使用C Sharp在active directory中迭代一个组
本文关键字:一个 迭代 Sharp active directory 使用 | 更新日期: 2023-09-27 18:25:57
我需要能够从任何服务器执行程序,该服务器可以遍历active directory中的组,并检查该组中用户的某些属性。这就是我目前所拥有的:
public static bool searchUser(string domain, string userName, string password, string objectDN)
{
DirectoryEntry obj = new DirectoryEntry("LDAP://" + domain + "/" + objectDN, userName, password);
if (obj.Properties["objectCategory"].ToString().Equals("group"))
{
object users = obj.Invoke("Members", null);
foreach (object members in users)
{ }
}
}
下面的代码需要进行严重的重构,但上次我检查时,它已经正常工作了一个月
private List<DirectoryUser> GetUsersInGroup(string groupName)
{
List<DirectoryUser> directoryUsers = new List<DirectoryUser>();
try
{
ResultPropertyValueCollection members = null;
using (var entry = new DirectoryEntry(_server))
{
entry.Path = "LDAP://" + _usersRoot;
entry.Username = _domain + @"'" + _serviceAccountUsername;
entry.Password = _serviceAccountPassword;
entry.AuthenticationType = AuthenticationTypes.Secure;
using (DirectorySearcher searcher = new DirectorySearcher(entry))
{
searcher.Filter = "(&(objectClass=group)(cn=" + groupName + "))";
searcher.PropertiesToLoad.Add("member");
SearchResult result = searcher.FindOne();
if (result == null)
return directoryUsers;
members = result.Properties["member"];
}
}
if (members == null || members.Count == 0)
return directoryUsers;
foreach (var member in members)
{
using (var entry = new DirectoryEntry(_server))
{
entry.Path = "LDAP://" + member;
entry.Username = _domain + @"'" + _serviceAccountUsername;
entry.Password = _serviceAccountPassword;
entry.AuthenticationType = AuthenticationTypes.Secure;
using (DirectorySearcher searcher = new DirectorySearcher(entry))
{
searcher.Filter = "(objectClass=user)";
searcher.SearchScope = SearchScope.Base;
searcher.PropertiesToLoad.Add("mail");
searcher.PropertiesToLoad.Add("givenName");
searcher.PropertiesToLoad.Add("sn");
searcher.PropertiesToLoad.Add("sAMAccountName");
searcher.PropertiesToLoad.Add("telephoneNumber");
SearchResult result = searcher.FindOne();
if (result == null)
continue;
var dirUser = new DirectoryUser();
dirUser.Username = Convert.ToString(result.Properties["sAMAccountName"][0]);
dirUser.FirstName = Convert.ToString(result.Properties["givenName"][0]);
dirUser.LastName = Convert.ToString(result.Properties["sn"][0]);
dirUser.Email = Convert.ToString(result.Properties["mail"][0]);
dirUser.Phone = Convert.ToString(result.Properties["telephoneNumber"][0]);
directoryUsers.Add(dirUser);
}
}
}
}
catch { }
return directoryUsers;
}
这里有一种使用DirectotyEntry和Microsoft LDAP_MATCHING_RULE_IN_CHAIN递归执行的方法。我在ActiveDirectory 2003和2008 R2 中使用Framework 2.0
using System.DirectoryServices;
using System.Security.Principal;
static void Main(string[] args)
{
//Connection to Active Directory
string sFromWhere = "LDAP://SRVENTR2:389/dc=societe,dc=fr";
DirectoryEntry deBase = new DirectoryEntry(sFromWhere, "societe''administrateur", "test.2011");
// To find all the users member of groups "Grp1" :
// Set the base to the groups container DN; for example root DN (dc=societe,dc=fr)
// Set the scope to subtree
// Use the following filter :
// (member:1.2.840.113556.1.4.1941:=CN=Grp1,OU=MonOu,DC=X)
//
DirectorySearcher dsLookFor = new DirectorySearcher(deBase);
dsLookFor.Filter = "(&(memberof:1.2.840.113556.1.4.1941:=CN=Grp1,OU=MonOu,DC=societe,DC=fr)(objectCategory=user))";
dsLookFor.SearchScope = SearchScope.Subtree;
dsLookFor.PropertiesToLoad.Add("cn");
SearchResultCollection srcUsers = dsLookFor.FindAll();
// To check user properties
foreach (SearchResult srcUser in srcUsers)
{
Console.WriteLine("{0}", srcUser.Path);
}
Console.ReadLine();
}
启动Framework 3.5您可以使用目录安全主体并这样做:
/* Retreiving a principal context
*/
PrincipalContext context = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "jpb", "root.123");
DirectoryContext dc = new DirectoryContext(DirectoryContextType.DirectoryServer, "WM2008R2ENT:389");
Domain dn = Domain.GetDomain(dc);
//Console.WriteLine("Le nom : {0}", dn.PdcRoleOwner.Domain);
/* Retreive a users from group
*/
using (var group = GroupPrincipal.FindByIdentity(context, IdentityType.SamAccountName, @"MonGrpSec"))
{
if (group != null)
{
foreach (var p in group.GetMembers(false))
{
Console.WriteLine(p.SamAccountName);
}
}
}