C# LDAP 查询以检索组织单位中的所有用户 [英] C# LDAP query to retrieve all users in an organisational unit

问题描述

我正在尝试运行 LDAP 查询，该查询将返回属于组织单位 OU=Employees 和 OU=FormerEmployees 的所有用户，但我无处可去.

I'm trying to run an LDAP query which will return all users which belong to the organisational units OU=Employees and OU=FormerEmployees and I am not getting anywhere.

我尝试使用 distinguishedName 进行搜索，但这似乎不支持通配符.我知道必须有更简单的方法，但我的搜索努力没有产生任何结果

I tried searching using the distinguishedName but that doesn't appear to support wildcards. I know there has to be an easier way but my searching effort hasn't yielded any results

推荐答案

如果您使用的是 .NET 3.5 及更高版本，则可以使用 PrincipalSearcher 和query-by-example"主体进行搜索:

If you're on .NET 3.5 and newer, you can use a PrincipalSearcher and a "query-by-example" principal to do your searching:

// create your domain context and define what container to search in - here OU=Employees
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN", "OU=Employees,DC=YourCompany,DC=com");

// define a "query-by-example" principal - here, we search for a UserPrincipal 
// that is still active
UserPrincipal qbeUser = new UserPrincipal(ctx);
qbeUser.Enabled = true;

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

// find all matches
foreach(var found in srch.FindAll())
{
    // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
}

如果您还没有 - 绝对阅读 MSDN 文章 管理目录安全主体在 .NET Framework 3.5 中很好地展示了如何充分利用 System.DirectoryServices.AccountManagement

If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement

如果您更喜欢旧"的 .NET 2.0 样式，则需要创建一个基本 DirectoryEntry 对应于您要在其中枚举对象的 OU，然后您需要创建一个 <搜索对象的代码>DirectorySearcher - 类似这样的:

If you prefer the "old" .NET 2.0 style, you would need to create a base DirectoryEntry that corresponds to your OU you want to enumerate objects in, and then you need to create a DirectorySearcher that searches for objects - something like this:

// create your "base" - the OU "FormerEmployees"
DirectoryEntry formerEmployeeOU = new DirectoryEntry("LDAP://OU=FormerEmployees,DC=YourCompany,DC=com");

// create a searcher to find objects inside this container
DirectorySearcher feSearcher = new DirectorySearcher(formerEmployeeOU);

// define a standard LDAP filter for what you search for - here "users"    
feSearcher.Filter = "(objectCategory=user)";

// define the properties you want to have returned by the searcher
feSearcher.PropertiesToLoad.Add("distinguishedName");
feSearcher.PropertiesToLoad.Add("sn");
feSearcher.PropertiesToLoad.Add("givenName");
feSearcher.PropertiesToLoad.Add("mail");

// search and iterate over results
foreach (SearchResult sr in feSearcher.FindAll())
{
    // for each property, you need to check where it's present in sr.Properties
    if (sr.Properties["description"] != null && sr.Properties["description"].Count > 0)
    {
       string description = sr.Properties["description"][0].ToString();
    }
}

这篇关于C# LDAP 查询以检索组织单位中的所有用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！