AD:区分用户和计算机 [英] AD: Distinguish between user and computer

问题描述

大家好，

我有一段代码可以从Active Directory返回特定用户/计算机的所有信息/属性.谁能告诉我如何区分两者(用户还是计算机)?

Hi all,

I have a piece of code that returns all the information / properties from Active Directory for a specific user / computer. Can anyone please tell me how do I distinguish between the two (User vs Computer)?

...
                string username = this.textEdit1.Text;
                // create LDAP connection object  
                DirectoryEntry myLdapConnection = CreateDirectoryEntry();

                // create search object which operates on LDAP connection object  
                // and set search object to only find the user specified  
                DirectorySearcher search = new DirectorySearcher(myLdapConnection);
                search.Filter = "(cn=" + username + ")";

                // create results objects from search object  
                SearchResult result = search.FindOne();

                if (result != null)
                {
                    // user exists, cycle through LDAP fields (cn, telephonenumber etc.)  
                    ResultPropertyCollection fields = result.Properties;

                    foreach (String ldapField in fields.PropertyNames)
                    {
                        // cycle through objects in each field e.g. group membership  
                        // (for many fields there will only be one object such as name)  
                        foreach (Object myCollection in fields[ldapField])
                        {
                            Console.WriteLine(String.Format("{0,-20} : {1}", ldapField, myCollection.ToString()));
                        }
                    }
...

        private DirectoryEntry CreateDirectoryEntry()
        {
            // create and return new LDAP connection with desired settings  

            DirectoryEntry ldapConnection = new DirectoryEntry("LDAP://server.local");
            ldapConnection.AuthenticationType = AuthenticationTypes.Secure;

            return ldapConnection;
        }

提前非常感谢.
亲切的问候，

Many thanks in advance.
Kind regards,

推荐答案

您需要的区别是在objectClass属性中.

搜索特定类别的条目时，设置Filter属性时需要更加具体.这就是我们使用的:

The distinction you need is made in the objectClass property.

When doing a search for a specific class of entries, you need to be more specific when setting the Filter property. This is what we use:

Contacts:  "(&(objectClass=Contact)(objectCategor=Person))"
Employees: "(&(objectClass=User)(company=*))"
Users:     "(objectClass=User)"
Groups:    "(objectClass=Group)"
Computers: "(objectClass=Computer)"

在这些过滤器上搜索将返回所有联系人，用户，组或计算机.我们手动设置条目的company属性，以区分实际员工用户和有权访问我们网络的非员工承包商.使用search.FindAll并遍历结果.

请注意，在使用多个条件(如联系人"和员工")时，必须使用前缀表示法:&在两个语句组合之前.

Searching on these filters will return all contacts, users, groups or computers. We manually set the entry''s company property to distinguish between actual employee users and non-employee contractors who have access to our network. Use search.FindAll and iterate through the results.

Note that when using more than one criteria (as with Contacts and Employees), you must use prefix notation: the & goes before the two statements being combined.

这篇关于AD:区分用户和计算机的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！