使用 OU 的部分路径在 Active Directory 中搜索 OU

发布于 2024-11-04 11:19:12 字数 495 浏览 8 评论 0原文

AD 查询语法中是否有一种方法可以通过搜索 OU 的部分路径来查找 OU 的完整路径？

例如，我的 OU 的完整路径是：

OU=Clerks,OU=OfficeA,OU=Administration,DC=domain,DC=local

现在，我想尝试使用部分路径搜索并查找该对象：

OU=Clerks,OU=OfficeA

我希望能够搜索类似以下内容的内容：

(&(objectCategory=organizationalUnit)(path=Clerks/OfficeA*))

我找不到任何语法如何完成类似事情的示例。我正在开发的程序要求我获取许多 OU 的路径，这些 OU 在 OU 的最后两层中都具有共同的结构，但是它们可以嵌套在域中的任何给定深度。如果我可以像这样进行搜索，那么只需通过最后两个 OU 嵌套级别搜索即可轻松获得完整路径。

原文

Is there a way in AD Query syntax, to find an OU's full path by searching on its partial path?

For example, the full path to my OU is:

OU=Clerks,OU=OfficeA,OU=Administration,DC=domain,DC=local

Now, I'd like to try and search and find that object by using the partial path:

OU=Clerks,OU=OfficeA

I'd like to be able to search something like:

(&(objectCategory=organizationalUnit)(path=Clerks/OfficeA*))

I can't find any syntax examples of how to accomplish something like this. A program I'm developing requires that I get the paths to a lot of OU's which all have a common structure in the last two levels of OU's, however they can be nested at any given depth in the domain otherwise. If I can search somehow like this, it would be easy to get the full path just searching by the last two OU nested levels.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

情话已封尘 2024-11-11 11:19:13

您想要做的事情存在于纯 LDAP 实现中，它是一个名为 ExtensibleMatch 的功能，它似乎在这篇 wiki 文章。您还可以在此处找到一些有用的示例。

但它在 Active-Directory 中不存在

，因此这里有一个用 C# 编写的方法，它利用 DirectoryEntry 的 Parent 属性。

   static List<DirectoryEntry> OuInTheFormOf(DirectoryEntry deBase, string ou1, string ou2)
    {
      List<DirectoryEntry> deList = null;

      /* Directory Search
       */
      DirectorySearcher dsLookFor = new DirectorySearcher(deBase);
      dsLookFor.Filter = ou1;
      dsLookFor.SearchScope = SearchScope.Subtree;
      dsLookFor.PropertiesToLoad.Add("ou");

      SearchResultCollection srcOUs = dsLookFor.FindAll();

      if (srcOUs.Count != 0)
      {
        deList = new List<DirectoryEntry>();

        foreach (SearchResult srOU in srcOUs)
        {
          DirectoryEntry deOU = srOU.GetDirectoryEntry();
          if (deOU.Parent.Name.ToUpper() == ou2.ToUpper())
            deList.Add(deOU);
        }
      }
      return deList;
    }

这是用法：

  /* Connection to Active Directory
   */
  DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/dc=dom,dc=fr");

  List<DirectoryEntry> l = OuInTheFormOf(deBase, "ou=Clerks", "ou=OfficeA");

  foreach (DirectoryEntry deTmp in l)
  {
    Console.WriteLine(deTmp.Properties["distinguishedName"].Value);
  }

The thing you want to do exists on pure LDAP implementation it's a feature called ExtensibleMatch wich seems to be correctly explained in this wiki article . You will also found something helpfull examples here.

But it's not present in Active-Directory

So here is a method writen in C# that exploit the Parent propertie of a DirectoryEntry.

   static List<DirectoryEntry> OuInTheFormOf(DirectoryEntry deBase, string ou1, string ou2)
    {
      List<DirectoryEntry> deList = null;

      /* Directory Search
       */
      DirectorySearcher dsLookFor = new DirectorySearcher(deBase);
      dsLookFor.Filter = ou1;
      dsLookFor.SearchScope = SearchScope.Subtree;
      dsLookFor.PropertiesToLoad.Add("ou");

      SearchResultCollection srcOUs = dsLookFor.FindAll();

      if (srcOUs.Count != 0)
      {
        deList = new List<DirectoryEntry>();

        foreach (SearchResult srOU in srcOUs)
        {
          DirectoryEntry deOU = srOU.GetDirectoryEntry();
          if (deOU.Parent.Name.ToUpper() == ou2.ToUpper())
            deList.Add(deOU);
        }
      }
      return deList;
    }

Here is the usage :

  /* Connection to Active Directory
   */
  DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/dc=dom,dc=fr");

  List<DirectoryEntry> l = OuInTheFormOf(deBase, "ou=Clerks", "ou=OfficeA");

  foreach (DirectoryEntry deTmp in l)
  {
    Console.WriteLine(deTmp.Properties["distinguishedName"].Value);
  }

回复收藏 0 原文

~没有更多了~