在 Active Directory 中搜索全局域
如果我有以下 AD 域路径:
AD 路径:
LDAP://AAA.CORP.XX.COMLDAP://BBB.CORP.XX.COMLDAP://CCC.BBB.CORP.XX.COMLDAP://DDD.CORP.XX.COMLDAP://EEE.CORP.XX.COMLDAP://FFF.CORP.XX.COM
我需要在上述域中搜索用户是否存在于其中之一。
我当前的解决方案:
我循环遍历上面的所有域,对于每个域,我检查用户是否存在,并且在上面的其中一个域花费了 6-7 秒,其余的花费了不到 1 秒。
建议的提高性能的解决方案:
- 尝试在父域中搜索用户,该父域应该是
LDAP://CORP.XX.COM,这样它将节省搜索次数,而不是每个域的 5 次搜索1 搜索父域 - 尝试使用“全局目录”==>我在这里需要 guid(带有 C# 代码的教程)
哪种解决方案可以更好地增强性能问题?
If I have the following AD domains path:
AD Paths :
LDAP://AAA.CORP.XX.COMLDAP://BBB.CORP.XX.COMLDAP://CCC.BBB.CORP.XX.COMLDAP://DDD.CORP.XX.COMLDAP://EEE.CORP.XX.COMLDAP://FFF.CORP.XX.COM
I need to search in the above domains for user if exist in one of them or not .
My current solution:
I looped via all domains above and for each domain I check if the user existed or not and at one of domains above it took from 6-7 seconds and the rest took less than 1 second.
Proposed solutions to enhance performance:
- Try to search for user in the parent domain that should be
LDAP://CORP.XX.COMso It will save number of searching instead of 5 searches for each domain to be 1 search for parent domain - Try to use the "Global Catalog" ==> I need guid here (tutorial with C# code)
Which solution is better to enhance performance issue ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
发布评论
评论(3)
信仰2024-12-29 01:40:02
这是我编写并在多个地方使用的一个类,查看这些方法以了解您可以使用什么。
using System;
using System.Text;
using System.Collections;
using System.DirectoryServices;
using System.Diagnostics;
using System.Data.Common;
namespace Vertex_VVIS.SourceCode
{
public class LdapAuthentication
{
private String _path;
private String _filterAttribute;
public LdapAuthentication(String path)
{
_path = path;
}
public bool IsAuthenticated(String domain, String username, String pwd)
{
String domainAndUsername = domain + @"\" + username;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, pwd);
try
{ //Bind to the native AdsObject to force authentication.
// Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (null == result)
{
return false;
}
//Update the new path to the user in the directory.
_path = result.Path;
_filterAttribute = (String)result.Properties["cn"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
return true;
}
public String GetName(string username)
{
String thename = null;
try
{
DirectoryEntry de = new DirectoryEntry(_path);
DirectorySearcher ds = new DirectorySearcher(de);
ds.Filter = String.Format("(SAMAccountName={0})", username);
ds.PropertiesToLoad.Add("displayName");
SearchResult result = ds.FindOne();
if (result.Properties["displayName"].Count > 0)
{
thename = result.Properties["displayName"][0].ToString();
}
else
{
thename = "NA";
}
}
catch (Exception ex)
{
throw new Exception("Error Getting Name. " + ex.Message);
}
return thename.ToString();
}
public String GetEmailAddress(string username)
{
String theaddress = null;
try
{
DirectoryEntry de = new DirectoryEntry(_path);
DirectorySearcher ds = new DirectorySearcher(de);
ds.Filter = String.Format("(SAMAccountName={0})", username);
ds.PropertiesToLoad.Add("mail");
SearchResult result = ds.FindOne();
theaddress = result.Properties["mail"][0].ToString();
de.Close();
}
catch (Exception ex)
{
throw new Exception("Error Getting Email Address. " + ex.Message);
}
return theaddress.ToString();
}
public String GetTitle(string username)
{
String thetitle = null;
try
{
DirectoryEntry de = new DirectoryEntry(_path);
DirectorySearcher ds = new DirectorySearcher(de);
ds.Filter = String.Format("(SAMAccountName={0})", username);
ds.PropertiesToLoad.Add("title");
SearchResult result = ds.FindOne();
result.GetDirectoryEntry();
if (result.Properties["title"].Count > 0)
{
thetitle = result.Properties["title"][0].ToString();
}
else
{
thetitle = "NA";
}
}
catch (Exception ex)
{
throw new Exception("Error Getting the Title. " + ex.Message);
}
return thetitle.ToString();
}
public String GetPhone(string username)
{
String thephone = null;
try
{
DirectoryEntry de = new DirectoryEntry(_path);
DirectorySearcher ds = new DirectorySearcher(de);
ds.Filter = String.Format("(SAMAccountName={0})", username);
ds.PropertiesToLoad.Add("mobile");
SearchResult result = ds.FindOne();
result.GetDirectoryEntry();
if (result.Properties["mobile"].Count > 0)
{
thephone = result.Properties["mobile"][0].ToString();
}
else
{
thephone = "NA";
}
}
catch (Exception ex)
{
throw new Exception("Error Getting Phone Number. " + ex.Message);
}
return thephone.ToString();
}
public String GetGroups()
{
DirectorySearcher search = new DirectorySearcher(_path);
search.Filter = "(cn=" + _filterAttribute + ")";
search.PropertiesToLoad.Add("memberOf");
StringBuilder groupNames = new StringBuilder();
try
{
SearchResult result = search.FindOne();
int propertyCount = result.Properties["memberOf"].Count;
String dn;
int equalsIndex, commaIndex;
for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
{
dn = (String)result.Properties["memberOf"][propertyCounter];
equalsIndex = dn.IndexOf("=", 1);
commaIndex = dn.IndexOf(",", 1);
if (-1 == equalsIndex)
{
return null;
}
groupNames.Append(dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));
groupNames.Append("|");
}
}
catch (Exception ex)
{
throw new Exception("Error obtaining group names. " + ex.Message);
}
return groupNames.ToString();
}
public bool IsUserGroupMember(string strUserName, string strGroupString)
{
bool bMemberOf = false;
ResultPropertyValueCollection rpvcResult = null;
try
{
DirectoryEntry de = new DirectoryEntry(_path);
DirectorySearcher ds = new DirectorySearcher(de);
ds.Filter = String.Format("(SAMAccountName={0})", strUserName);
ds.PropertiesToLoad.Add("memberOf");
SearchResult result = ds.FindOne();
string propertyName = "memberOf";
rpvcResult = result.Properties[propertyName];
foreach (Object propertyValue in rpvcResult)
{
if (propertyValue.ToString().ToUpper() == strGroupString.ToUpper())
{
bMemberOf = true;
break;
}
}
}
catch (Exception ex)
{
throw new Exception("Error Getting member of. " + ex.Message);
}
return bMemberOf;
}
}
}
别低头,皇冠会掉2024-12-29 01:40:02
我回答了一个类似的问题(我可以将用户与跨不同域的组匹配),答案接近@Marc_s ,但在答案的末尾,您可以看到放置域的位置。
~没有更多了~
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
如果您使用的是 .NET 3.5 或更高版本,则应该能够使用
PrincipalSearcher和“按示例查询”主体进行搜索:您可以指定
UserPrincipal并将它们用作PrincipalSearcher的“示例查询”。这比使用旧的DirectorySearcher方法要容易得多。如果您还没有阅读过 MSDN 文章 管理 . NET Framework 3.5,它很好地展示了如何充分利用
System.DirectoryServices.AccountManagement中的新功能If you're using .NET 3.5 or newer, you should be able to use a
PrincipalSearcherand a "query-by-example" principal to do your searching:You can specify any of the properties on the
UserPrincipaland use those as "query-by-example" for yourPrincipalSearcher. This is a lot easier than using the olderDirectorySearcherapproach.If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in
System.DirectoryServices.AccountManagement