当前位置: 文江博客话题详情

获取 Active Directory 中某个组的所有用户

发布于 2024-12-12 02:48:05 字数 1898 浏览 0 评论 0原文

我试图获取 AD 中特定组的所有用户,然后返回映射到我的 Employee 类中的属性的员工列表。我有:

我的过滤器没有产生任何结果 - 应该是什么?

另外,我在这里尝试了第一个解决方案: 特定 Active Directory 通讯组中的用户列表,但我需要诸如移动电话、分机号等详细信息,但使用该方法无法获得这些信息。

public static List<Employee> CreateEmployeeList(string department)
{
    List<Employee> employees = new List<Employee>();
    string filter = string.Format("(&(ObjectClass=person)(memberOf=CN={0},OU=Users & Groups,OU=Blah,DC=Blah,DC=Blah,DC=Blah))", department);

    DirectoryEntry adRoot = new DirectoryEntry("LDAP://" + domain, null, null, AuthenticationTypes.Secure);
    DirectorySearcher searcher = new DirectorySearcher(adRoot);
    searcher.SearchScope = SearchScope.Subtree;
    searcher.ReferralChasing = ReferralChasingOption.All;
    searcher.Filter = filter;
    SearchResultCollection results = searcher.FindAll();

    foreach (SearchResult user in results)
    {
        // do whatever you need to do with the entry

        if (user != null)
        {
            UserDirectoryEntry = user.GetDirectoryEntry();
            string displayName = GetUserProperty("displayName");
            string firstName = GetUserProperty("givenName");
            string lastName = GetUserProperty("sn");
            string email = GetUserProperty("mail");
            string tel = GetUserProperty("telephonenumber");
            string extension = GetUserProperty("ipphone");
            string mobile = GetUserProperty("mobile");
            string title = GetUserProperty("description");
            employees.Add(new Employee{ FullName = displayName, FirstName = firstName, Surname = lastName, Email = email.ToLower(), Telephone = tel, Extension = extension, Mobile = mobile, JobTitle = title });
        }
    }
    return employees;
}
原文

I'm trying to get all users of a particular group in AD, then return a list of Employees as mapped to properties in my Employee class. I have:

My Filter is producing no results - what should it be?

Also, I tried the first solution here:
List of users in specific Active Directory Distribution Group, but I need details such as mobile, extension, etc. which I couldn't get with that method.

public static List<Employee> CreateEmployeeList(string department)
{
    List<Employee> employees = new List<Employee>();
    string filter = string.Format("(&(ObjectClass=person)(memberOf=CN={0},OU=Users & Groups,OU=Blah,DC=Blah,DC=Blah,DC=Blah))", department);

    DirectoryEntry adRoot = new DirectoryEntry("LDAP://" + domain, null, null, AuthenticationTypes.Secure);
    DirectorySearcher searcher = new DirectorySearcher(adRoot);
    searcher.SearchScope = SearchScope.Subtree;
    searcher.ReferralChasing = ReferralChasingOption.All;
    searcher.Filter = filter;
    SearchResultCollection results = searcher.FindAll();

    foreach (SearchResult user in results)
    {
        // do whatever you need to do with the entry

        if (user != null)
        {
            UserDirectoryEntry = user.GetDirectoryEntry();
            string displayName = GetUserProperty("displayName");
            string firstName = GetUserProperty("givenName");
            string lastName = GetUserProperty("sn");
            string email = GetUserProperty("mail");
            string tel = GetUserProperty("telephonenumber");
            string extension = GetUserProperty("ipphone");
            string mobile = GetUserProperty("mobile");
            string title = GetUserProperty("description");
            employees.Add(new Employee{ FullName = displayName, FirstName = firstName, Surname = lastName, Email = email.ToLower(), Telephone = tel, Extension = extension, Mobile = mobile, JobTitle = title });
        }
    }
    return employees;
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

清风不识月 2024-12-19 02:48:05
using (var context = new PrincipalContext(ContextType.Domain, "domainName"))
{
    using (var group = GroupPrincipal.FindByIdentity(context, "groupName"))
    {
        if (group == null)
        {
            MessageBox.Show("Group does not exist");
        }
        else
        {
            var users = group.GetMembers(true);
            foreach (UserPrincipal user in users)
            {
                 //user variable has the details about the user 
            }
        } 
    }
}

using (var context = new PrincipalContext(ContextType.Domain, "domainName"))
{
    using (var group = GroupPrincipal.FindByIdentity(context, "groupName"))
    {
        if (group == null)
        {
            MessageBox.Show("Group does not exist");
        }
        else
        {
            var users = group.GetMembers(true);
            foreach (UserPrincipal user in users)
            {
                 //user variable has the details about the user 
            }
        } 
    }
}
回复 原文
小糖芽 2024-12-19 02:48:05

这应该返回组中的所有 Active Directory 用户。

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.DirectoryServices;

namespace ADQuery
{
    class Program
    {
        static void Main(string[] args)
        {
            GetListOfAdUsersByGroup("domain", "group");
            Console.ReadLine();
        }

        public static void GetListOfAdUsersByGroup(string domainName, string groupName)
        {
            DirectoryEntry entry = new DirectoryEntry("LDAP://DC=" + domainName + ",DC=com");
            DirectorySearcher search = new DirectorySearcher(entry);
            string query = "(&(objectCategory=person)(objectClass=user)(memberOf=*))";
            search.Filter = query;
            search.PropertiesToLoad.Add("memberOf");
            search.PropertiesToLoad.Add("name");

            System.DirectoryServices.SearchResultCollection mySearchResultColl = search.FindAll();
            Console.WriteLine("Members of the {0} Group in the {1} Domain", groupName, domainName);
            foreach (SearchResult result in mySearchResultColl)
            {
                foreach (string prop in result.Properties["memberOf"])
                {
                    if (prop.Contains(groupName))
                    {
                        Console.WriteLine("    " + result.Properties["name"][0].ToString());
                    }
                }
            }
        }
    }
}

祝你好运!

This should return all Active Directory Users in a group.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.DirectoryServices;

namespace ADQuery
{
    class Program
    {
        static void Main(string[] args)
        {
            GetListOfAdUsersByGroup("domain", "group");
            Console.ReadLine();
        }

        public static void GetListOfAdUsersByGroup(string domainName, string groupName)
        {
            DirectoryEntry entry = new DirectoryEntry("LDAP://DC=" + domainName + ",DC=com");
            DirectorySearcher search = new DirectorySearcher(entry);
            string query = "(&(objectCategory=person)(objectClass=user)(memberOf=*))";
            search.Filter = query;
            search.PropertiesToLoad.Add("memberOf");
            search.PropertiesToLoad.Add("name");

            System.DirectoryServices.SearchResultCollection mySearchResultColl = search.FindAll();
            Console.WriteLine("Members of the {0} Group in the {1} Domain", groupName, domainName);
            foreach (SearchResult result in mySearchResultColl)
            {
                foreach (string prop in result.Properties["memberOf"])
                {
                    if (prop.Contains(groupName))
                    {
                        Console.WriteLine("    " + result.Properties["name"][0].ToString());
                    }
                }
            }
        }
    }
}

Good Luck!

回复 原文
可爱咩 2024-12-19 02:48:05

基于 Dalton 的示例,以下是获取组用户名的简洁代码:

static SortedSet<string> GetUsernames(string domainName, string groupName) {
  using (var pc = new PrincipalContext(ContextType.Domain, domainName))
  using (var gp = GroupPrincipal.FindByIdentity(pc, groupName))
    return gp == null ? null : new SortedSet<string>(
      gp.GetMembers(true).Select(u => u.SamAccountName));
}

Building on the example by Dalton, here's concise code to get group's usernames:

static SortedSet<string> GetUsernames(string domainName, string groupName) {
  using (var pc = new PrincipalContext(ContextType.Domain, domainName))
  using (var gp = GroupPrincipal.FindByIdentity(pc, groupName))
    return gp == null ? null : new SortedSet<string>(
      gp.GetMembers(true).Select(u => u.SamAccountName));
}
回复 原文
山人契 2024-12-19 02:48:05

以下代码将递归搜索嵌套域本地组和/或全局组以查找用户。您可以修改它以查看任何组的顺序以满足您的需要或返回您想要的任何类型的组。

// Set the list to return and get the group we are looking through.
List<UserPrincipal> list = new List<UserPrincipal>();
GroupPrincipal group = GroupPrincipal.FindByIdentity(new PrincipalContext(/* connection info here */), ((groupName.Length > 0) ? groupName : this.Properties.Name));

// For each member of the group add all Users.
foreach (Principal princ in group.Members)
{
    /*
    To change what you are looking for or how you are looking for it, 
    simply change some of the following conditions to match what you want.
    */

    // If this member is a User then add them.
    if (princ.StructuralObjectClass == "user")
    {
        list.Add(UserPrincipal.FindByIdentity(new PrincipalContext(/* connection info here */), princ.Name);
    }

    // If we are looking recursively and this member is a GL_Group then get the Users in it and add them.
    if (recursive && (princ.StructuralObjectClass == "group") && (((GroupPrincipal)princ).GroupScope == GroupScope.Global))
    {
        list.AddRange(this.GetUsers(true, princ.Name));
    }
}
return list;

The following code will search through nested domain local groups and/or global groups recursively to find users. You can modify this to look through any order of groups to suit what you need or to return any kind of group that you want.

// Set the list to return and get the group we are looking through.
List<UserPrincipal> list = new List<UserPrincipal>();
GroupPrincipal group = GroupPrincipal.FindByIdentity(new PrincipalContext(/* connection info here */), ((groupName.Length > 0) ? groupName : this.Properties.Name));

// For each member of the group add all Users.
foreach (Principal princ in group.Members)
{
    /*
    To change what you are looking for or how you are looking for it, 
    simply change some of the following conditions to match what you want.
    */

    // If this member is a User then add them.
    if (princ.StructuralObjectClass == "user")
    {
        list.Add(UserPrincipal.FindByIdentity(new PrincipalContext(/* connection info here */), princ.Name);
    }

    // If we are looking recursively and this member is a GL_Group then get the Users in it and add them.
    if (recursive && (princ.StructuralObjectClass == "group") && (((GroupPrincipal)princ).GroupScope == GroupScope.Global))
    {
        list.AddRange(this.GetUsers(true, princ.Name));
    }
}
return list;
回复 原文
摇划花蜜的午后 2024-12-19 02:48:05

在这篇文章中我写了一些在 ActiveDirectory 2003 和 2008 R2 中工作的东西。我使用 Microsoft LDAP_MATCHING_RULE_IN_CHAIN。该服务使用DirectoryServices。请小心这段代码,因为存在双重搜索。

但您也可以使用管理 .NET Framework 3.5 中的目录安全主体< /a>.您可以阅读这篇文章。您必须获取 GroupPrincipal 并且您正在寻找 Members 属性。 StackOverflow 中还存在其他条目。

In this post I wrote something working in an ActiveDirectory 2003 ans 2008 R2. I use Microsoft LDAP_MATCHING_RULE_IN_CHAIN. This service use DirectoryServices. Be careful in this code as there is a double search.

But you can also do it using Managing Directory Security Principals in the .NET Framework 3.5. You can read this other post. You have to get a GroupPrincipal and you are looking for Members property. It also exists other entries in StackOverflow.

回复 原文
~没有更多了~

关于作者

不弃不离

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

已经忘了多久

文章 0 评论 0

15867725375

文章 0 评论 0

LonelySnow

文章 0 评论 0

走过海棠暮

文章 0 评论 0

轻许诺言

文章 0 评论 0

信馬由缰

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文