如何从 C# 中找到活动目录中的用户?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/825237/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can you find a user in active directory from C#?
提问by Sunookitsune
I'm trying to figure out how to search AD from C# similarly to how "Find Users, Contacts, and Groups" works in the Active Directory Users and Computers tool. I have a string that either contains a group name, or a user's name (usually in the format firstname middleinitial [if they have one] lastname, but not always). Even if I do a seperate query for groups vs. users, I can't come up with a way to search that captures most user accounts. The Find Users, Contacts, and Groups tool brings them back almost every time. Anyone have any suggestions?
我试图弄清楚如何从 C# 搜索 AD,类似于“查找用户、联系人和组”在 Active Directory 用户和计算机工具中的工作方式。我有一个包含组名或用户名的字符串(通常格式为 firstname middleinitial [if they have one] lastname,但并非总是如此)。即使我对组和用户进行单独的查询,我也无法想出一种可以捕获大多数用户帐户的搜索方法。查找用户、联系人和组工具几乎每次都会将它们带回来。有人有什么建议吗?
I already know how to use the DirectorySearcher class, the issue is that I can't find a query that does what I'd like. Neither cn nor samaccount name has anything to do with the user's name in this, so I'm unable to search on those. Splitting things up and searching on sn and givenName doesn't catch anywhere near as much as that tool does.
我已经知道如何使用 DirectorySearcher 类,问题是我找不到可以执行我想要的查询。cn 和 samaccount 名称都与此中的用户名没有任何关系,因此我无法搜索这些名称。拆分并搜索 sn 和 givenName 并没有像该工具那样捕获任何地方。
采纳答案by marc_s
Are you on .NET 3.5 ? If so - AD has great new features in .NET 3.5 - check out this article Managing Directory Security Principals in .NET 3.5by Ethan Wilanski and Joe Kaplan.
您使用的是 .NET 3.5 吗?如果是这样 - AD 在 .NET 3.5 中有很棒的新功能 - 请查看Ethan Wilanski 和 Joe Kaplan 撰写的文章在 .NET 3.5 中管理目录安全主体。
One of the big new features is a "PrincipalSearcher" class which should greatly simplify finding users and/or groups in AD.
其中一个重要的新功能是“PrincipalSearcher”类,它应该大大简化在 AD 中查找用户和/或组的过程。
If you cannot use .NET 3.5, one thing that might make your life easier is called "Ambiguous Name Resolution", and it's a little known special search filter that will search in just about any name-related attribute all at once.
如果您不能使用 .NET 3.5,那么可以让您的生活更轻松的一件事称为“歧义名称解析”,它是一种鲜为人知的特殊搜索过滤器,可以一次搜索几乎所有与名称相关的属性。
Specify your LDAP search query like this:
像这样指定您的 LDAP 搜索查询:
searcher.Filter = string.Format("(&(objectCategory=person)(anr={0}))", yourSearchTerm)
Also, I would recommend filtering on the "objectCategory" attribute, since that's single-valued and indexed by default in AD, which is a lot faster than using "objectClass".
此外,我建议对“objectCategory”属性进行过滤,因为它在 AD 中默认是单值和索引的,这比使用“objectClass”快得多。
Marc
马克
回答by Miyagi Coder
System.DirectoryServices has two namespaces...DirectoryEntry and DirectorySearcher.
System.DirectoryServices 有两个命名空间...DirectoryEntry 和 DirectorySearcher。
More info on the DirectorySearcher here:
有关 DirectorySearcher 的更多信息,请访问:
http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.aspx
http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.aspx
You can then use the Filter property to filter by Group, user etc...
然后,您可以使用 Filter 属性按组、用户等进行过滤...
So if you wanted to filter by account name you would set the .Filter to:
因此,如果您想按帐户名过滤,您可以将 .Filter 设置为:
"(&(sAMAccountName=bsmith))"
and run the FilterAll method. This will return a SearchResultCollection that you can loop through and pull information about the user.
并运行 FilterAll 方法。这将返回一个 SearchResultCollection,您可以遍历它并提取有关用户的信息。
回答by Slipfish
You need to build the search string based on how you're looking for the user.
您需要根据您查找用户的方式构建搜索字符串。
using (var adFolderObject = new DirectoryEntry())
{
using(var adSearcherObject = new DirectorySearcher(adFolderObject))
{
adSearcherObject.SearchScope = SearchScope.Subtree;
adSearcherObject.Filter = "(&(objectClass=person)(" + userType + "=" + userName + "))";
return adSearcherObject.FindOne();
}
}
userType should either be sAMAccountName or CN depending on how the username is formatted.
userType 应该是 sAMAccountName 或 CN,具体取决于用户名的格式。
ex:
firstname.lastname (or flastname) will usually be the sAMAccountName
FirstName LastName will usually be the CN
例如:
firstname.lastname(或 flastname)通常是 sAMAccountName
FirstName LastName 通常是 CN
回答by curtisk
To add onto Miyagi's answer....
添加到宫城的答案....
Here's a filter/query to apply to DirectorySearcher
这是一个应用于 DirectorySearcher 的过滤器/查询
DirectorySearcher ds = new DirectorySearcher();
ds.Filter = "samaccountname=" + userName;
SearchResult result = ds.FindOne();
回答by Scott Lance
public DirectoryEntry Search(string searchTerm, string propertyName)
{
DirectoryEntry directoryObject = new DirectoryEntry(<pathToAD>);
foreach (DirectoryEntry user in directoryObject.Children)
{
if (user.Properties[propertyName].Value != null)
if (user.Properties[propertyName].Value.ToString() == searchTerm)
return user;
}
return null;
}
回答by Gabriel Guimar?es
Got this from the Joe Kaplan and Ethan WilanskyArticle Use this Using (from referencing the System.DirectoryServices.AccountManagement dll):
从Joe Kaplan 和 Ethan Wilansky文章中得到这个使用这个使用(从引用 System.DirectoryServices.AccountManagement dll):
using System.DirectoryServices.AccountManagement;
private bool CheckUserinAD(string domain, string username)
{
PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, domain);
UserPrincipal user = new UserPrincipal(domainContext);
user.Name = username;
PrincipalSearcher pS = new PrincipalSearcher();
pS.QueryFilter = user;
PrincipalSearchResult<Principal> results = pS.FindAll();
if (results != null && results.Count() > 0)
return true;
return false;
}
回答by vapcguy
The other answers were poorly described, didn't describe how to implement them, and most gave the wrong filter properties. You don't even need to use .Filter-- you can just assign your properties (last name = .Surname, first name = .GivenName) to a UserPrincipalobject, then search on that object using a PrincipalSearcherin whatever event that triggers the search:
其他答案的描述很差,没有描述如何实现它们,并且大多数给出了错误的过滤器属性。您甚至不需要使用.Filter——您可以将您的属性(姓氏 = .Surname,名字 = .GivenName)分配给一个UserPrincipal对象,然后在PrincipalSearcher触发搜索的任何事件中使用 a 搜索该对象:
string firstName = txtFirstName.Text;
string lastName = txtLastName.Text;
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
UserPrincipal up = new UserPrincipal(ctx);
if (!String.IsNullOrEmpty(firstName))
up.GivenName = firstName;
if (!String.IsNullOrEmpty(lastName))
up.Surname = lastName;
PrincipalSearcher srch = new PrincipalSearcher(up);
srch.QueryFilter = up;
I'm assuming you have textboxes for First and Last Name to get it, with IDs/Names of txtFirstNameand txtLastName. Note that if you do not have a value in the property you are looking for, do not add it to the UserPrincipal, or it will cause an exception. That's the reason for the checks I included, above.
我假设您有名字和姓氏的文本框来获取它,ID/名称为txtFirstName和txtLastName。请注意,如果您要查找的属性中没有值,请不要将其添加到 中UserPrincipal,否则会导致异常。这就是我在上面包含的检查的原因。
You then do a .FindAllon srchto get search results into a PrincipalSearchResultcollection of Principalobjects:
然后,做一个.FindAll上srch得到的搜索结果进入PrincipalSearchResult的集合Principal对象:
using (PrincipalSearchResult<Principal> results = srch.FindAll())
{
if (results != null)
{
int resultCount = results.Count();
if (resultCount > 0) // we have results
{
foreach (Principal found in results)
{
string username = found.SamAccountName; // Note, this is not the full user ID! It does not include the domain.
}
}
}
}
Note that results won't be null even if its .Count()is 0, and why both checks are there.
请注意,结果将不能为空,即使它.Count()是0,为什么这两种检查都在那里。
You iterate using that foreachto get the properties you need, and this answers the question of how to find a user in AD using C#, but note you can only get to a few properties using the Principalobject, and if I reached this question through Google (as I did), I would be very disheartened. If you find that's all you need - great, you're done! But in order to get the rest (and rest my own conscience), you have to dive down, and I'll describe how to do that.
您使用它foreach进行迭代以获取所需的属性,这回答了如何使用 C# 在 AD 中查找用户的问题,但请注意,您只能使用该Principal对象获取少数属性,并且如果我通过 Google (正如我所做的那样),我会非常沮丧。如果你发现这就是你所需要的 - 太好了,你就完成了!但是为了得到休息(并让我自己的良心得到休息),你必须潜入水中,我将描述如何做到这一点。
I found you can't just use that usernameI put above, but you have to get the whole DOMAIN\doejkind of name. This is how you do that. Instead, put this in that foreachloop, above:
我发现你不能只使用username我上面提到的,但你必须得到整个DOMAIN\doej名字。这就是你这样做的方式。相反,把它放在那个foreach循环中,上面:
string userId = GetUserIdFromPrincipal(found);
and use this function:
并使用此功能:
private static string GetUserIdFromPrincipal(Principal prin)
{
string upn = prin.UserPrincipalName;
string domain = upn.Split('@')[1];
domain = domain.Substring(0, domain.IndexOf(".YOURDOMAIN"));
// "domain" will be the subdomain the user belongs to.
// This may require edits depending on the organization.
return domain + @"\" + prin.SamAccountName;
}
Once you have that, you can call this function:
一旦你有了它,你就可以调用这个函数:
public static string[] GetUserProperties(string strUserName)
{
UserPrincipal up = GetUser(strUserName);
if (up != null)
{
string firstName = up.GivenName;
string lastName = up.Surname;
string middleInit = String.IsNullOrEmpty(up.MiddleName) ? "" : up.MiddleName.Substring(0, 1);
string email = up.EmailAddress;
string location = String.Empty;
string phone = String.Empty;
string office = String.Empty;
string dept = String.Empty;
DirectoryEntry de = (DirectoryEntry)up.GetUnderlyingObject();
DirectorySearcher ds = new DirectorySearcher(de);
ds.PropertiesToLoad.Add("l"); // city field, a.k.a location
ds.PropertiesToLoad.Add("telephonenumber");
ds.PropertiesToLoad.Add("department");
ds.PropertiesToLoad.Add("physicalDeliveryOfficeName");
SearchResultCollection results = ds.FindAll();
if (results != null && results.Count > 0)
{
ResultPropertyCollection rpc = results[0].Properties;
foreach (string rp in rpc.PropertyNames)
{
if (rp == "l") // this matches the "City" field in AD properties
location = rpc["l"][0].ToString();
if (rp == "telephonenumber")
phone = FormatPhoneNumber(rpc["telephonenumber"][0].ToString());
if (rp == "physicalDeliveryOfficeName")
office = rpc["physicalDeliveryOfficeName"][0].ToString();
if (rp == "department")
dept = rpc["department"][0].ToString();
}
}
string[] userProps = new string[10];
userProps[0] = strUserName;
userProps[1] = firstName;
userProps[2] = lastName;
userProps[3] = up.MiddleName;
userProps[4] = middleInit;
userProps[5] = email;
userProps[6] = location;
userProps[7] = phone;
userProps[8] = office;
userProps[9] = dept;
return userProps;
}
else
return null;
}
/// <summary>
/// Returns a UserPrincipal (AD) user object based on string userID being supplied
/// </summary>
/// <param name="strUserName">String form of User ID: domain\username</param>
/// <returns>UserPrincipal object</returns>
public static UserPrincipal GetUser(string strUserName)
{
PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain);
try
{
UserPrincipal oUserPrincipal = UserPrincipal.FindByIdentity(oPrincipalContext, strUserName);
return oUserPrincipal;
}
catch (Exception ex) { return null; }
}
public static string FormatPhoneNumber(string strPhoneNumber)
{
if (strPhoneNumber.Length > 0)
// return String.Format("{0:###-###-####}", strPhoneNumber); // formating does not work because strPhoneNumber is a string and not a number
return Regex.Replace(strPhoneNumber, @"(\d{3})(\d{3})(\d{4})", "--");
else
return strPhoneNumber;
}
Note that the FormatPhoneNumberfunction is for North American numbers. It will take a number it finds (##########) and separate it into ###-###-####.
请注意,该FormatPhoneNumber函数适用于北美号码。它将取一个它找到的数字 ( ##########) 并将其分成###-###-####.
You can then get the properties like this, back in that foreachloop:
然后,您可以在该foreach循环中返回这样的属性:
string[] userProps = GetUserProperties(userId);
string office = userProps[8];
But, as a whole solution,you can even add these results into a DataRowcolumn, and return it as part of a DataTablethat you could then bind to a ListViewor GridView. This is how I did it, sending in a List<string>filled with the properties I needed:
但是,作为一个完整的解决方案,您甚至可以将这些结果添加到DataRow列中,并将其作为 a 的一部分返回,DataTable然后您可以将其绑定到 aListView或GridView。我就是这样做的,发送了一个List<string>充满我需要的属性:
/// <summary>
/// Gets matches based on First and Last Names.
/// This function takes a list of acceptable properties:
/// USERNAME
/// MIDDLE_NAME
/// MIDDLE_INITIAL
/// EMAIL
/// LOCATION
/// POST
/// PHONE
/// OFFICE
/// DEPARTMENT
///
/// The DataTable returned will have columns with these names, and firstName and lastName will be added to a column called "NAME"
/// as the first column, automatically.
/// </summary>
/// <param name="firstName"></param>
/// <param name="lastName"></param>
/// <param name="props"></param>
/// <returns>DataTable of columns from "props" based on first and last name results</returns>
public static DataTable GetUsersFromName(string firstName, string lastName, List<string> props)
{
string userId = String.Empty;
int resultCount = 0;
DataTable dt = new DataTable();
DataRow dr;
DataColumn dc;
// Always set the first column to the Name we pass in
dc = new DataColumn();
dc.DataType = System.Type.GetType("System.String");
dc.ColumnName = "NAME";
dt.Columns.Add(dc);
// Establish our property list as columns in our DataTable
if (props != null && props.Count > 0)
{
foreach (string s in props)
{
dc = new DataColumn();
dc.DataType = System.Type.GetType("System.String");
if (!String.IsNullOrEmpty(s))
{
dc.ColumnName = s;
dt.Columns.Add(dc);
}
}
}
// Start our search
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
UserPrincipal up = new UserPrincipal(ctx);
if (!String.IsNullOrEmpty(firstName))
up.GivenName = firstName;
if (!String.IsNullOrEmpty(lastName))
up.Surname = lastName;
PrincipalSearcher srch = new PrincipalSearcher(up);
srch.QueryFilter = up;
using (PrincipalSearchResult<Principal> results = srch.FindAll())
{
if (results != null)
{
resultCount = results.Count();
if (resultCount > 0) // we have results
{
foreach (Principal found in results)
{
// Iterate results, set into DataRow, add to DataTable
dr = dt.NewRow();
dr["NAME"] = found.DisplayName;
if (props != null && props.Count > 0)
{
userId = GetUserIdFromPrincipal(found);
// Get other properties
string[] userProps = GetUserProperties(userId);
foreach (string s in props)
{
if (s == "USERNAME")
dr["USERNAME"] = userId;
if (s == "MIDDLE_NAME")
dr["MIDDLE_NAME"] = userProps[3];
if (s == "MIDDLE_INITIAL")
dr["MIDDLE_INITIAL"] = userProps[4];
if (s == "EMAIL")
dr["EMAIL"] = userProps[5];
if (s == "LOCATION")
dr["LOCATION"] = userProps[6];
if (s == "PHONE")
dr["PHONE"] = userProps[7];
if (s == "OFFICE")
dr["OFFICE"] = userProps[8];
if (s == "DEPARTMENT")
dr["DEPARTMENT"] = userProps[9];
}
}
dt.Rows.Add(dr);
}
}
}
}
return dt;
}
You would call this function like this:
你可以这样调用这个函数:
string firstName = txtFirstName.Text;
string lastName = txtLastName.Text;
List<string> props = new List<string>();
props.Add("OFFICE");
props.Add("DEPARTMENT");
props.Add("LOCATION");
props.Add("USERNAME");
DataTable dt = GetUsersFromName(firstName, lastName, props);
The DataTablewill be filled with those columns, and a NAMEcolumn as the first column, that will have the user's actual .DisplayNamefrom AD.
在DataTable将充满这些列,并且NAME列的第一列,这将让用户的实际.DisplayName从AD。
Note:You must reference System.DirectoryServicesand System.DirectoryServices.AccountManagement, System.Text.RegularExpressions, System.Datato use all this.
注意:您必须引用System.DirectoryServices和System.DirectoryServices.AccountManagement, System.Text.RegularExpressions,System.Data才能使用所有这些。
HTH!
哼!
回答by Ivanzinho
The code I were looking for in this post was:
我在这篇文章中寻找的代码是:
string uid = Properties.Settings.Default.uid;
string pwd = Properties.Settings.Default.pwd;
using (var context = new PrincipalContext(ContextType.Domain, "YOURDOMAIN", uid, pwd))
{
using (UserPrincipal user = new UserPrincipal(context))
{
user.GivenName = "*adolf*";
using (var searcher = new PrincipalSearcher(user))
{
foreach (var result in searcher.FindAll())
{
DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
Console.WriteLine("First Name: " + de.Properties["givenName"].Value);
Console.WriteLine("Last Name : " + de.Properties["sn"].Value);
Console.WriteLine("SAM account name : " + de.Properties["samAccountName"].Value);
Console.WriteLine("User principal name: " + de.Properties["userPrincipalName"].Value);
Console.WriteLine("Mail: " + de.Properties["mail"].Value);
PrincipalSearchResult<Principal> groups = result.GetGroups();
foreach (Principal item in groups)
{
Console.WriteLine("Groups: {0}: {1}", item.DisplayName, item.Name);
}
Console.WriteLine();
}
}
}
}
Console.WriteLine("End");
Console.ReadLine();
It seems that wildcard for any character is Asterisk (*). That's why:
似乎任何字符的通配符都是星号 (*)。这就是为什么:
user.GivenName = "*firstname*";
Read more in Microsoft documentation
在Microsoft 文档中阅读更多信息
