C＃ - 在搜索跨多个Active Directory域用户 [英] C# - Searching for users across multiple Active Directory domains

问题描述

我使用的是System.DirectoryServices.AccountManagement提供用户查找功能。

该业务有几个特定地区的AD域：AMR，欧元，JPN等

有欧元域下工作，但不会从其他域返回用户（自然）：

  VAR上下文=新PrincipalContext（ContextType.Domain，mycorp.com，DC =欧元，DC = MyCorp的，DC = COM）;

VAR的查询=新UserPrincipal（的getContext（））;

query.Name =*布洛格斯*;

VAR用户=新PrincipalSearcher（查询）.FindAll（）了ToList（）。
 

不过，如果我定位的整个目录，它不会从任何的区域特定域的回报用户

  VAR上下文=新PrincipalContext（ContextType.Domain，mycorp.com，DC = MyCorp的，DC = COM）;
 

我如何搜索整个目录？

更新

阅读上的Active Directory如何搜索工作：

<一个href="http://technet.microsoft.com/en-us/library/cc755809(v=ws.10).aspx">http://technet.microsoft.com/en-us/library/cc755809(v=ws.10).aspx

如果我用后缀端口的服务器名称3268将搜索对全局编录：

  VAR上下文=新PrincipalContext（ContextType.Domain，mycorp.com:3268，DC = MyCorp的，DC = COM）;
 

不过这是非常，非常缓慢。关于如何提高性能有什么建议？

解决方案

具有初始通配符查询（*布洛格斯*），除非你有一个元组指数将是缓慢的属性是查询。没有在AD中的属性有这个设置为默认。最好不要做初始通配符。

I'm using the System.DirectoryServices.AccountManagement to provide user lookup functionality.

The business has several region specific AD domains: AMR, EUR, JPN etc.

The following works for the EUR domain, but doesn't return users from the other domains (naturally):

var context = new PrincipalContext(ContextType.Domain, "mycorp.com", "DC=eur,DC=mycorp,DC=com");

var query = new UserPrincipal(GetContext());

query.Name = "*Bloggs*";

var users = new PrincipalSearcher(query).FindAll().ToList();

However, if I target the entire directory, it doesn't return users from any of the region specific domains:

var context = new PrincipalContext(ContextType.Domain, "mycorp.com", "DC=mycorp,DC=com");

How do I search the entire directory?

Update

Read up on "How Active Directory Searches Work":

http://technet.microsoft.com/en-us/library/cc755809(v=ws.10).aspx

If I suffix the server name with port 3268 it searches against the Global Catalog:

var context = new PrincipalContext(ContextType.Domain, "mycorp.com:3268", "DC=mycorp,DC=com");

However it's very, very slow. Any suggestions on how to improve performance?

解决方案

Queries which have initial wildcards (*Bloggs*) will be slow unless you have a tuple index on the attribute being queries. None of the attributes in AD have this set by default. Better to not do initial wildcards.

这篇关于C＃ - 在搜索跨多个Active Directory域用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！