在全局目录中使用DirectorySearcher查找DOMAIN \ username [英] Using DirectorySearcher in global catalog to find DOMAIN\username

问题描述

我有一个多域活动目录环境，需要基于DOMAIN \ username查找用户.

I have a multi-domain active directory environment and need to find a user based on DOMAIN\username.

以下代码非常适合按SID查找用户.

The following code works great for finding a user by SID.

DirectorySearcher directorySearcher = new DirectorySearcher(new DirectoryEntry(
    "GC://" + Forest.GetCurrentForest().Name));

directorySearcher.Filter =
    "(&" +
        (&(objectCategory=person)(objectClass=user)) +
        "(objectSid=" + this.SID + "))";
var result = directorySearcher.FindOne();

但是现在我只能使用DOMAIN \ username.

But now I'm in a situation where all I have is DOMAIN\username.

过滤器对此做了什么?

我考虑的一种方法是连接到特定域而不是全局目录，并通过不合格的SAMAccountName进行搜索.但是我的问题是我不知道如何从DOMAIN转到DC = Domain，DC = Org或domain.org.

One approach I considered is connecting to the specific domain rather than the global catalog and searching by the unqualified SAMAccountName. But my problem there is I don't know how to get from DOMAIN to DC=Domain,DC=Org or domain.org.

当我进入Active Directory用户和计算机时，按DOMAIN \ username搜索整个目录似乎没有问题.幕后发生了什么事?

When I'm in Active Directory Users and Computers, there seems to be no problem searching the entire directory by DOMAIN\username. What is happening there behind the scenes?

推荐答案

这是缺少的部分.

using System.Security.Principal;

var sid = (SecurityIdentifier)new NTAccount(userName).Translate(
    typeof(SecurityIdentifier));

这篇关于在全局目录中使用DirectorySearcher查找DOMAIN \ username的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！