你怎么能找到从C＃中的活动目录用户？ [英] How can you find a user in active directory from C#?

问题描述

我试图找出如何搜索从C＃AD同样，如何查找用户，联系人和组在Active Directory用户和计算机工具的工作原理。我有一个字符串，要么包含组名，或用户的名字（通常在格式姓名middleinitial [如果他们有酮]姓氏，但不总是）。即使我做组与用户的一个单独的查询，我不能想出一个方法来搜索，捕获大多数用户帐户。查找用户，联系人和组工具，使他们回到几乎每一次。任何人有什么建议？

I'm trying to figure out how to search AD from C# similarly to how "Find Users, Contacts, and Groups" works in the Active Directory Users and Computers tool. I have a string that either contains a group name, or a user's name (usually in the format firstname middleinitial [if they have one] lastname, but not always). Even if I do a seperate query for groups vs. users, I can't come up with a way to search that captures most user accounts. The Find Users, Contacts, and Groups tool brings them back almost every time. Anyone have any suggestions?

我已经知道如何使用DirectorySearcher类，问题是，我无法找到做什么，我想查询。无论CN也不samaccount名字有什么关系在这个用户的名字，所以我无法搜索那些。拆分东西和搜索上的SN和给定名称不捕获近尽可能多的任何地方作为工具的功能。

I already know how to use the DirectorySearcher class, the issue is that I can't find a query that does what I'd like. Neither cn nor samaccount name has anything to do with the user's name in this, so I'm unable to search on those. Splitting things up and searching on sn and givenName doesn't catch anywhere near as much as that tool does.

推荐答案

您在.NET 3.5？如果是这样的 - 广告在.NET 3.5中强大的新功能 - 看看这篇文章管理目录安全主体在.NET 3.5伊森Wilanski和乔·卡普兰的。

Are you on .NET 3.5 ? If so - AD has great new features in .NET 3.5 - check out this article Managing Directory Security Principals in .NET 3.5 by Ethan Wilanski and Joe Kaplan.

其中一个重大的新特性是PrincipalSearcher级这应会大大简化了查找用户和/或组的AD。

One of the big new features is a "PrincipalSearcher" class which should greatly simplify finding users and/or groups in AD.

如果您不能使用.NET 3.5，有一件事，可能使您的生活更轻松被称为模糊名称解析，这是一个鲜为人知的特殊的搜索过滤，将搜索在几乎任何名称相关的属性的一次。

If you cannot use .NET 3.5, one thing that might make your life easier is called "Ambiguous Name Resolution", and it's a little known special search filter that will search in just about any name-related attribute all at once.

指定您的LDAP搜索查询是这样的：

Specify your LDAP search query like this:

searcher.Filter = string.Format("(&(objectCategory=person)(anr={0}))", yourSearchTerm)

另外，我建议对objectCategory属性属性筛选，因为这是单值，默认情况下在AD，这是很多比使用对象类更快的索引。

Also, I would recommend filtering on the "objectCategory" attribute, since that's single-valued and indexed by default in AD, which is a lot faster than using "objectClass".

马克·

这篇关于你怎么能找到从C＃中的活动目录用户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！