使用 C# 获取 Active Directory 中用户的父 OU
本文关键字:用户 OU Directory 获取 Active 使用 | 更新日期: 2023-09-27 18:30:47
我想检查用户是否位于特定的父 OU 中。
我该怎么做?
检查下面的代码,清楚地描述我正在寻找的内容。
using System.DirectoryServices.AccountManagement;
public bool IsUserInOU(string samAccountName, string OUName){
using (var context = new PrincipalContext(ContextType.Domain))
{
using (var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, samAccountName))
{
//Check if the user is in the OU specified in OUName
//Something like:
//return user.IsInOU(OUName);
}
}
}
public void TestIt_1(){
//The parent OU of this user is "AwesomeOU"
string samAccountName = "Joe";
string OUName = "AwesomeOU";
bool expected = true;
bool actual = IsUserInOU(samAccountName, OUName);
Assert.AreEqual(expected, actual);
}
public void TestIt_2(){
//The parent OU of this user is "WhateverOU"
string samAccountName = "Mike";
string OUName = "AwesomeOU";
bool expected = false;
bool actual = IsUserInOU(samAccountName, OUName);
Assert.AreEqual(expected, actual);
}
域:
- 国家级企业
- 真棒 OU
- 乔
- 无论什么 OU
- 话筒
- 真棒 OU
empi 回答后的解决方案 1
根据 empi 提供的信息,我编写了以下方法来提取可分辨名称中的第一个 OU。这样做之后,剩下的就是轻而易举了。
public static string GetOUForUser(string samAccountName)
{
using (var context = new PrincipalContext(ContextType.Domain))
{
using (var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, samAccountName))
{
//System.Console.WriteLine(user.DistinguishedName);
int startIndex = user.DistinguishedName.IndexOf("OU=", 1) + 3; //+3 for length of "OU="
int endIndex = user.DistinguishedName.IndexOf(",", startIndex);
var group = user.DistinguishedName.Substring((startIndex), (endIndex - startIndex));
return group;
}
}
}
JPBlanc 回答后的解决方案 2
public static string GetOUForUser(string samAccountName)
{
using (var context = new PrincipalContext(ContextType.Domain))
{
using (var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, samAccountName))
{
using (DirectoryEntry deUser = user.GetUnderlyingObject() as DirectoryEntry)
{
using (DirectoryEntry deUserContainer = deUser.Parent)
{
return deUserContainer.Properties["Name"].Value.ToString();
}
}
}
}
}
好的,
@Empi解决方案都可以工作,但是UserPrincipal建立在DirectoryEntry对象之上的,这些对象提供了parent或container属性,这些属性只为您提供所需的对象,而不使用字符串方式。
/* Retreiving a principal context
*/
PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "dom''jpb", "MyPwd");
/* Retreive a user
*/
UserPrincipal user = UserPrincipal.FindByIdentity(domainContext, "user1");
/* Retreive the container
*/
DirectoryEntry deUser = user.GetUnderlyingObject() as DirectoryEntry;
DirectoryEntry deUserContainer = deUser.Parent;
Console.WriteLine (deUserContainer.Properties["distinguishedName"].Value);
此信息
位于 UserPrincipal.DistinctedName 中。您应该检查可分辨名称是否以","+ ou可分辨名称结尾(不区分大小写)。但是,您必须知道您正在检查的 ou 的不规则名称。
例如,如果 dn 是:CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM ,则表示用户在 OU=Sales,DC=Fabrikam,DC=COM ou 中。
这就是我获取特定 AD 用户的可分辨名称的方式,希望对您有所帮助:-)
private static string GetDNOfUser(string user)
{
var ctx = new PrincipalContext(ContextType.Domain, Environmentals.Domain, Environmentals.OUPath);
//Creating object for search filter
UserPrincipal userPrin = new UserPrincipal(ctx)
{
//Only getting users with the same name as the input
Name = user
};
var searcher = new PrincipalSearcher
{
//Applying filter to query
QueryFilter = userPrin
};
//Finding the user
var results = searcher.FindOne();
searcher.Dispose();
//Return the distinguishedname
return results.DistinguishedName;
}