为什么active directory搜索结果返回1000条记录
本文关键字:1000条 记录 返回 搜索结果 active directory 为什么 | 更新日期: 2023-09-27 18:26:27
我的代码如下
using (DirectorySearcher mySearcher = new DirectorySearcher(entry))
{
mySearcher.PageSize = 1001
mySearcher.Filter = "(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!samaccountname=*.service)(!samaccountname=_*)(company=*)(mail=*)(telephoneNumber=*)(|(" + extAttribute + "=LIMITED)(" + extAttribute + "=ALL)))";
dtAdUsers = new DataTable("dtAdUsers");
DataColumn firstNameColumn = new DataColumn();
firstNameColumn.ColumnName = "firstName";
dtAdUsers.Columns.Add(firstNameColumn);
DataColumn lastNameColumn = new DataColumn();
lastNameColumn.ColumnName = "lastName";
dtAdUsers.Columns.Add(lastNameColumn);
DataColumn middleInitialColumn = new DataColumn();
middleInitialColumn.ColumnName = "middleInitial";
dtAdUsers.Columns.Add(middleInitialColumn);
DataColumn titleColumn = new DataColumn();
titleColumn.ColumnName = "title";
dtAdUsers.Columns.Add(titleColumn);
DataColumn companyNameColumn = new DataColumn();
companyNameColumn.ColumnName = "companyName";
dtAdUsers.Columns.Add(companyNameColumn);
DataColumn address1Column = new DataColumn();
address1Column.ColumnName = "address1";
dtAdUsers.Columns.Add(address1Column);
DataColumn cityColumn = new DataColumn();
cityColumn.ColumnName = "city";
dtAdUsers.Columns.Add(cityColumn);
DataColumn stateColumn = new DataColumn();
stateColumn.ColumnName = "state";
dtAdUsers.Columns.Add(stateColumn);
DataColumn zipcodeColumn = new DataColumn();
zipcodeColumn.ColumnName = "zipcode";
dtAdUsers.Columns.Add(zipcodeColumn);
DataColumn countryColumn = new DataColumn();
countryColumn.ColumnName = "country";
dtAdUsers.Columns.Add(countryColumn);
DataColumn emailColumn = new DataColumn();
emailColumn.ColumnName = "email";
dtAdUsers.Columns.Add(emailColumn);
DataColumn phoneNumberColumn = new DataColumn();
phoneNumberColumn.ColumnName = "phoneNumber";
dtAdUsers.Columns.Add(phoneNumberColumn);
DataColumn flex1RegionColumn = new DataColumn();
flex1RegionColumn.ColumnName = "flex1Region";
dtAdUsers.Columns.Add(flex1RegionColumn);
DataColumn flex2CompanyColumn = new DataColumn();
flex2CompanyColumn.ColumnName = "flex2Company";
dtAdUsers.Columns.Add(flex2CompanyColumn);
DataColumn flex3SubBrandColumn = new DataColumn();
flex3SubBrandColumn.ColumnName = "flex3SubBrand";
dtAdUsers.Columns.Add(flex3SubBrandColumn);
DataColumn extensionAttribute15Column = new DataColumn();
extensionAttribute15Column.ColumnName = "extensionAttribute15";
dtAdUsers.Columns.Add(extensionAttribute15Column);
DataColumn GUIDColumn = new DataColumn();
GUIDColumn.ColumnName = "ObjectGUID";
dtAdUsers.Columns.Add(GUIDColumn);
DataRow dr;
int count = 0;
using (SearchResultCollection results = mySearcher.FindAll())
{
foreach (SearchResult resEnt in results)
{
string Flex1Region = resEnt.GetDirectoryEntry().Properties["distinguishedName"].Value as string;
string[] Flex1Array = Flex1Region.Split(',');
Flex1Region = Flex1Array[3];
Flex1Region = Flex1Region.Split('=')[1];
count++;
dr = dtAdUsers.NewRow();
dr["firstName"] = resEnt.GetDirectoryEntry().Properties["givenName"].Value as string;
dr["lastName"] = resEnt.GetDirectoryEntry().Properties["sn"].Value as string;
dr["middleInitial"] = resEnt.GetDirectoryEntry().Properties["initials"].Value as string;
dr["title"] = resEnt.GetDirectoryEntry().Properties["title"].Value as string;
dr["companyName"] = resEnt.GetDirectoryEntry().Properties["company"].Value as string;
dr["address1"] = resEnt.GetDirectoryEntry().Properties["streetAddress"].Value as string;
dr["city"] = resEnt.GetDirectoryEntry().Properties["l"].Value as string;
dr["state"] = resEnt.GetDirectoryEntry().Properties["st"].Value as string;
dr["zipcode"] = resEnt.GetDirectoryEntry().Properties["postalCode"].Value as string;
dr["country"] = resEnt.GetDirectoryEntry().Properties["co"].Value as string;
dr["email"] = resEnt.GetDirectoryEntry().Properties["mail"].Value as string;
dr["phoneNumber"] = resEnt.GetDirectoryEntry().Properties["telephoneNumber"].Value as string;
dr["flex1Region"] = Flex1Region;
dr["flex2Company"] = resEnt.GetDirectoryEntry().Properties["company"].Value as string;
dr["flex3SubBrand"] = resEnt.GetDirectoryEntry().Properties["GroupMcompany"].Value as string;
dr["extensionAttribute15"] = resEnt.GetDirectoryEntry().Properties[extAttribute].Value as string;
dr["ObjectGUID"] = resEnt.GetDirectoryEntry().Guid.ToString();
dtAdUsers.Rows.Add(dr);
lblText.Text = "Ad Users " + count.ToString();
lblText.Refresh();
Application.DoEvents();
}
}
}
它只返回1000条记录。有人能建议出了什么问题吗
因为PageSize属性的值被设置为
mySearcher.PageSize = 1001
SizeLimit属性使用其默认值(=1000)。
http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.pagesize(v=vs.110).aspx
此外,请查看SizeLimit属性http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.sizelimit(v=vs.110).aspx
您可以在AD配置的某个位置通过LDAP查询允许更多结果,但有充分的理由将LDAP查询限制为最多1000个结果(在大型公司域中,您甚至可以在不知道的情况下运行DOS攻击…)最好的方法(从基础设施的角度来看)是使用范围参数将查询拆分为数千个
请参阅PowerShell(getUsers.ps1 myADGroupName)中的此代码
#get the group
$myGroup = [string]$args[0];
$myGroup = $myGroup.replace(" ",",");
$group = [adsi]("LDAP://$($myGroup)");
#set the inital from value
$from = 0
#escape trigger when the $ds.findall() errors
$all = $false
#array for the members of the group
$members = @()
while (! $all) {
#catch an error and set all to $true to escape
trap{$script:all = $True;continue}
#top end of the range so initally 0-999. a Range of 1000 is used to make sure it works on all versions of AD
$to = $from + 999
#Query the group object for members using "member;range=$from-$to" to just return the range of objects for this pass.
#This will generate an error with an invalid range
$DS = New-Object DirectoryServices.DirectorySearcher($Group,"(objectClass=*)","member;range=$from-$to",'Base')
#as the variable name for the group name is not member, but member;range=0-999 etc, the $_.PropertyNames -like 'member;*' catches all instances
$members += $ds.findall() | foreach {$_.properties | foreach {$_.item($_.PropertyNames -like 'member;*')}}
#set up the next search range
$from += 1000
}
#dislay the count
$currentExecuting = (Get-Item $MyInvocation.MyCommand.Path)
$group.sAMAccountName
$members | measure-object
#dislay the member list
$members > "$($currentExecuting.Directory)'$($group.sAMAccountName).txt"