如何获得Active Directory用户的IAD接口? [英] How to get the IADs interface of an active directory user?
问题描述
我怎样才能获得的 的IAD Active Directory用户界面 - 通过的用户名的
注意:本地code
我试图写一个可以得到的 的IAD 的界面的用户的Active Directory中。
i am trying to write the function that can get the IADs interface of a user in Active Directory.
我有以下的伪code至今:
i have the following "pseudocode" so far:
public IADs GetUserObject(string samAccountName)
{
IADs ads;
//Get the current domain's distinguished name ("dc=stackoverflow,dc=com")
AdsGetObject("LDAP://rootDSE", IADs, ref ads);
String dn = ads.Get("defaultNamingContext"); //"dc=stackoverflow,dc=com"
String path;
//Attempt #1 to bind to a user by username
path = "LDAP://sSAMAccountName="+samAccountName+",dc=stackoverflow,dc=com"
AdsGetObject(path, IADs, ref ads); //invalid syntax
return ads;
}
这一招,我想不通,是如何绑定到他们的帐户名用户。下面variantions不起作用:
The trick, that i cannot figure out, is how to bind to the user by their account name. The following variantions don't work:
-
LDAP:// sSAMAccountName =伊恩,DC =计算器,DC = COM - <$c$c>LDAP://dc=stackoverflow,dc=com;(&(objectCategory=user)(sAMAccountName=ian))
- <$c$c><LDAP://dc=stackoverflow,dc=com>;(&(objectCategory=user)(sAMAccountName=ian))
LDAP://sSAMAccountName=ian,dc=stackoverflow,dc=comLDAP://dc=stackoverflow,dc=com;(&(objectCategory=user)(sAMAccountName=ian))<LDAP://dc=stackoverflow,dc=com>;(&(objectCategory=user)(sAMAccountName=ian))
修改
这的 A版确实的工作,但并没有回答我的问题,就是:
A version that does work, but doesn't answer my question, is:
-
LDAP:// CN =伊恩·博伊德,OU =阿凡达用户,DC =计算器,DC = COM
LDAP://cn=Ian Boyd,ou=Avatar Users,dc=stackoverflow,dc=com
它不回答我的问题有两个原因:
It doesn't answer my question for two reasons:
- 在我不知道用户的
CN(通用名)(如伊恩·博伊德),只有他们的sAMAccountName赋(如伊恩) - 不为用户的工作不是在头像用户组织单位;我不知道用户的OU
- i don't know the user's
CN(Common-Name) (e.g. Ian Boyd), only theirsAMAccountName(e.g. ian) - doesn't work for users not in the Avatar Users organizational unit; and i don't know a user's OU
这是从我的笔记面前:
注意:
- 在我不知道的域名(不过没关系,我可以在运行时得到它)
- 在我不知道的任何Active Directory服务器的名称
- 在我不知道该用户是在文件夹
TL;博士:你会如何编写实用功能:
tl;dr: How would you write the utility function:
public IADs GetUserObject(string samAccountName)
{
//TODO: ask stackoverflow
}
更新2:
注意
- 我已经知道如何查询有关使用.NET的DirectorySearcher从 用户信息
- 我已经知道如何查询有关使用Active Directory服务提供商OLEDB使用ADO 的用户信息(使用SQL语法,而不是原生语法)
- 我现在找code来查询有关使用Active Directory服务COM对象 用户信息(因此有关获取问题的
的IAD 为用户)
- i already know how to query for information about a user using .NET's DirectorySearcher
- i already know how to query for information about a user using the Active Directory Services OLEDB provider with ADO (using the SQL syntax, but not the native syntax)
- i'm now looking for code to query for information about a user using Active Directory Services COM objects (hence the question about getting an
IADsfor a user)
更新3
这当然可能需要我申请的过滤器的,但我不知道在哪里。唯一ActiveDs接口提及过滤器是的 IADSContainer ,但我不知道从哪里得到的。
It certainly might require me to apply "filters", except i don't know where. The only ActiveDs interface that mentions Filter is IADSContainer, but i don't know where to get one.
我试图随机获得从根的IAD 接口 IADsContainer 接口,但的RootDSE不支持 IADsContainer :
i tried randomly to get the IADsContainer interface from the root IADs interface, but "rootDSE" doesn't support IADsContainer:
IADs ads = AdsGetObject("LDAP://rootDSE");
IADsContainer container = (IADsContainer)ads; //interface not supported exception
我
- 在问如何获得的
IADsContainer公元根的问题- 在这样我就可以问怎么递归搜索活动目录中
- 在这样我就可以请教如何使用过滤
IADsContainer- <一个href="http://stackoverflow.com/questions/8591789/how-to-get-the-iads-interface-of-an-active-directory-user">so我可以找出如何让用户的的IAD对象
- <一个href="http://stackoverflow.com/questions/8564675/how-to-query-activedirectory-from-native-$c$c/8567800#8567800">so我的人物如何查询AD用户属性
- ask a question on how to get the
IADsContainerof the AD root- so i can ask how to recursively search active diretory
- so i can ask how to filter using
IADsContainer- so i can figure out how to get the IADs object of a user
- so i an figure out how to query AD for user properties
不过,跟踪所有这些问题是困难的。
But keeping track of all these questions is difficult.
推荐答案
如果你知道
sAMAccountName赋的价值,并需要获得的IAD 的查找的Active Directory中的用户通过sAMAccountName赋并获得的distinguishedName的用户属性。你已经知道如何获得的IAD按的distinguishedName。If you know the value of
sAMAccountNameand need to getIADsof the user you need first find the user in Active Directory by thesAMAccountNameand getdistinguishedNameattribute of the user. You know already how to getIADsbydistinguishedName.所以,你应该只要按照<一href="http://msdn.microsoft.com/en-us/library/windows/desktop/ms676882%28v=vs.85%29.aspx#c___example"相对=nofollow>从MSDN的code 为例。首先,你得到
defaultNamingContext的LDAP的AD容器。IDirectorySearch接口:// RootDSE的So you should just follow the code from MSDN for example. First you get
IDirectorySearchinterface of the AD container ofdefaultNamingContextof"LDAP://rootDSE".IADs domain; ADsGetObject("LDAP://rootDSE", IADs, domain);然后你使用 IDirectorySearch :: ExecuteSearch 使用过滤字符串申请搜索:
Then you use IDirectorySearch::ExecuteSearch to apply search using the filter string:
(&(objectClass=user)(objectCategory=person)(sAMAccountName=theName))注意:的搜索过滤器语法描述的此处。
Note: The search filter syntax is described here.
IDirectorySearch directorySearch = domain as IDirectorySearch; ADS_SEARCH_HANDLE searchHandle; directorySearch.ExecuteSearch( "(&(objectClass=user)(objectCategory=person)(sAMAccountName=ian))", attributeNames, numberOfAttributes, out searchHandle);-
您使用
sAMAccountName赋的已知值,而不是theName。you use the known value of
sAMAccountNameinstead oftheName.为
pAttributeNames您可以使用LPOLESTR阵列,由来自L的distinguishedName只(见pszNonVerboseList从code为例,看看FindUsers 的情况下bIsVerbose为FALSE)。for
pAttributeNamesyou can useLPOLESTRarray which consist fromL"distinguishedName"only (seepszNonVerboseListfrom the code example and look the code ofFindUsersin case ofbIsVerboseasFALSE).您应该首先
的distinguishedName属性(和唯一的如果存在)发现的物品。有的distinguishedName属性可以使用AdsGetObject获得的IAD用户的。You should get
distinguishedNameattribute of first (and the only if any exist) found item. HavingdistinguishedNameattribute you can useAdsGetObjectto get theIADsof the user.另外,你可以得到
的objectGUID的用户,而不是的distinguishedName属性属性和使用的由GUID 语法,但的使用绑定的distinguishedName我个人觉得更清晰易懂。Alternatively you can get
objectGUIDattribute of the user instead ofdistinguishedNameattribute and use binding by GUID syntax, but the usage ofdistinguishedNameI personally find more clear and understandable.public IADs GetUserObject(string samAccountName) { IADs ads; //Get the current domain's distinguished name (e.g. "dc=stackoverflow,dc=com") AdsGetObject("LDAP://rootDSE", IADs, ref ads); String dn = ads.Get("defaultNamingContext"); //"dc=stackoverflow,dc=com" //Get the the object of the current domain (e.g. LDAP://dc=stackoverflow,dc=com) AdsGetObject("LDAP://"+dn, IADs, ref ads); //Now we're going to search for the "distinguishedName" of this user //setup the search filter for the user we want String filter = "(&(objectClass=user)(objectCategory=person)(sAMAccountName="+samAccountName+"))"; //specify that we only need to return one attribute, distinguishedNamem, //otherwise it returns all attributes and is a waste of resources String[] searchAttributes = { "distinguishedName" }; //run the search IDirectorySearch ds = ads as IDirectorySearch; ADS_SEARCH_HANDLE searchHandle; ds.ExecuteSearch(filter, searchAttributes, 1, out searchHandle); ds.GetFirstRow(searchHandle); //Now get the details of the "distinguishedName" column ADS_SEARCH_COLUMN column; ds.GetColumn(searchHandle, "distinguishedName", ref column); //Get the user's distinguishedName String dn = column.pADsValues.DNString; //Now that we have the user's distinguishedName, we can do what we really wanted: AdsGetObject("LDAP://"+dn, IADs, ads); return ads; }这意味着,在概念上可以分为两个步骤进行:
This means that conceptually it can be broken down into two steps:
- 在获取用户的的distinguishedName 从
的samAccountName - 获取的
的IAD的的distinguishedName
- getting a user's distinguishedName from their
samAccountName - fetching the
IADsfor a distinguishedName
和分裂code:
public IADs GetUserObject(string samAccountName) { String userDistinguishedName = GetUserDistinguishedName(samAccountName); return GetObject("LDAP://"+userDistingishedName); } public String GetUserDistinguishedName(string samAccountName) { //Get the current domain's distinguished name (e.g. "dc=stackoverflow,dc=com") IADs ads = GetObject("LDAP://rootDSE"); String dn = ads.Get("defaultNamingContext"); //"dc=stackoverflow,dc=com" //Get the the object of the current domain (e.g. LDAP://dc=stackoverflow,dc=com) ads := GetObject("LDAP://"+dn); //Now we're going to search for the "distinguishedName" of this user //setup the search filter for the user we want String filter = '(&(objectClass=user)(objectCategory=person)(sAMAccountName='+samAccountName+'))'; //specify that we only need to return one attribute, distinguishedNamem, //otherwise it returns all attributes and is a waste of resources String[] searchAttributes = { "distinguishedName" }; //run the search IDirectorySearch ds = ads as IDirectorySearch; ADS_SEARCH_HANDLE searchHandle; ds.ExecuteSearch(filter, searchAttributes, 1, out searchHandle); ds.GetFirstRow(searchHandle); //Now get the details of the "distinguishedName" column ADS_SEARCH_COLUMN column; ds.GetColumn(searchHandle, "distinguishedName", ref column); //Get the user's distinguishedName return column.pADsValues.DNString; }这篇关于如何获得Active Directory用户的IAD接口?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
- 在获取用户的的distinguishedName 从
- so i can figure out how to get the IADs object of a user
- so i can ask how to filter using
- so i can ask how to recursively search active diretory
- <一个href="http://stackoverflow.com/questions/8591789/how-to-get-the-iads-interface-of-an-active-directory-user">so我可以找出如何让用户的的IAD对象
- 在这样我就可以请教如何使用过滤
- 在这样我就可以问怎么递归搜索活动目录中
