如何查找Active Directory的全局目录？ [英] How to find global catalog of Active Directory?

问题描述

我想以 GC：// DC = xxx，DC = yyy，DC = zzz 的格式在Active Directory环境中搜索用户。但是，如何在任意的Active Directory环境中以编程方式找到全局编录？每个域名是否始终对应一个全局目录？还有其他方法可以尝试吗？

I want to search for users in an Active Directory environment with GC://DC=xxx,DC=yyy,DC=zzz format. But how can I programmatically find the global catalogs in an arbitary Active Directory environment? Does each domain name correspond to a global catalog always? Any alternative means I can try?

注意： Forest.FindAllGlobalCatalogs（）返回服务器名称列表，但是我实际上无法使用它们进行搜索。

Note: The Forest.FindAllGlobalCatalogs() returns a list of server names but I'm actually not able to search using them.

Edit1：这是我想做的事情：假设我的活动目录有一个名为domain1.root.com的域，那么我将使用GC：// DC = domain1，DC = root，DC = com来搜索用户。但是，这始终是全球目录吗？每个域都必须有一个全局目录吗？

Here's what I want to do : Suppose my activedirectory has a domain called domain1.root.com, then I will use GC://DC=domain1,DC=root,DC=com to search for a user. But is this always a Global catalog? Must every domain have a global catalog?

Edit2：我现在可以使用以下代码搜索用户：

I am now able to search for users using the following code:

            var currentForest = Forest.GetCurrentForest();
            var globalCatalog = currentForest.FindGlobalCatalog();
            Console.WriteLine(globalCatalog.Name);
            //DirectorySearcher searcher = new DirectorySearcher("GC://"+y.Name);
            DirectorySearcher searcher = globalCatalog.GetDirectorySearcher();
            searcher.Filter = @"samaccountname=skaranth";
            Console.WriteLine(searcher.SearchRoot.Path);
            var result = searcher.FindOne();
            if(result!=null)
                Console.WriteLine(result.Properties["distinguishedname"][0]);
            searcher.Dispose();
            globalCatalog.Dispose();
            currentForest.Dispose();

推荐答案

您到底想实现什么？

全局目录是存储在某些域控制器上的特殊属性子集。尽管每个域控制器都具有针对该域的全套属性和对象，但是全局目录包含来自AD林中所有域的数据。

The Global Catalog is a special subset of attributes that are stored on certain domain controllers. While each domain controller has a full set of attributes and object for that one domain, the Global Catalog contains data from all of the domains in the AD forest.

因此，GC仅在您需要跨多个域查找内容时才起作用。如果您只有一个域，则GC根本无法为您提供任何帮助。

So the GC really only comes into play when you need to find things across multiple domains. If you have just a single domain, the GC won't really help you at all.

Forest.FindAllGlobalCatalogs（）确实会为您提供包含全局编录数据集的所有域控制器服务器的列表。那么，为什么不能使用它们进行搜索呢？

Forest.FindAllGlobalCatalogs() will indeed give you the list of all domain controller servers that contain a global catalog data set. So why can't you use those to search?? Can you show us what you've tried so far??

全球目录就是这样-全球-例如您完全没有理由要指定特定的服务器.....无论如何，服务器都应具有相同的数据集。

The Global Catalog is just that - global - e.g. you shouldn't have any reason at all to want to specify a specific server..... the servers should all have the same set of data anyway.

再次：为什么您觉得需要找到具有全局编录的服务器，一旦掌握了该信息，您打算如何处理？为什么在进行全局目录搜索时感觉需要指定服务器？

So again: why do you feel the need to find a server with a global catalog, and what do you want to do with that information once you have it? Why do you feel the need to specify a server when doing a global catalog search??

这篇关于如何查找Active Directory的全局目录？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！