当前位置: 文江博客话题详情

从 AD 获取用户详细信息很慢

发布于 2024-12-12 18:10:15 字数 1530 浏览 2 评论 0原文

我使用以下代码来获取有关特定部门的员工的大量信息,并从 AD 返回一个列表...

虽然它有效,但似乎很慢,是否有更有效的方法从 AD 获取各种用户详细信息?

public static List<Employee> GetEmployeeListForDepartment(string departpment)
        {
            using (HostingEnvironment.Impersonate())
            {

                PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domain);
                GroupPrincipal gp = GroupPrincipal.FindByIdentity(ctx, departpment);
                PrincipalSearchResult<Principal> members = gp.GetMembers();
                List<Employee> employees = new List<Employee>();
                foreach (var member in members)
                {
                    var emp = CreateEmployee(member);
                    employees.Add(emp);
                }
                return employees.OrderBy(x => x.FirstName).ToList();
            }
        }

        private static Employee CreateEmployee(Principal member)
        {
            if (member != null)
            {
                DirectoryEntry de = (member.GetUnderlyingObject() as DirectoryEntry);
                if (de != null)
                {

                    string mobile = de.Properties.Contains("mobile") ? de.Properties["mobile"][0].ToString() : "";
                    string title = de.Properties.Contains("description") ? de.Properties["description"][0].ToString() : "";

//ETC ETC...
                    return new Employee { etc.. };

                }

            }
            return new Employee();
        }
原文

Im using the following code to get a bunch of information about employees from specific departments and returning a list from AD...

Whilst it works, it appears to be quite slow, is a there more efficient way of getting various user details from AD?

public static List<Employee> GetEmployeeListForDepartment(string departpment)
        {
            using (HostingEnvironment.Impersonate())
            {

                PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domain);
                GroupPrincipal gp = GroupPrincipal.FindByIdentity(ctx, departpment);
                PrincipalSearchResult<Principal> members = gp.GetMembers();
                List<Employee> employees = new List<Employee>();
                foreach (var member in members)
                {
                    var emp = CreateEmployee(member);
                    employees.Add(emp);
                }
                return employees.OrderBy(x => x.FirstName).ToList();
            }
        }

        private static Employee CreateEmployee(Principal member)
        {
            if (member != null)
            {
                DirectoryEntry de = (member.GetUnderlyingObject() as DirectoryEntry);
                if (de != null)
                {

                    string mobile = de.Properties.Contains("mobile") ? de.Properties["mobile"][0].ToString() : "";
                    string title = de.Properties.Contains("description") ? de.Properties["description"][0].ToString() : "";

//ETC ETC...
                    return new Employee { etc.. };

                }

            }
            return new Employee();
        }

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

金兰素衣 2024-12-19 18:10:15

你的问题是你正在使用 System.DirectoryServices.AccountManagement...虽然我讨厌这么说,但可悲的是事实。 AccountManagement 在底层的工作方式是运行单独的 LDAP 查询来单独检索每个项目。因此,当您遍历成员时,它会通过 LDAP 为每个成员进行单独的回调。您想要做的是使用 System.DirectoryServices.DirectorySearcher 运行 LDAP 查询。

我的假设是,部门是一个团体,具体取决于您如何使用它。我将这样做。 (我的代码是在 VB.Net 中...抱歉)。确保获取您的组的完全限定 DN,或者提前查找并将其插入查询中。

Dim results = LDAPQuery("(memberOf=CN=Fully,OU=Qualified,DC=Group,DC=Distinguished,DC=Name)", New String() {"mobile", "description"})

Dim emps = (from c as System.DirectoryServices.SearchResult in results _
             Select New Employee() {.Name = c.Properties("description"), .Mobile = c.Properties("mobile")}).ToList()

Public Function LDAPQuery(ByVal query As String, ByVal attributes As String()) As SearchResultCollection
    'create directory searcher from CurrentADContext (no special security available)
    Dim ds As New DirectorySearcher(System.DirectoryServices.ActiveDirectory.Domain.GetCurrentDomain().GetDirectoryEntry())
    ds.PageSize = 1000

    'set filter string
    ds.Filter = query

    'specify properties to retrieve
    ds.PropertiesToLoad.AddRange(attributes)

    'get results
    Dim results As SearchResultCollection = ds.FindAll()

    Return results
End Function

Your problem is that you are using System.DirectoryServices.AccountManagement... While I hate saying it, it's sadly the truth. The way AccountManagement works under the hood is that it runs a seperate LDAP query to retrieve each item seperately. So when you iterate through members it's making a seperate call back through LDAP for each member. What you want to do instead is run an LDAP query using System.DirectoryServices.DirectorySearcher.

My assumption is that department is a group, based on how you are using it. Here is how I would do it. (my code is in VB.Net... sorry). Make sure to get the fully qualified DN for your group, or look it up in advance and plug it into the query.

Dim results = LDAPQuery("(memberOf=CN=Fully,OU=Qualified,DC=Group,DC=Distinguished,DC=Name)", New String() {"mobile", "description"})

Dim emps = (from c as System.DirectoryServices.SearchResult in results _
             Select New Employee() {.Name = c.Properties("description"), .Mobile = c.Properties("mobile")}).ToList()

Public Function LDAPQuery(ByVal query As String, ByVal attributes As String()) As SearchResultCollection
    'create directory searcher from CurrentADContext (no special security available)
    Dim ds As New DirectorySearcher(System.DirectoryServices.ActiveDirectory.Domain.GetCurrentDomain().GetDirectoryEntry())
    ds.PageSize = 1000

    'set filter string
    ds.Filter = query

    'specify properties to retrieve
    ds.PropertiesToLoad.AddRange(attributes)

    'get results
    Dim results As SearchResultCollection = ds.FindAll()

    Return results
End Function
回复 原文
永言不败 2024-12-19 18:10:15

您应该能够直接使用 Active Directory API。

其中大部分都可以在“System.DirectoryServices”下找到,

我没有任何代码可以完成您所需要的操作,但大约一年前我的博客上确实有一篇文章,展示了如何创建本地用户帐户在 AD 中,所有这些都根据需要使用相同的程序集来获取用户信息。

http://shawtyds.wordpress。 com/2010/12/08/a-little-bit-of-ldap-here-there/

注意:AD 本质上很慢,所以你很有可能如果您有一个大目录,可能无法获得更快的速度。

You should be able to use the Active Directory API directly.

Most of it is available under 'System.DirectoryServices'

I don't have any code to hand to do exactly what you need, but I do have an article on my Blog from about a year back, that shows how to create local user accounts in AD, all of which uses the same assemblies as needed to get user information.

http://shawtyds.wordpress.com/2010/12/08/a-little-bit-of-ldap-here-there/

NOTE: AD however by it's very nature is slow, so there's a good chance you might not be able to get any faster if you have a large directory.

回复 原文
~没有更多了~

关于作者

我的鱼塘能养鲲

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

达拉崩吧

文章 0 评论 0

PANGOO

文章 0 评论 0

kkgtx

文章 0 评论 0

WordPress小学生

文章 0 评论 0

酷炫老祖宗

文章 0 评论 0

硪扪都還晓

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文