安全主体文章。

If you're on .NET 3.5 (or can upgrade to it), you can use this code using the System.DirectoryServices.AccountManagement namespace:

// create the "context" in which to operate - your domain here, 
// as the old-style NetBIOS domain, and the container where to operate in
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN", "cn=Distribution Group,dc=YourDomain,dc=local");

// define a "prototype" - an example of what you're searching for
// Here: just a simple GroupPrincipal - you want all groups
GroupPrincipal prototype = new GroupPrincipal(ctx);

// define a PrincipalSearcher to find those principals that match your prototype
PrincipalSearcher searcher = new PrincipalSearcher(prototype);

// define a list of strings to hold the group names        
List<string> groupNames = new List<string>();

// iterate over the result of the .FindAll() call
foreach(var gp in searcher.FindAll())
{
    // cast result to GroupPrincipal
    GroupPrincipal group = gp as GroupPrincipal;

    // if everything - grab the group's name and put it into the list
    if(group != null)
    {
       groupNames.Add(group.Name);
    }
}

Does that satisfy your needs?

For more info on the System.DirectoryServices.AccountManagement namespace, read the Managing Directory Security Principals in the .NET Framework 3.5 article in MSDN magazine.

回复收藏 0 原文

帅冕 2024-09-14 11:26:41

这是我提出的解决方案；对于那些有兴趣的人：

public ArrayList getGroups()
{
    // ACTIVE DIRECTORY AUTHENTICATION DATA
    string ADDomain = "myDomain.local";
    string ADBranchsOU = "Distribution Group";
    string ADUser = "Admin";
    string ADPassword = "password";

    // CREATE ACTIVE DIRECTORY ENTRY 
    DirectoryEntry ADRoot 
        = new DirectoryEntry("LDAP://OU=" + ADBranchsOU
                             + "," + getADDomainDCs(ADDomain),
                             ADUser, 
                             ADPassword);

    // CREATE ACTIVE DIRECTORY SEARCHER
    DirectorySearcher searcher = new DirectorySearcher(ADRoot);
    searcher.Filter = "(&(objectClass=group)(cn=* Region))";
    SearchResultCollection searchResults = searcher.FindAll();

    // ADDING ACTIVE DIRECTORY GROUPS TO LIST
    ArrayList list = new ArrayList();
    foreach (SearchResult result in searchResults)
    {
        string groupName = result.GetDirectoryEntry().Name.Trim().Substring(3);
        list.Add(groupName);
    }
    return list; 
}

public string getADDomainDCs(string ADDomain)
{
    return (!String.IsNullOrEmpty(ADDomain)) 
        ? "DC=" + ADDomain.Replace(".", ",DC=") 
        : ADDomain;
}

Here's the solution I made; for those who are interested:

public ArrayList getGroups()
{
    // ACTIVE DIRECTORY AUTHENTICATION DATA
    string ADDomain = "myDomain.local";
    string ADBranchsOU = "Distribution Group";
    string ADUser = "Admin";
    string ADPassword = "password";

    // CREATE ACTIVE DIRECTORY ENTRY 
    DirectoryEntry ADRoot 
        = new DirectoryEntry("LDAP://OU=" + ADBranchsOU
                             + "," + getADDomainDCs(ADDomain),
                             ADUser, 
                             ADPassword);

    // CREATE ACTIVE DIRECTORY SEARCHER
    DirectorySearcher searcher = new DirectorySearcher(ADRoot);
    searcher.Filter = "(&(objectClass=group)(cn=* Region))";
    SearchResultCollection searchResults = searcher.FindAll();

    // ADDING ACTIVE DIRECTORY GROUPS TO LIST
    ArrayList list = new ArrayList();
    foreach (SearchResult result in searchResults)
    {
        string groupName = result.GetDirectoryEntry().Name.Trim().Substring(3);
        list.Add(groupName);
    }
    return list; 
}

public string getADDomainDCs(string ADDomain)
{
    return (!String.IsNullOrEmpty(ADDomain)) 
        ? "DC=" + ADDomain.Replace(".", ",DC=") 
        : ADDomain;
}

回复收藏 0 原文

~没有更多了~