Active Directory 搜索 - 按经理过滤 [英] Active Directory search - filter by Manager

问题描述

我正在尝试从 Active Directory 获取具有指定经理的用户列表.我使用了以下 LDAP 过滤器但没有成功:

I'm trying to get a list of users from the Active Directory, who have a specified manager. I used the following LDAP filter without success:

(manager=CN=Misterboss_n*)

然而，它没有返回任何结果.用户在 manager 属性中具有以下值:

However, it returns no result. Users have the following value in the manager attribute:

"CN=Misterboss_n,OU=xyz user,DC=xyz,DC=local"

我做错了什么?如果我用这样的东西替换上面的过滤器:

What am I doing wrong? If I replace the above filter with something like this:

(givenName=John*)

它工作正常(返回所有名字为 John 的用户).

it works okay (returns all users whose given name is John).

更广泛的背景:

public List<ADUserDetail> GetAllEmployeesUnderMisterboss()
        {
            List<ADUserDetail> userlist = new List<ADUserDetail>();
            string filter = "";
            _directoryEntry = null;
            DirectorySearcher directorySearch = new DirectorySearcher(SearchRoot);
            directorySearch.Asynchronous = true;
            directorySearch.CacheResults = true;
            filter = "(manager=CN=Misterboss_n*)";
            directorySearch.Filter = filter;
            SearchResultCollection userCollection = directorySearch.FindAll();
            foreach (SearchResult users in userCollection)
            {
                DirectoryEntry userEntry = new DirectoryEntry(users.Path, LDAPUser, LDAPPassword);
                ADUserDetail userInfo = ADUserDetail.GetUser(userEntry);
                userlist.Add(userInfo);
            }
            return userlist;
        }

感谢您的帮助！

推荐答案

我认为没有可用于 DN 类型属性的字段开始搜索.您必须使用经理的完整 DN.如果您不知道完整的 DN，请先找到经理的 LDAP 对象并使用其 distinguishedName 属性.

I don't think there is a start-of-field search available for DN-typed properties. You will have to use the full DN of the manager. If you don't know the full DN, find the manager's LDAP object first and use its distinguishedName property.

确保正确转义DN值，然后再构建您的过滤器 - 并非所有在 DN 中有效的字符在 LDAP 过滤器表达式中也有效:

Be sure to escape the DN value properly before building your filter - not every character that is valid in a DN is also valid in an LDAP filter expression:

*   as  2a
(   as  28
)   as  29
   as  5c
NUL as  0
/   as  2f

有关代码示例，请参阅此相关线程，我在其中回答了一个非常相似的问题:从 Active Directory 获取所有直接报告

For code samples, see this related thread where I answered a very similar question: Getting all direct Reports from Active Directory

这篇关于Active Directory 搜索 - 按经理过滤的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！