如何从本机Win32（即不是.NET）code查询的ActiveDirectory [英] How to query ActiveDirectory from native Win32 (i.e. not .NET) code

问题描述

如果我想拉约从Active Directory在.NET中的用户信息，我可以使用 DirectorySearcher从类。

If i wanted to pull information about a user from Active Directory in .NET, i could use the DirectorySearcher class.

例如，要查找的电子邮件地址的用户，我会调用的：

public String GetUserEmailAddress(String accountName)
{
    DirectorySearcher searcher = new DirectorySearcher();
    searcher.Filter = String.Format("(&(objectCategory=user)(sAMAccountName={0}))", accountName);
    searcher.PropertiesToLoad.Add("mail");

    SearchResult searchResult = searcher.FindOne();

    return searchResult.Properties["mail"][0];
}

什么是的本机的方式来查询Active Directory？

What is the native way to query the Active Directory?

注意

• 在没有域名指定
• 在没有服务器指定名称

我们甚至可以扩展我们的功能，允许任何通用任意信息的查询：

We can even extend our function to allow querying of any generic arbitrary information:

public Object GetUserAttribute(String accountName, String propertyName)
{
    DirectorySearcher searcher = new DirectorySearcher();
    searcher.Filter = String.Format("(&(objectCategory=user)(sAMAccountName={0}))", accountName);
    searcher.PropertiesToLoad.Add(propertyName);

    SearchResult searchResult = searcher.FindOne();

    return searchResult.Properties[propertyName][0];
}

AD有各种各样的信息，您可以通过为 propertyName的。例如：

• 显示名 <$ C C $>（显示名称）：为对象的显示名称。这通常是用户的名字，中间初始，和姓氏的组合。 （例如伊恩·博伊德答：）
• 邮件（电子邮件地址）：电子邮件地址的联系人列表。 （例如： ianboyd@stackoverflow.com ）
• CN （通用名）：即重新presents对象的名称。用于执行搜索。
• 名称（RDN）：一个对象的相对可分辨名称。 （例如伊恩·博伊德）
• SN （姓）：这个属性包含了家人或姓氏为用户
• 给定名称（鉴于-名称）：包含了用户的给定的名称（名字）
。
• sAMAccountName赋（SAM帐户名称）：用于支持客户端和运行旧版本的操作系统，如Windows NT 4.0，Windows 95的服务器的登录名，Windows 98和LAN管理器。此属性必须少于20个字符，支持旧版客户端。
• 的objectGUID （对象GUID）：一个对象的唯一标识。 （例如： {3BF66482-3561-49a8-84A6-771C70532F25} ）
• 雇员 <$ C C $>（员工-ID）：员工的ID。     ///说明（说明）：包含以显示对象的描述。这个值被视为单值由系统。

• displayName (Display-Name): The display name for an object. This is usually the combination of the users first name, middle initial, and last name. (e.g. Ian A. Boyd)
• mail (E-mail-Addresses): The list of email addresses for a contact. (e.g. ianboyd@stackoverflow.com)
• cn (Common-Name): The name that represents an object. Used to perform searches.
• name (RDN): The Relative Distinguished Name of an object. (e.g. Ian Boyd)
• sn (Surname): This attribute contains the family or last name for a user.
• givenName (Given-Name): Contains the given name (first name) of the user.
• sAMAccountName (SAM-Account-Name): The logon name used to support clients and servers running older versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. This attribute must be less than 20 characters to support older clients.
• objectGUID (Object-Guid): The unique identifier for an object. (e.g. {3BF66482-3561-49a8-84A6-771C70532F25})
• employeeID (Employee-ID): The ID of an employee. /// "description" (Description): Contains the description to display for an object. This value is treated as single-valued by the system.

推荐答案

marc_s的答案被删除被证明是最有用的;但这里的答案的伪code中的问题：

marc_s's deleted answer proved to be the most useful; but here's the answer to the question in pseudo-code:

public GetUserEmailAddress(String accountName): String;
{
   //Get the distinguished name of the current domain 
   String dn = GetDefaultDistinguishedName(); //e.g. "dc=stackoverflow,dc=com"

   //Construct the ldap table name  (e.g. "LDAP://dc=stackoverflow,dc=com")
   String ldapTableName := "LDAP://"+dc;

   //ADO connection string
   String connectionString := "Provider=ADsDSOObject;Mode=Read;Bind Flags=0;ADSI Flag=-2147483648";

   //The sql query to execute
   String sql := 
         "SELECT mail"+CRLF+
         "FROM "+QuotedStr(ldapTableName)+CRLF+
         "WHERE objectClass = "+QuotedStr("user")+CRLF+
         "AND sAMAccountName = "+QuotedStr(userName);

   ADOConnection conn := new ADOConnection(connectionString);
   try
      Recordset rs := conn.Execute(sql);
      try
         if (rs.Eof)
            return "";

         return rs["mail"].Value;
      finally
          rs.Free;
      end;
   finally 
      conn.Free;
   end;
}

真正的秘密正在与域，而不是任何特定的服务器：

The real secret is talking to "the domain", and not any particular server:

//get the distinguished name of the current domain
public GetDefaultDistinguishedName(): string;
{
   String path := "LDAP://rootDSE";

   IADs ads;
   ADsGetObject(PWideChar(path), IADs, out ads);

   //e.g. on the "stackoverflow.com" domain, returns "DC=stackoverflow,DC=com"
   return (String)ads.Get("defaultNamingContext"); 
}

这篇关于如何从本机Win32（即不是.NET）code查询的ActiveDirectory的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！