查找在Active Directory用户的登录名 [英] Finding a User in Active Directory with the Login Name

问题描述

我可能只是愚蠢，但我试图找到从C＃的Active Directory用户，使用登录名称（域\用户）。

I'm possibly just stupid, but I'm trying to find a user in Active Directory from C#, using the Login name ("domain\user").

我的骨架AD搜索功能看起来像这样通常是：

My "Skeleton" AD Search Functionality looks like this usually:

de = new DirectoryEntry(string.Format("LDAP://{0}", ADSearchBase), null, null, AuthenticationTypes.Secure);
ds = new DirectorySearcher(de);
ds.SearchScope = SearchScope.Subtree;
ds.PropertiesToLoad.Add("directReports");
ds.PageSize = 10;
ds.ServerPageTimeLimit = TimeSpan.FromSeconds(2);
SearchResult sr = ds.FindOne();

现在，这工作如果我有用户的完整DN（ADSearchBase通常指向了我们的用户OU在Active Directory），但我根本不知道如何基于域寻找用户\用户的语法。

Now, that works if I have the full DN of the user (ADSearchBase usually points to the "Our Users" OU in Active Directory), but I simply have no idea how to look for a user based on the "domain\user" syntax.

任何指针？

推荐答案

您需要设置一个过滤器（DirectorySearcher.Filter）是这样的：

You need to set a filter (DirectorySearcher.Filter) something like:

（及（objectCategory属性=人）（objectClass的=用户）（sAMAccountName赋= {0}））

"(&(objectCategory=person)(objectClass=user)(sAMAccountName={0}))"

请注意，您只有指定的用户名（不带域）的属性sAMAccountName赋。要搜索域\用户，首先找到的命名上下文中的所需站点，然后搜索那里sAMAccountName赋。

Note that you only specify the username (without the domain) for the property sAMAccountName. To search for domain\user, first locate the naming context for the required domain, then search there for sAMAccountName.

顺便说一句，建筑使用的String.Format LDAP查询字符串时，你一般应小心转义任何特殊字符。这可能是没有必要的帐户​​名，但可能是，如果你被其他属性搜索，如用户的第一个（给定名称属性）或最后一个（SN属性）的名字。我有一个实用的方法EscapeFilterLiteral做到这一点：你建立你的字符串是这样的：

By the way, when building LDAP query strings using String.Format, you should generally be careful to escape any special characters. It probably isn't necessary for an account name, but could be if you're searching by other properties such as the user's first (givenName property) or last (sn property) name. I have a utility method EscapeFilterLiteral to do this: you build your string like this:

String.Format("(&(objectCategory=person)(objectClass=user)(sn={0}))", 
              EscapeFilterLiteral(lastName, false));

在这里EscapeFilterLiteral实现如下：

where EscapeFilterLiteral is implemented as follows:

public static string EscapeFilterLiteral(string literal, bool escapeWildcards)
{
    if (literal == null) throw new ArgumentNullException("literal");

    literal = literal.Replace("\\", "\\5c");
    literal = literal.Replace("(", "\\28");
    literal = literal.Replace(")", "\\29");
    literal = literal.Replace("\0", "\\00");
    literal = literal.Replace("/", "\\2f");
    if (escapeWildcards) literal = literal.Replace("*", "\\2a");
    return literal;
}

这实现允许你对待*字符作为文字（escapeWildcard =真）的一部分，或作为通配符（escapeWildcard = FALSE）。

This implementation allows you treat the * character as part of the literal (escapeWildcard = true) or as a wildcard character (escapeWildcard = false).

更新：这是没有关系的问题，但你贴的例子并不调用Dispose它使用的一次性物品。像所有可支配的对象，这些对象（的DirectoryEntry，DirectorySearcher从，SearchResultCollection）应经常进行处理，通常与使用的语句。请参阅<一href="http://stackoverflow.com/questions/90652/can-i-get-more-than-1000-records-from-a-directorysearcher-in-aspnet#90668">this帖子获取更多信息。

UPDATE: This is nothing to do with your question, but the example you posted does not call Dispose on the disposable objects it uses. Like all disposable objects these objects (DirectoryEntry, DirectorySearcher, SearchResultCollection) should always be disposed, normally with the using statement. See this post for more info.

这篇关于查找在Active Directory用户的登录名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！