如何从活动目录中获取用户列表? [英] How can I get a list of users from active directory?

问题描述

如何从活动目录中获取用户列表?有没有办法提取用户名，名字，姓氏?我看到一个类似的帖子使用了这个:

How can I get a list of users from active directory? Is there a way to pull username, firstname, lastname? I saw a similar post where this was used:

 PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN");

我从来没有对活动目录做过任何事情，所以我完全迷失了.任何帮助将不胜感激！

I have never done anything with active directory so I am completely lost. Any help would be greatly appreciated!

推荐答案

如果您不熟悉 Active Directory，我建议您首先了解 Active Directory 如何存储数据.

If you are new to Active Directory, I suggest you should understand how Active Directory stores data first.

Active Directory 实际上是一个 LDAP 服务器.存储在 LDAP 服务器中的对象是分层存储的.这与您将文件存储在文件系统中非常相似.这就是为什么它被命名为 Directory 服务器和 Active Directory

Active Directory is actually a LDAP server. Objects stored in LDAP server are stored hierarchically. It's very similar to you store your files in your file system. That's why it got the name Directory server and Active Directory

Active Directory 上的容器和对象可以通过专有名称来指定.专有名称是这样的CN=SomeName,CN=SomeDirectory,DC=yourdomain,DC=com.与传统的关系数据库一样，您可以对 LDAP 服务器运行查询.这称为 LDAP 查询.

The containers and objects on Active Directory can be specified by a distinguished name. The distinguished name is like this CN=SomeName,CN=SomeDirectory,DC=yourdomain,DC=com. Like a traditional relational database, you can run query against a LDAP server. It's called LDAP query.

有多种方法可以在 .NET 中运行 LDAP 查询.您可以使用 System.DirectoryServices 中的 DirectorySearcher 或 SearchRequest 来自System.DirectoryServices.Protocol.

There are a number of ways to run a LDAP query in .NET. You can use DirectorySearcher from System.DirectoryServices or SearchRequest from System.DirectoryServices.Protocol.

对于您的问题，由于您要求专门查找用户主体对象，因此我认为最直观的方法是使用 PrincipalSearcher 来自 System.DirectoryServices.AccountManagement.你可以很容易地从谷歌找到很多不同的例子.这是一个完全符合您要求的示例.

For your question, since you are asking to find user principal object specifically, I think the most intuitive way is to use PrincipalSearcher from System.DirectoryServices.AccountManagement. You can easily find a lot of different examples from google. Here is a sample that is doing exactly what you are asking for.

using (var context = new PrincipalContext(ContextType.Domain, "yourdomain.com"))
{
    using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
    {
        foreach (var result in searcher.FindAll())
        {
            DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
            Console.WriteLine("First Name: " + de.Properties["givenName"].Value);
            Console.WriteLine("Last Name : " + de.Properties["sn"].Value);
            Console.WriteLine("SAM account name   : " + de.Properties["samAccountName"].Value);
            Console.WriteLine("User principal name: " + de.Properties["userPrincipalName"].Value);
            Console.WriteLine();
        }
    }
}
Console.ReadLine();

请注意，在 AD 用户对象上，有许多属性.特别是，givenName 会给你 First Name 而 sn 会给你 Last Name.关于用户名.我想你的意思是用户登录名.请注意，AD 用户对象上有两个登录名.一种是samAccountName，也称为Windows 2000 之前的用户登录名.userPrincipalName 一般在 Windows 2000 之后使用.

Note that on the AD user object, there are a number of attributes. In particular, givenName will give you the First Name and sn will give you the Last Name. About the user name. I think you meant the user logon name. Note that there are two logon names on AD user object. One is samAccountName, which is also known as pre-Windows 2000 user logon name. userPrincipalName is generally used after Windows 2000.

这篇关于如何从活动目录中获取用户列表?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！