跨多个 Active Directory 域搜索用户 [英] Searching for users across multiple Active Directory domains

问题描述

我正在使用 System.DirectoryServices.AccountManagement 来提供用户查找功能.

I'm using the System.DirectoryServices.AccountManagement to provide user lookup functionality.

该企业有多个特定于区域的 AD 域:AMR、EUR、JPN 等.

The business has several region specific AD domains: AMR, EUR, JPN etc.

以下内容适用于 EUR 域，但不会返回来自其他域的用户(自然):

The following works for the EUR domain, but doesn't return users from the other domains (naturally):

var context = new PrincipalContext(ContextType.Domain, "mycorp.com", "DC=eur,DC=mycorp,DC=com");

var query = new UserPrincipal(GetContext());

query.Name = "*Bloggs*";

var users = new PrincipalSearcher(query).FindAll().ToList();

但是，如果我定位整个目录，它不会返回来自任何区域特定域的用户:

However, if I target the entire directory, it doesn't return users from any of the region specific domains:

var context = new PrincipalContext(ContextType.Domain, "mycorp.com", "DC=mycorp,DC=com");

如何搜索整个目录?

更新

阅读Active Directory 搜索的工作原理":

Read up on "How Active Directory Searches Work":

http://technet.microsoft.com/en-us/library/cc755809(v=ws.10).aspx

如果我在服务器名称后缀 3268 端口，它会针对全局目录进行搜索:

If I suffix the server name with port 3268 it searches against the Global Catalog:

var context = new PrincipalContext(ContextType.Domain, "mycorp.com:3268", "DC=mycorp,DC=com");

但是它非常非常慢.关于如何提高性能有什么建议吗?

However it's very, very slow. Any suggestions on how to improve performance?

推荐答案

具有初始通配符 (*Bloggs*) 的查询会很慢，除非您在要查询的属性上有元组索引.AD 中的所有属性都没有默认设置.最好不要做初始通配符.

Queries which have initial wildcards (*Bloggs*) will be slow unless you have a tuple index on the attribute being queries. None of the attributes in AD have this set by default. Better to not do initial wildcards.

这篇关于跨多个 Active Directory 域搜索用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！