在多个Active Directory域中搜索用户 [英] Searching for users across multiple Active Directory domains

问题描述

我正在使用System.DirectoryServices.AccountManagement提供用户查找功能。

I'm using the System.DirectoryServices.AccountManagement to provide user lookup functionality.

该公司有多个区域特定的AD域：AMR，EUR，JPN等。

The business has several region specific AD domains: AMR, EUR, JPN etc.

以下内容适用于EUR域，但自然不会返回其他域的用户：

The following works for the EUR domain, but doesn't return users from the other domains (naturally):

var context = new PrincipalContext(ContextType.Domain, "mycorp.com", "DC=eur,DC=mycorp,DC=com");

var query = new UserPrincipal(GetContext());

query.Name = "*Bloggs*";

var users = new PrincipalSearcher(query).FindAll().ToList();

但是，如果我定位到整个目录，则不会从 any 特定区域的域：

However, if I target the entire directory, it doesn't return users from any of the region specific domains:

var context = new PrincipalContext(ContextType.Domain, "mycorp.com", "DC=mycorp,DC=com");

如何搜索整个目录？

更新

阅读 Active Directory搜索的工作原理：

Read up on "How Active Directory Searches Work":

http://technet.microsoft.com/en -us / library / cc755809（v = ws.10）.aspx

如果我在服务器名称后缀端口3268，则会针对全局编录进行搜索：

If I suffix the server name with port 3268 it searches against the Global Catalog:

var context = new PrincipalContext(ContextType.Domain, "mycorp.com:3268", "DC=mycorp,DC=com");

但是它非常非常慢。关于如何提高性能的任何建议？

However it's very, very slow. Any suggestions on how to improve performance?

推荐答案

具有初始通配符（* Bloggs *）会很慢，除非您对正在查询的属性有一个元组索引。默认情况下，AD中的所有属性均未设置此属性。最好不要使用初始通配符。

Queries which have initial wildcards (*Bloggs*) will be slow unless you have a tuple index on the attribute being queries. None of the attributes in AD have this set by default. Better to not do initial wildcards.

这篇关于在多个Active Directory域中搜索用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！