特定 OU 中子 OU 中所有用户的 LDAP 查询 [英] LDAP query for all users in sub OUs within a particular OU
问题描述
我必须处理的活动目录是这样布置的:域包含许多 OU.这些 OU 之一被命名为主 OU".在这个 OU 中,有几个以全球办事处位置命名的 OU(即芝加哥"巴黎").
The active directory I have to deal with is laid out as such: the domain contains many OUs. One of these OUs is named "Primary OU". Within this OU are several OUs named with location of global offices (ie "Chicago" "Paris").
任何实际有血有肉的用户帐户都会放入以他们工作的办公室命名的 OU 中,作为他们的主要 OU.任何作为别名、通用帐户或不直接与真人关联的用户帐户都将主要 OU"OU 设置为其主要 OU.
Any user account that is an actual flesh and bone person is put into the OU named for the office they work in as their primary OU. Any user account that is an alias, generic account, or otherwise not directly tied to a real person, has the "Primary OU" OU set as their primary OU.
在数据方面,这个主要的 OU 区别是唯一表明哪些用户是真人,哪些用户不是.没有组只包含真人,在任何字段中都没有指示他们是否是真人,并且严格禁止对活动目录或任何用户帐户进行任何更改.
Data-wise, this primary OU distinction is the only thing that indicates which users are real people, and which users are not. There is no group that contains only real people, no indicator in any field that they are real people or not, and making any changes to active directory or any user accounts is strictly forbidden.
我的任务是编写一个查询,它只会获取所有真正有血有肉的人.
My task is writing a query that will only get all actual flesh and bone people.
不幸的是,LDAP 并不是我的强项,我想出的唯一方法是单独搜索每个办公室子 OU 并将所有结果放在一起,但是有很多办公室,需要进行更改查询是否添加了任何办公室,我需要避免.
Unfortunately LDAP is not exactly my strong suit and the only way I've come up with is searching each of these office sub OUs individually and putting all the results together, but there are a lot of offices and it would require a change to the query if any offices were added, which I need to avoid.
有没有办法查询特定 OU 的子"OU 中的所有用户,但不直接返回父 OU 中的任何用户?
Is there a way to query all users within a particular OU's "sub" OUs, but not return any users directly in the parent OU?
推荐答案
是的,当然 - 你需要:
Yes, sure - you would need to:
1) 绑定到特定的 OU
1) Bind to the particular OU
DirectoryEntry myOU = new DirectoryEntry("LDAP://OU=MyOU,......,DC=MyCompany,DC=com");
2) 枚举其所有子OU的
2) Enumerate all its sub-OU's
DirectorySearcher subOUsearcher = new DirectorySearcher(myOU);
subOUsearcher.SearchScope = SearchScope.OneLevel; // don't recurse down
subOUsearcher.Filter = "(objectClass=organizationalUnit)";
foreach(SearchResult subOU in subOUsearcher.FindAll())
{
// stick those Sub OU's into a list and then handle them
}
3) 逐一枚举每个子OU中的所有用户,并将其粘贴到全局用户列表中
3) One-by-one enumerate all the users in each of the sub-OU's and stick them into a global list of users
DirectorySearcher userSearcher = new DirectorySearcher(myCurrentSubOu);
userSearcher.SearchScope = SearchScope.OneLevel; // don't recurse down
userSearcher.Filter = "(objectClass=user)";
foreach(SearchResult user in userSearcher.FindAll())
{
// stick those users into a list being built up
}
4) 返回该列表
马克
这篇关于特定 OU 中子 OU 中所有用户的 LDAP 查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
