使用 OU 的部分路径在 Active Directory 中搜索 OU [英] Search Active Directory for an OU using a partial path to the OU

问题描述

在 AD Query 语法中有没有办法通过搜索其部分路径来找到 OU 的完整路径?

Is there a way in AD Query syntax, to find an OU's full path by searching on its partial path?

例如，我的 OU 的完整路径是:

For example, the full path to my OU is:

OU=Clerks,OU=OfficeA,OU=Administration,DC=domain,DC=local

现在，我想尝试使用部分路径搜索并找到该对象:

Now, I'd like to try and search and find that object by using the partial path:

OU=Clerks,OU=OfficeA

我希望能够搜索以下内容:

I'd like to be able to search something like:

(&(objectCategory=organizationalUnit)(path=Clerks/OfficeA*))

我找不到任何有关如何完成此类操作的语法示例.我正在开发的程序要求我获得许多 OU 的路径，这些 OU 在最后两级 OU 中都有一个共同的结构，但是它们可以嵌套在域中的任何给定深度.如果我可以像这样搜索，那么只需通过最后两个 OU 嵌套级别搜索即可轻松获得完整路径.

I can't find any syntax examples of how to accomplish something like this. A program I'm developing requires that I get the paths to a lot of OU's which all have a common structure in the last two levels of OU's, however they can be nested at any given depth in the domain otherwise. If I can search somehow like this, it would be easy to get the full path just searching by the last two OU nested levels.

推荐答案

您想要做的事情存在于纯 LDAP 实现中，它是一个名为 ExtensibleMatch 的功能，似乎在 这篇维基文章.您还可以在这里找到一些有用的例子.

The thing you want to do exists on pure LDAP implementation it's a feature called ExtensibleMatch wich seems to be correctly explained in this wiki article . You will also found something helpfull examples here.

但它不存在于 Active-Directory 中

But it's not present in Active-Directory

所以这是一个用 C# 编写的方法，它利用 DirectoryEntry 的 Parent 属性.

So here is a method writen in C# that exploit the Parent propertie of a DirectoryEntry.

   static List<DirectoryEntry> OuInTheFormOf(DirectoryEntry deBase, string ou1, string ou2)
    {
      List<DirectoryEntry> deList = null;

      /* Directory Search
       */
      DirectorySearcher dsLookFor = new DirectorySearcher(deBase);
      dsLookFor.Filter = ou1;
      dsLookFor.SearchScope = SearchScope.Subtree;
      dsLookFor.PropertiesToLoad.Add("ou");

      SearchResultCollection srcOUs = dsLookFor.FindAll();

      if (srcOUs.Count != 0)
      {
        deList = new List<DirectoryEntry>();

        foreach (SearchResult srOU in srcOUs)
        {
          DirectoryEntry deOU = srOU.GetDirectoryEntry();
          if (deOU.Parent.Name.ToUpper() == ou2.ToUpper())
            deList.Add(deOU);
        }
      }
      return deList;
    }

这里是用法:

  /* Connection to Active Directory
   */
  DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/dc=dom,dc=fr");

  List<DirectoryEntry> l = OuInTheFormOf(deBase, "ou=Clerks", "ou=OfficeA");

  foreach (DirectoryEntry deTmp in l)
  {
    Console.WriteLine(deTmp.Properties["distinguishedName"].Value);
  }

这篇关于使用 OU 的部分路径在 Active Directory 中搜索 OU的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！