检索大型广告组的所有成员 [英] Retrieve All Members of Large AD Groups

问题描述

使用Microsoft Active Directory和Unboundid SDK，并且该组具有超过29k成员.

Working with an Microsoft Active Directory and Unboundid SDK and there is a group with >29k members.

我正在尝试使用范围值来获取所有组，但无法确定何时到达终点.

I am trying to utilize the range values to get all the groups, but can not determine when the end has been reached.

我正在使用此方法:(已更新为工作代码)

I am using this method: (Updated to working code)

  public static List<String> getAttributeRangeBasedSearch(LDAPConnection ldc, String basedn, String filter, int step, String return_attribute) throws LDAPException
{
List<String> allValues = new ArrayList<String>();
// initialize counter to total the group members and range values
int allvalues = 0;
int start = 0;
// int step = 1000;
int finish = step - 1;
boolean finallyFinished = false;
String range;
// loop through the query until we have all the results
while (!finallyFinished)
{
    range = start + "-" + finish;
    String currentRange = return_attribute + ";Range=" + range;
    String range_returnedAtts[] = { currentRange };
    SearchRequest searchRequest = new SearchRequest(basedn, SearchScope.BASE, filter, range_returnedAtts);
    List<SearchResultEntry> rangedEntries = ldc.search(searchRequest).getSearchEntries();
    for (Iterator<SearchResultEntry> iterator = rangedEntries.iterator(); iterator.hasNext();)
    {
    SearchResultEntry searchResultEntry = iterator.next();
    Collection<Attribute> allAttribute = searchResultEntry.getAttributes();
    for (Iterator<Attribute> attributeIterator = allAttribute.iterator(); attributeIterator.hasNext();)
    {
        Attribute attribute = attributeIterator.next();
        log.debug("---> " + allvalues + ": " + attribute.getName());
        if (attribute.getName().endsWith("*"))
        {
        currentRange = attribute.getName();
        finallyFinished = true;
        }
        String[] attributeBatch = searchResultEntry.getAttributeValues(currentRange);
        for (int i = 0; i < attributeBatch.length; i++)
        {
        allValues.add(attributeBatch[i]);
        log.debug("-- " + allvalues++ + " " + attribute.getName() + ":" + attributeBatch[i]);
        }
    }

    }// for SearchResultEntry
    start = start + step;
    finish = finish + step;
}// finallyFinished
return allValues;
}

有什么想法吗?

谢谢 -吉姆

推荐答案

我可以正常工作，但是该过程非常困难，目前我正在使用该步骤的硬编码值，因为可以默认更改为该值1,500到5,000的硬编码限制.

I got things working, but the process is very difficult and currently I am using a hard coded value for the step as this could be dynamically changed formt he default of 1,500 to a hard coded limit of 5,000.

我无法动态确定该值. 可能会出现，如果未在以下位置定义它:CN = Query-Policies，CN =目录服务，CN = Windows NT，CN =服务，CN =配置，目录林根必须是默认值，默认值也取决于所使用的Microsoft Active Directory版本.

I have not been able to determine the value dynamically. Appears, maybe, that if it is not defined at: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,forest root then is must be at defaults, which the default, also varies based on which version of Microsoft Active Directory is being used.

MSDN中还描述了有关某种控制方式，可能会有所帮助，但没有有关如何使用它的信息. 有人使用过吗?

There is also described in MSDN about some sort of control that might help, but no information on how it could be used. Anyone ever use this?

这篇关于检索大型广告组的所有成员的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！