使用C#.NET从Active Directory中获取上次登录详细信息 [英] Fetch last logon details from Active directory using C#.NET
问题描述
我们正在使用一个网站,它将评估Active Directory中特定组中的用户凭据.
We are using a website which will evaluate the user credentials from Activedirectory in a specific group.
现在,我们要通过广告创建一个报告,该报告应包含该特定组的用户列表以及他们上次访问该网站的时间.
Now we want to create a report from AD, it should contains the list of users from that specific group and when they access the website last time.
下面的代码段将正确列出特定组中的可用用户.
Below piece of code will correctly list the users available on the specific group.
我编写了另一段代码,以返回每个用户的lastlogon日期时间.在那个小组中.但这会列出"HUMAD"域下的日期时间,而不是该特定组中的日期时间.
I wrote another piece code to return the lastlogon datetime for each users in that group. But that will list the date time under 'HUMAD' domain not from that particular group.
DirectoryEntrydeUsers =
DirectoryEntry(" LDAP :// XXXXX");
newDirectoryEntry("LDAP :// XXXXX");
DirectorySearcher (deUsers);
DirectorySearcherdsUsers =newDirectorySearcher(deUsers);
dsUsers.PropertiesToLoad.Add(
dsUsers.PropertiesToLoad.Add(
);
"cn");
dsUsers.PropertiesToL
dsUsers.PropertiesToL
} oad.Add(
);
"SAMAccountname");
dsUsers.Filter =
dsUsers.Filter =
;
"(&(ObjectClass=user)(memberof=g_cms_readonly))";
PrincipalContext (
vardomainContext =newPrincipalContext(ContextType.Domain);
vargroupPrincipal =GroupPrincipal.FindByIdentity(domainContext,IdentityType.SamAccountName,g_cms_readonly);
主体 m in groupPrincipal.Members)
foreach(PrincipalmingroupPrincipal.Members)
{
{
b }
}
推荐答案
Hi
CodeProject中有一篇文章将确切解释如何执行此操作以及如何解释lastLogon时间格式:
There's an article in CodeProject which will explain exactly how to do this, and how to interpret the lastLogon time format:
http://www.codeproject.com/KB/security/LastLogonAcrossAllWindows.aspx
我还搜索了一些成功的代码,请测试并尝试.
I also searched some successful code, please test and try.
public static Dictionary<string, DateTime> UsersLastLogOnDate()
{
var lastLogins = new Dictionary<string, DateTime>();
DomainControllerCollection domains = Domain.GetCurrentDomain().DomainControllers;
foreach (DomainController controller in domains)
{
try
{
using (var directoryEntry = new DirectoryEntry(string.Format("LDAP://{0}", controller.Name)))
{
using (var searcher = new DirectorySearcher(directoryEntry))
{
searcher.PageSize = 1000;
searcher.Filter = "(&(objectClass=user)(!objectClass=computer))";
searcher.PropertiesToLoad.AddRange(new[] { "distinguishedName", "lastLogon" });
foreach (SearchResult searchResult in searcher.FindAll())
{
if (searchResult.Properties.Contains("lastLogon"))
{
var lastLogOn = DateTime.FromFileTime((long)searchResult.Properties["lastLogon"][0]);
var username = Parser.ParseLdapAttrValue(searchResult.Properties["distinguishedName"][0].ToString());
if (lastLogins.ContainsKey(username))
{
if (DateTime.Compare(lastLogOn, lastLogins[username]) > 0)
{
lastLogins[username] = lastLogOn;
}
}
else
{
lastLogins.Add(username, lastLogOn);
}
}
}
}
}
}
catch (System.Runtime.InteropServices.COMException comException)
{
// Domain controller is down or not responding
Log.DebugFormat("Domain controller {0} is not responding.",controller.Name);
Log.Error("Error in one of the domain controllers.", comException);
continue;
}
}
return lastLogins;
}有关更多详细信息,请检查 在多个域服务器中搜索用户的lastLogon属性
For more detailed information, please check Searching for lastLogon attribute of user in multiple domain servers
这篇关于使用C#.NET从Active Directory中获取上次登录详细信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
