从2 OU查找Active Directory用户 [英] Finding Active Directory users from 2 OU
问题描述
我有一个.Net应用程序,它从特定OU(ABCUsers)中的活动目录中读取用户。以下是代码:
string DomainIP = some domain IP;
string ContainerConnectionString = OU = ABCUsers,DC = test,DC = com;
PrincipalContext域=新的PrincipalContext(ContextType.Domain,DomainIP,ContainerConnectionString,ContextOptions.SimpleBind);
PrincipalSearcher搜索器= new PrincipalSearcher();
UserPrincipal findUser =新的UserPrincipal(域);
findUser.SamAccountName =某些用户名;
searcher.QueryFilter = findUser;
UserPrincipal foundUser =(UserPrincipal)searcher.FindOne();
上面的代码工作正常,但是我需要更改代码,以便它检索用户是否/ she在OU = ABCUsers或OU = XYZUsers中,但不在其他任何OU中。
(更新:正在阅读
功能/循环解决方案
(不过我还是更喜欢
因为它可能行不通,所以下面的 Global Catalog 解决方案,因为它的代码更少,功能更强大。当不使用 Global Catalog 时,使用 OR -LDAP-search字符串,如下所述,您可以重复上面的内容(我想是)在放置两个 OU 时的代码与此类似在一个单独的函数(伪代码)中:
UserPrincipal findUserInOu(String ou){
string DomainIP = some domain IP;
string ContainerConnectionString = OU = + ou +,DC = test,DC = com;
// ...上面的代码续
}
UserPrincipal foundUser = findUserInOu( ABCUsers);
if(foundUser == null)
foundUser = findUserInOu( XYZUsers);
GlobalCatalog 解决方案
正如我在此处所述,使用一些 OR -搜索字符串等对我不起作用,看来,您可能必须使用 Global Catalog 服务(在默认的端口上3268 ,如果您有 MS Active Directory ,否则我不知道其他目录服务是否具有此功能)。
我想您必须在 PrincipalContext 上指定它,它可能会使用其他默认值(389吗?)。
I have a .Net application that reads user from active directory that is in a specific OU (ABCUsers). The following is the code:
string DomainIP = "some domain IP";
string ContainerConnectionString = "OU=ABCUsers,DC=test,DC=com";
PrincipalContext domain = new PrincipalContext(ContextType.Domain, DomainIP, ContainerConnectionString, ContextOptions.SimpleBind);
PrincipalSearcher searcher = new PrincipalSearcher();
UserPrincipal findUser = new UserPrincipal(domain);
findUser.SamAccountName = "some username";
searcher.QueryFilter = findUser;
UserPrincipal foundUser = (UserPrincipal)searcher.FindOne();
The above code works fine, but I need to change the code so that it retrieves a user whether he/she is in OU=ABCUsers or OU=XYZUsers but not in any other OU.
(update: reading it again)
function/loop solution
(I would nevertheless prefer the solution with the Global Catalog below, because it is much less code and more robust.)
Since it would probably not work with an OR-LDAP-search string when not using the Global Catalog as explained below, you could just kind of repeat the above (I guess working) code for the two OUs similar to this when put e.g. in a separate function (pseudo code):
UserPrincipal findUserInOu( String ou ) {
string DomainIP = "some domain IP";
string ContainerConnectionString = "OU=" + ou + ",DC=test,DC=com";
// ... above code continued
}
UserPrincipal foundUser = findUserInOu("ABCUsers");
if ( foundUser == null )
foundUser = findUserInOu("XYZUsers");
GlobalCatalog solution
As I said here, to do it with some OR-search string etc. did not work for me and it seems, you may have to use the Global Catalog service (on the default port 3268, if you have a MS Active Directory otherwise I don't know if other directory services would have this feature).
I guess you would have to specify this on the PrincipalContext which may use some other default (389?).
这篇关于从2 OU查找Active Directory用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
