.net 特定 Active Directory 通讯组中的用户列表
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3195617/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
List of users in specific Active Directory Distribution Group
提问by Justin Helgerson
I'm trying to get a list of users and some properties about the user from within an active directory group.
我正在尝试从活动目录组中获取用户列表和有关用户的一些属性。
Update:
更新:
Here are the two methods I currently have:
以下是我目前拥有的两种方法:
Dim adGroup As New DirectoryEntry("LDAP://CN=MyGroup,OU=Groups,OU=Accounts,OU=All,DC=domain,DC=com")
Dim adMembers As Object
Dim objUser As ActiveDirectoryUser
Dim objUserList As New List(Of ActiveDirectoryUser)
Dim directoryEntry As DirectoryEntry
adMembers = adGroup.Invoke("Members", Nothing)
For Each adMember As Object In CType(adMembers, IEnumerable)
directoryEntry = New DirectoryEntry(adMember)
objUser = New ActiveDirectoryUser
objUser.UserId = directoryEntry.Properties.Item("sAMAccountName").Value.ToString()
objUser.Contract = directoryEntry.Properties.Item("ou").Value.ToString()
objUser.LastName = directoryEntry.Properties.Item("sn").Value.ToString()
objUser.FirstName = directoryEntry.Properties.Item("givenName").Value.ToString()
objUser.Email = directoryEntry.Properties.Item("mail").Value.ToString()
objUserList.Add(objUser)
Next
The first piece works, though it seems quite inefficient. My memory usage climbs and climbs as it's executing and I was getting thiserror, though it looks like that can be fixed. The second method:
第一部分有效,尽管它似乎效率很低。我的内存使用量在执行时不断攀升,我收到了这个错误,尽管看起来可以修复。第二种方法:
Dim results As SearchResultCollection
Dim directoryEntry2 As New DirectoryEntry("LDAP://DC=domain,DC=com")
Dim directorySearcher As New DirectorySearcher(directoryEntry2)
directorySearcher.PageSize = 1000
directorySearcher.Filter = "(&(objectCategory=person)" & _
"(objectClass=user)" & _
"(memberOf=CN=MyGroup,OU=Groups,OU=Accounts,OU=All,DC=domain,DC=com))"
directorySearcher.PropertiesToLoad.Add("ou")
directorySearcher.PropertiesToLoad.Add("sn")
directorySearcher.PropertiesToLoad.Add("givenName")
directorySearcher.PropertiesToLoad.Add("sAMAccountName")
directorySearcher.PropertiesToLoad.Add("mail")
results = directorySearcher.FindAll
The result count seems to vary from each execution of the application which I find odd. I'm not sure if this is a reliable way of getting the users back or if I need to modify something on my search?
结果计数似乎与我发现奇怪的应用程序的每次执行不同。我不确定这是否是让用户回来的可靠方法,或者我是否需要修改搜索内容?
回答by marc_s
IF you can, do upgrade to .NET 3.5 and use the new much improved System.DirectoryServices.AccountManagementnamespace. Great intro for those new classes is found in Managing Directory Security Principals in the .NET Framework 3.5.
如果可以,请升级到 .NET 3.5 并使用新的大幅改进的System.DirectoryServices.AccountManagement命名空间。在 .NET Framework 3.5中的管理目录安全主体中可以找到这些新类的精彩介绍。
With this, your job becomes trivial:
有了这个,你的工作变得微不足道:
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN");
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "MyGroup");
PrincipalSearchResult<Principal> members = group.GetMembers();
Does that work for you?
那对你有用吗?
If you cannot use .NET 3.5, you should inspect the memberproperty of the group. The group members are notstored as children logically underneath the group in hierarchy, so you cannot find them by using a DirectorySearcher.
如果您不能使用 .NET 3.5,您应该检查member组的属性。组成员在层次结构中逻辑上不存储为组下面的子项,因此您无法使用DirectorySearcher.
DirectoryEntry group = new DirectoryEntry("LDAP://CN=MyGroup,OU=Groups,OU=All,DC=Domain,DC=com");
foreach(object groupMemberDN in group.Properties["member"])
{
// grab the group member's DN
}
See the Quick List of C# Code Examplesfor Active Directory (or the same for Visual Basic .NET) in the MSDN library for this snippet and more.
请参阅MSDN 库中Active Directory的 C# 代码示例快速列表(或Visual Basic .NET相同)以获取此代码段等。
Update:if you need the usersbelonging to a particular group (since you want to update their properties or something), you could reverse the approach: search for all the users who have a memberOfproperty equivalent to the group's DN:
更新:如果您需要属于特定组的用户(因为您想更新他们的属性或其他内容),您可以颠倒方法:搜索具有memberOf与组的 DN 等效的属性的所有用户:
DirectoryEntry root = new DirectoryEntry("LDAP://dc=domain,dc=com");
DirectorySearcher searcher = new DirectorySearcher(root);
searcher.Filter = "(&(objectCategory=user)(memberOf=CN=MyGroup,OU=Groups,OU=All,DC=Domain,DC=com))";
// set other properties on the searcher
foreach(object result in searcher.FindAll())
{
// do whatever you need to do with the entry
}
回答by Greg
Scope your search wider, wherever the members may be:
扩大您的搜索范围,无论成员在哪里:
Dim directoryEntry As New DirectoryEntry("LDAP://OU=All,DC=Domain,DC=com")
Filter based on group membership:
根据组成员身份过滤:
directorySearcher.Filter = "(&(objectCategory=person)" & _
"(objectClass=user)" & _
"(memberOf=CN=MyGroup,OU=Groups,OU=All,DC=Domain,DC=com))"
