C＃LDAP查询检索的所有用户在组织单位 [英] C# LDAP query to retrieve all users in an organisational unit

问题描述

我试图运行一个LDAP查询将返回其所属的组织单位 OU =员工和 OU = FormerEmployees <所有用户/ code>，我没有得到任何地方。

I'm trying to run an LDAP query which will return all users which belong to the organisational units OU=Employees and OU=FormerEmployees and I am not getting anywhere.

我尝试使用的distinguishedName 但没有按搜索'T似乎支持通配符。我知道必须有一个更简单的方法，但我的搜索努力没有取得任何结果。

I tried searching using the distinguishedName but that doesn't appear to support wildcards. I know there has to be an easier way but my searching effort hasn't yielded any results

推荐答案

如果你在。 .NET 3.5和更新，你可以使用 PrincipalSearcher 和查询通过例如主要做你的搜索：

If you're on .NET 3.5 and newer, you can use a PrincipalSearcher and a "query-by-example" principal to do your searching:

// create your domain context and define what container to search in - here OU=Employees
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN", "OU=Employees,DC=YourCompany,DC=com");

// define a "query-by-example" principal - here, we search for a UserPrincipal 
// that is still active
UserPrincipal qbeUser = new UserPrincipal(ctx);
qbeUser.Enabled = true;

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

// find all matches
foreach(var found in srch.FindAll())
{
    // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
}

如果你还没有 - 绝对阅读MSDN文章管理目录安全主体在.NET Framework 3.5 这很好地说明如何使新功能的最佳利用 System.DirectoryServices.AccountManagement

If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement

如果你喜欢旧.NET 2.0的风格，你需要创建对应于您的OU 的DirectoryEntry 要枚举对象的基，然后你需要创建一个的DirectorySearcher ，搜索的对象 - 是这样的：

If you prefer the "old" .NET 2.0 style, you would need to create a base DirectoryEntry that corresponds to your OU you want to enumerate objects in, and then you need to create a DirectorySearcher that searches for objects - something like this:

// create your "base" - the OU "FormerEmployees"
DirectoryEntry formerEmployeeOU = new DirectoryEntry("LDAP://OU=FormerEmployees,DC=YourCompany,DC=com");

// create a searcher to find objects inside this container
DirectorySearcher feSearcher = new DirectorySearcher(formerEmployeeOU);

// define a standard LDAP filter for what you search for - here "users"    
feSearcher.Filter = "(objectCategory=user)";

// define the properties you want to have returned by the searcher
feSearcher.PropertiesToLoad.Add("distinguishedName");
feSearcher.PropertiesToLoad.Add("sn");
feSearcher.PropertiesToLoad.Add("givenName");
feSearcher.PropertiesToLoad.Add("mail");

// search and iterate over results
foreach (SearchResult sr in feSearcher.FindAll())
{
    // for each property, you need to check where it's present in sr.Properties
    if (sr.Properties["description"] != null && sr.Properties["description"].Count > 0)
    {
       string description = sr.Properties["description"][0].ToString();
    }
}

这篇关于C＃LDAP查询检索的所有用户在组织单位的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！