使用C Sharp在active directory中迭代一个组

本文关键字:一个 迭代 Sharp active directory 使用 | 更新日期: 2023-09-27 18:25:57

我需要能够从任何服务器执行程序,该服务器可以遍历active directory中的组,并检查该组中用户的某些属性。这就是我目前所拥有的:

public static bool searchUser(string domain, string userName, string password, string objectDN)
{
    DirectoryEntry obj = new DirectoryEntry("LDAP://" + domain + "/" + objectDN, userName, password);
    if (obj.Properties["objectCategory"].ToString().Equals("group"))
    {
        object users = obj.Invoke("Members", null);
        foreach (object members in users) 
        { }
    }
}

使用C Sharp在active directory中迭代一个组

下面的代码需要进行严重的重构,但上次我检查时,它已经正常工作了一个月

    private List<DirectoryUser> GetUsersInGroup(string groupName)
    {
        List<DirectoryUser> directoryUsers = new List<DirectoryUser>();
        try
        {
            ResultPropertyValueCollection members = null;
            using (var entry = new DirectoryEntry(_server))
            {
                entry.Path = "LDAP://" + _usersRoot;
                entry.Username = _domain + @"'" + _serviceAccountUsername;
                entry.Password = _serviceAccountPassword;
                entry.AuthenticationType = AuthenticationTypes.Secure;
                using (DirectorySearcher searcher = new DirectorySearcher(entry))
                {
                    searcher.Filter = "(&(objectClass=group)(cn=" + groupName + "))";
                    searcher.PropertiesToLoad.Add("member");
                    SearchResult result = searcher.FindOne();
                    if (result == null)
                        return directoryUsers;
                    members = result.Properties["member"];
                }
            }
            if (members == null || members.Count == 0)
                return directoryUsers;
            foreach (var member in members)
            {
                using (var entry = new DirectoryEntry(_server))
                {
                    entry.Path = "LDAP://" + member;
                    entry.Username = _domain + @"'" + _serviceAccountUsername;
                    entry.Password = _serviceAccountPassword;
                    entry.AuthenticationType = AuthenticationTypes.Secure;
                    using (DirectorySearcher searcher = new DirectorySearcher(entry))
                    {
                        searcher.Filter = "(objectClass=user)";
                        searcher.SearchScope = SearchScope.Base;
                        searcher.PropertiesToLoad.Add("mail");
                        searcher.PropertiesToLoad.Add("givenName");
                        searcher.PropertiesToLoad.Add("sn");
                        searcher.PropertiesToLoad.Add("sAMAccountName");
                        searcher.PropertiesToLoad.Add("telephoneNumber");
                        SearchResult result = searcher.FindOne();
                        if (result == null)
                            continue;
                        var dirUser = new DirectoryUser();
                        dirUser.Username = Convert.ToString(result.Properties["sAMAccountName"][0]);
                        dirUser.FirstName = Convert.ToString(result.Properties["givenName"][0]);
                        dirUser.LastName = Convert.ToString(result.Properties["sn"][0]);
                        dirUser.Email = Convert.ToString(result.Properties["mail"][0]);
                        dirUser.Phone = Convert.ToString(result.Properties["telephoneNumber"][0]);
                        directoryUsers.Add(dirUser);

                    }
                }
            }

        }
        catch { }
        return directoryUsers;
    }

这里有一种使用DirectotyEntry和Microsoft LDAP_MATCHING_RULE_IN_CHAIN递归执行的方法。我在ActiveDirectory 2003和2008 R2 中使用Framework 2.0

using System.DirectoryServices;
using System.Security.Principal;   
static void Main(string[] args) 
{ 
  //Connection to Active Directory 
  string sFromWhere = "LDAP://SRVENTR2:389/dc=societe,dc=fr"; 
  DirectoryEntry deBase = new DirectoryEntry(sFromWhere, "societe''administrateur", "test.2011"); 
  // To find all the users member of groups "Grp1"  : 
  // Set the base to the groups container DN; for example root DN (dc=societe,dc=fr)  
  // Set the scope to subtree 
  // Use the following filter : 
  // (member:1.2.840.113556.1.4.1941:=CN=Grp1,OU=MonOu,DC=X) 
  // 
  DirectorySearcher dsLookFor = new DirectorySearcher(deBase); 
  dsLookFor.Filter = "(&(memberof:1.2.840.113556.1.4.1941:=CN=Grp1,OU=MonOu,DC=societe,DC=fr)(objectCategory=user))"; 
  dsLookFor.SearchScope = SearchScope.Subtree; 
  dsLookFor.PropertiesToLoad.Add("cn"); 
  SearchResultCollection srcUsers = dsLookFor.FindAll(); 
  // To check user properties
  foreach (SearchResult srcUser in srcUsers) 
  { 
    Console.WriteLine("{0}", srcUser.Path); 
  } 
  Console.ReadLine(); 
}

启动Framework 3.5您可以使用目录安全主体并这样做:

/* Retreiving a principal context
 */
PrincipalContext context = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "jpb", "root.123");
DirectoryContext dc = new DirectoryContext(DirectoryContextType.DirectoryServer, "WM2008R2ENT:389");
Domain dn = Domain.GetDomain(dc);
//Console.WriteLine("Le nom : {0}", dn.PdcRoleOwner.Domain);
/* Retreive a users from group
 */
using (var group = GroupPrincipal.FindByIdentity(context, IdentityType.SamAccountName, @"MonGrpSec"))
{ 
  if (group != null)
  {
    foreach (var p in group.GetMembers(false))
    {
      Console.WriteLine(p.SamAccountName);
    } 
  } 
}