查询活动目录 [英] Querying Active directory

问题描述

我想在不输入用户凭据的情况下针对Active Directory查询用户凭据。即用户登录到他的公司系统（Intranetwork），我需要使用这些凭据来验证是否有广告，如果用户存在，则检索他的电子邮件地址。（无需单点登录）

I want to query user credentials against an Active Directory without the user entering his credentials. i.e The user logs into his corporate system(Intranetwork) i need to use these credentials to verify against an AD and retrieve his email address if the user exists.(NO single sign on required)

推荐答案

当然，现在回答还为时已晚，但是...像我这样的人可以搜索相同的答案...

Of course, It is too late to answer, but ... someone like me can search same answer...

我不确定您为什么需要验证用户凭据？
如果用户已经登录，则...凭据已通过验证。

I'm just not sure why do you need to verify user credentials? If user already logged-in then ... credentials are verified.

可以使用Windows powershell来获取电子邮件（以及来自AD的其他信息）。

Getting his email (and other info from AD) is possible by using Windows powershell.

public class TestWindowsAD {

public static void main(String... args) throws Exception {

    System.out.println("Current user e-mail: " + getCurrentUserEmail());

}

private static String getCurrentUserEmail() {

    String cmd = "powershell \"Add-Type -AssemblyName System.DirectoryServices.AccountManagement;[System.DirectoryServices.AccountManagement.UserPrincipal]::Current.EmailAddress;\"";
    String userEmail = "";
    if (!System.getProperty("os.name").toLowerCase().startsWith("win")) { throw new RuntimeException(
            "We are not in Windows! OS is " + System.getProperty("os.name")); }
    Runtime rt = Runtime.getRuntime();
    Process pr;
    try {
        pr = rt.exec(cmd);
        pr.waitFor();
        BufferedReader bf = new BufferedReader(new InputStreamReader(pr.getInputStream()));
        String nextLine = null;

        while (true) {
            nextLine = bf.readLine();
            if (nextLine == null) break;
            userEmail = nextLine;
        }
        bf.close();
    } catch (Exception e) {
        System.err.println("Failed to get user email: " + e.getMessage());
        throw new RuntimeException(e);
    }

    return userEmail;
}

如果您需要更多信息，只需在命令提示符下运行：

P.S. if you need more info just run in command prompt:

powershell "Add-Type -AssemblyName System.DirectoryServices.AccountManagement;[System.DirectoryServices.AccountManagement.UserPrincipal]::Current"

并选择您需要的内容。

这篇关于查询活动目录的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！