用户在特定的Active Directory通讯组列表 [英] List of users in specific Active Directory Distribution Group

问题描述

我试图让用户列表和有关从Active Directory组中的用户的一些属性。

I'm trying to get a list of users and some properties about the user from within an active directory group.

更新：

下面是两种方法，我现在有：

Here are the two methods I currently have:

    Dim adGroup As New DirectoryEntry("LDAP://CN=MyGroup,OU=Groups,OU=Accounts,OU=All,DC=domain,DC=com")
    Dim adMembers As Object
    Dim objUser As ActiveDirectoryUser
    Dim objUserList As New List(Of ActiveDirectoryUser)
    Dim directoryEntry As DirectoryEntry

    adMembers = adGroup.Invoke("Members", Nothing)

    For Each adMember As Object In CType(adMembers, IEnumerable)
        directoryEntry = New DirectoryEntry(adMember)
        objUser = New ActiveDirectoryUser

        objUser.UserId = directoryEntry.Properties.Item("sAMAccountName").Value.ToString()
        objUser.Contract = directoryEntry.Properties.Item("ou").Value.ToString()
        objUser.LastName = directoryEntry.Properties.Item("sn").Value.ToString()
        objUser.FirstName = directoryEntry.Properties.Item("givenName").Value.ToString()
        objUser.Email = directoryEntry.Properties.Item("mail").Value.ToString()

        objUserList.Add(objUser)
    Next

第一件工作，虽然看似非常低效的。我的内存使用情况爬升和，因为它的执行和我得到的这个错误，虽然它看起来像，可以是固定的。第二种方法：

The first piece works, though it seems quite inefficient. My memory usage climbs and climbs as it's executing and I was getting this error, though it looks like that can be fixed. The second method:

    Dim results As SearchResultCollection
    Dim directoryEntry2 As New DirectoryEntry("LDAP://DC=domain,DC=com")
    Dim directorySearcher As New DirectorySearcher(directoryEntry2)
    directorySearcher.PageSize = 1000

    directorySearcher.Filter = "(&(objectCategory=person)" & _
                           "(objectClass=user)" & _
                           "(memberOf=CN=MyGroup,OU=Groups,OU=Accounts,OU=All,DC=domain,DC=com))"


    directorySearcher.PropertiesToLoad.Add("ou")
    directorySearcher.PropertiesToLoad.Add("sn")
    directorySearcher.PropertiesToLoad.Add("givenName")
    directorySearcher.PropertiesToLoad.Add("sAMAccountName")
    directorySearcher.PropertiesToLoad.Add("mail")

    results = directorySearcher.FindAll

结果数似乎从中我觉得奇怪的应用程序的每一次执行而有所不同。我不知道这是否是获取用户重新或者如果我需要修改的东西在我的搜索？

The result count seems to vary from each execution of the application which I find odd. I'm not sure if this is a reliable way of getting the users back or if I need to modify something on my search?

推荐答案

如果你可以，不要升级到.NET 3.5，并使用新的大为改善 System.DirectoryServices.AccountManagement 命名空间。伟大的前奏，为这些新类被发现在管理目录安全主体在.NET Framework 3.5 。

IF you can, do upgrade to .NET 3.5 and use the new much improved System.DirectoryServices.AccountManagement namespace. Great intro for those new classes is found in Managing Directory Security Principals in the .NET Framework 3.5.

通过这个，你的工作变得简单了：

With this, your job becomes trivial:

PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN");
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "MyGroup");
PrincipalSearchResult<Principal> members = group.GetMembers();

这是否为你工作？

Does that work for you?

如果您不能使用.NET 3.5，您应检查成员集团的财产。该小组成员的没有的存储逻辑下的组层次的孩子，所以你不能找到他们通过使用 DirectorySearcher从。

If you cannot use .NET 3.5, you should inspect the member property of the group. The group members are not stored as children logically underneath the group in hierarchy, so you cannot find them by using a DirectorySearcher.

DirectoryEntry group = new DirectoryEntry("LDAP://CN=MyGroup,OU=Groups,OU=All,DC=Domain,DC=com");

foreach(object groupMemberDN in group.Properties["member"])
{
   // grab the group member's DN
}

请参见快速列表C＃code范例为Active Directory（或相同的的Visual Basic .NET ）在MSDN库这个片段等等。

See the Quick List of C# Code Examples for Active Directory (or the same for Visual Basic .NET) in the MSDN library for this snippet and more.

更新：如果您需要在用户属于特定​​群体（因为要更新它们的属性或某事），你可以扭转的办法：为所有搜索

Update: if you need the users belonging to a particular group (since you want to update their properties or something), you could reverse the approach: search for all the users who have a memberOf property equivalent to the group's DN:

 DirectoryEntry root = new DirectoryEntry("LDAP://dc=domain,dc=com");
 DirectorySearcher searcher = new DirectorySearcher(root);

 searcher.Filter = "(&(objectCategory=user)(memberOf=CN=MyGroup,OU=Groups,OU=All,DC=Domain,DC=com))";
 // set other properties on the searcher

 foreach(object result in searcher.FindAll())
 {
    // do whatever you need to do with the entry
 }

这篇关于用户在特定的Active Directory通讯组列表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！