C# 从Active Directory中的特定组和OU检索用户
我想从Active Directory中的特定OU检索给定组中的所有用户。我的代码抛出一个异常 操作已中止,因为超出了客户端超时限制 我在C# 从Active Directory中的特定组和OU检索用户,c#,active-directory,C#,Active Directory,我想从Active Directory中的特定OU检索给定组中的所有用户。我的代码抛出一个异常 操作已中止,因为超出了客户端超时限制 我在 foreach (SearchResultEntry entry in searchResponse.Entries) 我的组名是Arya,OU名是TestOU 但是,当我将过滤器编写为 string searchFilter = "(&(objectCategory=user)" 它工作并返回所有OU的用户,我想这是我不想要的 bool bM
foreach (SearchResultEntry entry in searchResponse.Entries)
我的组名是Arya
,OU名是TestOU
但是,当我将过滤器编写为
string searchFilter = "(&(objectCategory=user)"
它工作并返回所有OU的用户,我想这是我不想要的
bool bMoreData = false;
DirectoryEntry rootDSE = new DirectoryEntry("LDAP://" + domain);
string[] attributes = { "samaccountname", "displayname", "name", "initials" };
System.Net.NetworkCredential credential = new System.Net.NetworkCredential(admin, password, "IP address");
LdapDirectoryIdentifier directoryIdentifier = new LdapDirectoryIdentifier("ip address"); //389 (unsecured LDAP)
LdapConnection connection = new LdapConnection(directoryIdentifier, credential);
connection.Bind();
string searchFilter = "(&(objectCategory=user)(memberOf=cn=Arya,ou=TestOU,dc=Maintenance,dc=org))";
SearchRequest request = new SearchRequest("DC=Maintenance,DC=org", searchFilter, System.DirectoryServices.Protocols.SearchScope.Base, attributes);
// getCookie();
DirSyncRequestControl dirSyncRC = new DirSyncRequestControl(cookie, System.DirectoryServices.Protocols.DirectorySynchronizationOptions.IncrementalValues, Int32.MaxValue);
request.Controls.Add(dirSyncRC);
SearchResponse searchResponse = (SearchResponse)connection.SendRequest(request);
foreach (SearchResultEntry entry in searchResponse.Entries)// Exception thrown here
{
Console.WriteLine("{0}:{1}",
searchResponse.Entries.IndexOf(entry),
entry.DistinguishedName);
}
foreach (DirectoryControl control in searchResponse.Controls)
{
if (control is DirSyncResponseControl)
{
DirSyncResponseControl dsrc = control as DirSyncResponseControl;
cookie = dsrc.Cookie;
bMoreData = dsrc.MoreData;
break;
}
}
您可以为您的OU绑定到
PrincipalContext
,然后找到您要查找的组:
// create your domain context - bind to the OU you're interested in
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, null, "OU=TestOU"))
{
// define a "query-by-example" principal - here, we search for any GroupPrincipal
GroupPrincipal group = ctx.FindByIdentity("Arya");
// if group is found - enumerate its members
if(group != null)
{
foreach(var found in group.GetMembers())
{
//
}
}
}
如果您还没有阅读过MSDN文章(可从Microsoft下载
.CHM
文件-MSDN杂志2008年1月号),这篇文章很好地展示了如何充分利用System.DirectoryServices.AccountManagement
中的新功能。或者查看名称空间。我发现下面这行有问题
DirSyncRequestControl dirSyncRC = new DirSyncRequestControl(cookie, System.DirectoryServices.Protocols.DirectorySynchronizationOptions.IncrementalValues, Int32.MaxValue);
当我用它代替它时,它对我起作用了
DirSyncRequestControl dirSyncRC = new DirSyncRequestControl(cookie, System.DirectoryServices.Protocols.DirectorySynchronizationOptions.ObjectSecurity, Int32.MaxValue);
您使用这个非常低级的LDAP接口有什么特别的原因吗?我有一个本地数据库,需要与AD服务器同步,在api create cookie之上,这样它就不会获取下一个未修改的记录。我找到了上述解决方案,并采取了行动。我想通过使用过滤器来实现这一点