Active directory Active Directory子组搜索
我需要有一个根广告组,并需要枚举其所有子组。我有一个连接到AD服务器并尝试检索子组列表的代码 代码如下:Active directory Active Directory子组搜索,active-directory,active-directory-group,Active Directory,Active Directory Group,我需要有一个根广告组,并需要枚举其所有子组。我有一个连接到AD服务器并尝试检索子组列表的代码 代码如下: private IEnumerable<SearchResult> GetSubGroups(string groupId) { using (var searcher = new DirectorySearcher(new DirectoryEntry(adServerName, adLogin, adPassword))
private IEnumerable<SearchResult> GetSubGroups(string groupId)
{
using (var searcher = new DirectorySearcher(new DirectoryEntry(adServerName, adLogin, adPassword)))
{
searcher.Filter = string.Format("(&(objectClass=group)({0}))", groupId);
//Get the Root Group
var result = searcher.FindOne();
object resultMembers = result.GetDirectoryEntry().Invoke("Members", null);
foreach(var member in ((IEnumerable) resultMembers))
{
var memberEntry = new DirectoryEntry(member);
var subgroupsSearcher = new DirectorySearcher(memberEntry);
subgroupsSearcher.Filter = "(objectClass=group)";
subgroupsSearcher.PropertiesToLoad.Add("samaccountname");
subgroupsSearcher.PropertiesToLoad.Add("name");
var foundSubGroupResult = subgroupsSearcher.FindOne();
...
}
return new List<SearchResult> {result};
}
}
异常的消息属性显示:“发生操作错误”
我已经记录了错误代码,它是-2147016672
从子组对象创建DirectoryEntry时,我还尝试隐式初始化UserName属性:
foreach(var member in ((IEnumerable) resultMembers))
{
var memberEntry = new DirectoryEntry(member);
memberEntry.Username = adLogin;
var subgroupsSearcher = new DirectorySearcher(memberEntry)
...
}
但结果是一样的
我做错了什么?任何帮助都是值得的。这里有一段代码。它允许使用递归筛选器see检索类“
group
”(您称之为子组的东西)的组的所有成员
不确定为什么要调用Invoke(“成员”)。您只需要让DirectorySearcher返回组的成员属性。您需要处理两件事:
- 属性值范围-
- 嵌套循环-您的代码将需要跟踪您已经扩展的组,这样您就不会一遍又一遍地这样做
foreach(var member in ((IEnumerable) resultMembers))
{
var memberEntry = new DirectoryEntry(member);
memberEntry.Username = adLogin;
var subgroupsSearcher = new DirectorySearcher(memberEntry)
...
}
static void Main(string[] args)
{
/* Connection to Active Directory
*/
string sFromWhere = "LDAP://WM2008R2ENT:389/dc=dom,dc=fr";
DirectoryEntry deBase = new DirectoryEntry(sFromWhere, "dom\\jpb", "test.2011");
/* To find all the groups member of groups "Grp1" :
* Set the base to the groups container DN; for example root DN (dc=societe,dc=fr)
* Set the scope to subtree
* Use the following filter :
* (member:1.2.840.113556.1.4.1941:=CN=Grp1,OU=MonOu,DC=X)
* coupled with a AND Bit filter on userAccountControl
*/
DirectorySearcher dsLookFor = new DirectorySearcher(deBase);
dsLookFor.Filter = "(&(memberof:1.2.840.113556.1.4.1941:=CN=MonGrpSec,OU=MonOu,DC=dom,DC=fr)(objectClass=group))";
dsLookFor.SearchScope = SearchScope.Subtree;
dsLookFor.PropertiesToLoad.Add("cn");
SearchResultCollection srcGroups = dsLookFor.FindAll();
/* Just to write some result
*/
foreach (SearchResult srcGroup in srcGroups)
{
Console.WriteLine("{0}", srcGroup.Path);
}
Console.ReadLine();
}