从Active Directory获取刚刚启用的帐户 [英] Get just the Enabled Accounts from Active Directory
问题描述
我使用 System.DirectoryServices.AccountManagement.dll 来处理与Active Directory
让所有的用户在域用户组。
这是返回所有的域用户,但我需要得到公正启用的。
下面是一些示例code:
名单,其中,串>用户=新的名单,其中,串>();
PrincipalContext pcContext = GetPrincipalContext();
GroupPrincipal GRP = GroupPrincipal.FindByIdentity(pcContext,
IdentityType.Name,
域用户);
的foreach(在grp.GetMembers主要用户(真).OfType< UserPrincipal>())
{
如果(user.Enabled!= FALSE)
{
users.Add(user.Name);
}
}
其他组正常工作,但是当组是域用户,在已启用属性的值是假为所有用户。这使得不可能使能和禁止的用户区分而不做进一步的查询为每个用户。
有一个关于在<一的一句话href="http://msdn.microsoft.com/fr-fr/library/system.directoryservices.accountmanagement.authenticableprincipal.enabled.aspx"相对=nofollow> Enabled属性的MSDN页面说:
如果主体没有被坚持在店里,这个属性返回null。之后的本金依然存在,默认启用的设置取决于存储。在AD DS和AD LDS商店关闭他们坚持在新的校长,而SAM可以实现新的校长,他们都坚持的时候。该应用程序只能将此属性设置为一个值后,已经坚持在店里。
也许是相关的,如果默认是假的?
此外,还有在MSDN论坛上关于<一后href="http://social.msdn.microsoft.com/Forums/vstudio/en-US/939fdd80-7623-4db3-a166-645803610c48/userprincipalenabled-returns-false-for-accounts-that-are-in-fact-enabled"相对=nofollow> UserPrincipal.Enabled返回False的帐户实际上启用?以及真正的声音类似于您的问题。据后有可能是一个解决方案在这里:
我想我误会了。不要理会我之前发布。我想我 知道发生了什么。该GetMembers方法显然是不加载 该UserPrincipal数据。我不知道是否有更好的解决方案, 但下面的工作(至少在我的AD):
的foreach(在group.GetMembers UserPrincipal用户(假))
{
UserPrincipal tempUser = UserPrincipal.FindByIdentity(背景下,user.SamAccountName);
//使用tempUser.Enabled
//其他code在这里
}
I am using System.DirectoryServices.AccountManagement.dll to deal with Active Directory
to get all the users in the "Domain Users" group.
This is returning all the users in the domain but I need to get just the enabled ones.
Here is some sample code:
List<string> users = new List<string>();
PrincipalContext pcContext = GetPrincipalContext();
GroupPrincipal grp = GroupPrincipal.FindByIdentity(pcContext,
IdentityType.Name,
"Domain Users");
foreach (Principal user in grp.GetMembers(true).OfType<UserPrincipal>())
{
if (user.Enabled != false)
{
users.Add(user.Name);
}
}
Other groups work fine, but when the group is "Domain Users", the value of the Enabled property is false for all users. This makes it impossible to distinguish between enabled and disabled users without doing a further query for each user.
There's a remark on the MSDN page of the Enabled property saying :
If the principal has not been persisted in the store, this property returns null. After the principal is persisted, the default enabled setting depends on the store. The AD DS and AD LDS stores disable new principals when they are persisted, whereas SAM enables new principals when they are persisted. The application can only set this property to a value after it has been persisted in the store.
Perhaps it's related if the default is false ?
Also, there's a post on the MSDN forum about UserPrincipal.Enabled returns False for accounts that are in fact enabled? and that really sound similar to your issue. According to the post there's perhaps a solution here :
I think I misunderstood. Disregard what I posted before. I think I know what's happening. The GetMembers method apparently isn't loading the UserPrincipal data. I don't know if there is a better solution, but the following works (at least on my AD):
foreach (UserPrincipal user in group.GetMembers(false))
{
UserPrincipal tempUser = UserPrincipal.FindByIdentity(context, user.SamAccountName);
// use tempUser.Enabled
// other code here
}
这篇关于从Active Directory获取刚刚启用的帐户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
