在多个Active Directory域中搜索用户 [英] Searching for users across multiple Active Directory domains
问题描述
我正在使用System.DirectoryServices.AccountManagement提供用户查找功能。
I'm using the System.DirectoryServices.AccountManagement to provide user lookup functionality.
该公司有多个区域特定的AD域:AMR,EUR,JPN等。
The business has several region specific AD domains: AMR, EUR, JPN etc.
以下内容适用于EUR域,但自然不会返回其他域的用户:
The following works for the EUR domain, but doesn't return users from the other domains (naturally):
var context = new PrincipalContext(ContextType.Domain, "mycorp.com", "DC=eur,DC=mycorp,DC=com");
var query = new UserPrincipal(GetContext());
query.Name = "*Bloggs*";
var users = new PrincipalSearcher(query).FindAll().ToList();
但是,如果我定位到整个目录,则不会从 any 特定区域的域:
However, if I target the entire directory, it doesn't return users from any of the region specific domains:
var context = new PrincipalContext(ContextType.Domain, "mycorp.com", "DC=mycorp,DC=com");
如何搜索整个目录?
更新
阅读 Active Directory搜索的工作原理:
Read up on "How Active Directory Searches Work":
http://technet.microsoft.com/en -us / library / cc755809(v = ws.10).aspx
如果我在服务器名称后缀端口3268,则会针对全局编录进行搜索:
If I suffix the server name with port 3268 it searches against the Global Catalog:
var context = new PrincipalContext(ContextType.Domain, "mycorp.com:3268", "DC=mycorp,DC=com");
但是它非常非常慢。关于如何提高性能的任何建议?
However it's very, very slow. Any suggestions on how to improve performance?
推荐答案
具有初始通配符(* Bloggs *)
会很慢,除非您对正在查询的属性有一个元组索引。默认情况下,AD中的所有属性均未设置此属性。最好不要使用初始通配符。
Queries which have initial wildcards (*Bloggs*)
will be slow unless you have a tuple index on the attribute being queries. None of the attributes in AD have this set by default. Better to not do initial wildcards.
这篇关于在多个Active Directory域中搜索用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!