dsget用什么来查询目录?
我所在的组织的 Active Directory 具有非常深的嵌套组结构。我想查询目录以从 Linux 计算机递归查找组的用户成员。在 Windows 机器上,
dsget group "dn_of_group" -members -expand
完全按照我的要求做,而且做得非常快。当我尝试通过 LDAP 获得相同的结果时,
(memberOf:1.2.840.113556.1.4.1941:=dn_of_group)
查询需要运行近一分钟。 dsget 在幕后使用 LDAP 还是使用其他方式来查询目录?如果是这样,我有什么办法也可以使用它吗?
编辑: 澄清我需要作为用户的成员。
I am in an organization with an Active Directory with a very deep nested group structure. I would like to query the directory to recursively find user members of a group from a Linux machine. On a Windows machine,
dsget group "dn_of_group" -members -expand
does exactly what I want and does it very quickly. When I tried to get the same results via LDAP with
(memberOf:1.2.840.113556.1.4.1941:=dn_of_group)
the query takes almost a minute to run. Does dsget use LDAP under the hood or does it use some other means to query the directory? And if so, is there any way for me to also use that?
Edit:
Clarified that I need the members which are users.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Framework 3.5 与 System.DirectoryServices.AccountManagement 命名空间提供了一种搜索方法递归所有组并返回用户所属的组。返回的组还可以包括系统出于授权目的将用户视为其成员的附加组。
此方法返回的组可能包括来自与主体不同范围和存储的组。例如,如果主体是 DN 为“CN=SpecialGroups,DC=Fabrikam,DC=com”的 AD DS 对象,则返回的集可以包含属于“CN=NormalGroups,DC=Fabrikam,DC=”的组。 com
在另一个方向你有:
请参阅备注
The framework 3.5 with System.DirectoryServices.AccountManagement Namespace provides a method that searches all groups recursively and returns the groups in which the user is a member. The returned set may also include additional groups that system would consider the user a member of for authorization purposes.
The groups that are returned by this method may include groups from a different scope and store than the principal. For example, if the principal is an AD DS object that has a DN of "CN=SpecialGroups,DC=Fabrikam,DC=com, the returned set can contain groups that belong to the "CN=NormalGroups,DC=Fabrikam,DC=com
In the other direction you've got :
See Remarks