我怎样才能让用户从活动目录列表？ [英] How can I get a list of users from active directory?

问题描述

我怎样才能让用户从活动目录列表？有没有办法拉用户名，名字，姓氏？我看到了一个类似的帖子里这样使用：

How can I get a list of users from active directory? Is there a way to pull username, firstname, lastname? I saw a similar post where this was used:

 PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN");

我从来没有做过与Active Directory的东西，所以我完全丧失。任何帮助将大大AP preciated！

I have never done anything with active directory so I am completely lost. Any help would be greatly appreciated!

推荐答案

如果你是新来的Active Directory，我建议你应该先了解目录存储如何有效数据。

If you are new to Active Directory, I suggest you should understand how Active Directory stores data first.

Active Directory中实际上是一个LDAP服务器。存储在LDAP服务器中的对象hierachically存储。这是非常相似，你存储在文件系统文件。这就是为什么它得名的目录的服务器和活动的目录的

Active Directory is actually a LDAP server. Objects stored in LDAP server are stored hierachically. It's very similar to you store your files in your file system. That's why it got the name Directory server and Active Directory

在Active Directory中的容器和对象可通过识别名称也可以指定。可分辨的名称是这样的 CN = SomeName，CN = SomeDirectory，DC = YOURDOMAIN，DC = COM 。像传统的关系型数据库，可以对运行LDAP服务器查询。这就是所谓的LDAP查询。

The containers and objects on Active Directory can be specified by a distinguished name. The distinguished name is like this CN=SomeName,CN=SomeDirectory,DC=yourdomain,DC=com. Like a traditional relational database, you can run query against a LDAP server. It's called LDAP query.

有多种方法运行在.NET中的LDAP查询。您可以使用<一个href="http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.aspx">DirectorySearcher从系统的DirectoryServices 或<一href="http://msdn.microsoft.com/en-us/library/system.directoryservices.protocols.searchrequest.searchrequest.aspx">SearchRequest从 System.DirectoryServices.Protocol 。

There are a number of ways to run a LDAP query in .NET. You can use DirectorySearcher from System,DirectoryServices or SearchRequest from System.DirectoryServices.Protocol.

对于你的问题，因为你问到查找用户主体对象具体而言，我认为最直观的方法是使用<一个href="http://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.principalsearcher.aspx">PrincipalSearcher从 System.DirectoryServices.AccountManagement 。你可以很容易地找到了很多来自谷歌不同的例子。这里是做你要求什么的样本。

For your question, since you are asking to find user principal object specifically, I think the most intuitive way is to use PrincipalSearcher from System.DirectoryServices.AccountManagement. You can easily find a lot of different examples from google. Here is a sample that is doing exactly what you are asking for.

using (var context = new PrincipalContext(ContextType.Domain, "yourdomain.com"))
{
    using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
    {
        foreach (var result in searcher.FindAll())
        {
            DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
            Console.WriteLine("First Name: " + de.Properties["givenName"].Value);
            Console.WriteLine("Last Name : " + de.Properties["sn"].Value);
            Console.WriteLine("SAM account name   : " + de.Properties["samAccountName"].Value);
            Console.WriteLine("User principal name: " + de.Properties["userPrincipalName"].Value);
            Console.WriteLine();
        }
    }
}
Console.ReadLine();

请注意，该AD用户对象中，还有一些属性。尤其是，给定名称会给你的名字和 SN 会给你的姓。关于用户名。我想你的意思是用户登录名。请注意，有对AD用户对象两个登录名。一个是的samAccountName ，这也被称为pre-Windows 2000用户登录名。 的UserPrincipalName 的Windows 2000之后，通常使用。

Note that on the AD user object, there are a number of attributes. In particular, givenName will give you the First Name and sn will give you the Last Name. About the user name. I think you meant the user logon name. Note that there are two logon names on AD user object. One is samAccountName, which is also known as pre-Windows 2000 user logon name. userPrincipalName is generally used after Windows 2000.

这篇关于我怎样才能让用户从活动目录列表？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！