为什么活动目录搜索结果返回1000条记录

时间:2014-10-13 11:11:15

标签: c#

我的代码如下

  using (DirectorySearcher mySearcher = new DirectorySearcher(entry))
                {
                    mySearcher.PageSize = 1001
                    mySearcher.Filter = "(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!samaccountname=*.service)(!samaccountname=_*)(company=*)(mail=*)(telephoneNumber=*)(|(" + extAttribute + "=LIMITED)(" + extAttribute + "=ALL)))";
                    dtAdUsers = new DataTable("dtAdUsers");
                    DataColumn firstNameColumn = new DataColumn();
                    firstNameColumn.ColumnName = "firstName";
                    dtAdUsers.Columns.Add(firstNameColumn);

                    DataColumn lastNameColumn = new DataColumn();
                    lastNameColumn.ColumnName = "lastName";
                    dtAdUsers.Columns.Add(lastNameColumn);

                    DataColumn middleInitialColumn = new DataColumn();
                    middleInitialColumn.ColumnName = "middleInitial";
                    dtAdUsers.Columns.Add(middleInitialColumn);

                    DataColumn titleColumn = new DataColumn();
                    titleColumn.ColumnName = "title";
                    dtAdUsers.Columns.Add(titleColumn);

                    DataColumn companyNameColumn = new DataColumn();
                    companyNameColumn.ColumnName = "companyName";
                    dtAdUsers.Columns.Add(companyNameColumn);

                    DataColumn address1Column = new DataColumn();
                    address1Column.ColumnName = "address1";
                    dtAdUsers.Columns.Add(address1Column);

                    DataColumn cityColumn = new DataColumn();
                    cityColumn.ColumnName = "city";
                    dtAdUsers.Columns.Add(cityColumn);

                    DataColumn stateColumn = new DataColumn();
                    stateColumn.ColumnName = "state";
                    dtAdUsers.Columns.Add(stateColumn);

                    DataColumn zipcodeColumn = new DataColumn();
                    zipcodeColumn.ColumnName = "zipcode";
                    dtAdUsers.Columns.Add(zipcodeColumn);

                    DataColumn countryColumn = new DataColumn();
                    countryColumn.ColumnName = "country";
                    dtAdUsers.Columns.Add(countryColumn);

                    DataColumn emailColumn = new DataColumn();
                    emailColumn.ColumnName = "email";
                    dtAdUsers.Columns.Add(emailColumn);

                    DataColumn phoneNumberColumn = new DataColumn();
                    phoneNumberColumn.ColumnName = "phoneNumber";
                    dtAdUsers.Columns.Add(phoneNumberColumn);

                    DataColumn flex1RegionColumn = new DataColumn();
                    flex1RegionColumn.ColumnName = "flex1Region";
                    dtAdUsers.Columns.Add(flex1RegionColumn);

                    DataColumn flex2CompanyColumn = new DataColumn();
                    flex2CompanyColumn.ColumnName = "flex2Company";
                    dtAdUsers.Columns.Add(flex2CompanyColumn);

                    DataColumn flex3SubBrandColumn = new DataColumn();
                    flex3SubBrandColumn.ColumnName = "flex3SubBrand";
                    dtAdUsers.Columns.Add(flex3SubBrandColumn);

                    DataColumn extensionAttribute15Column = new DataColumn();
                    extensionAttribute15Column.ColumnName = "extensionAttribute15";
                    dtAdUsers.Columns.Add(extensionAttribute15Column);

                    DataColumn GUIDColumn = new DataColumn();
                    GUIDColumn.ColumnName = "ObjectGUID";
                    dtAdUsers.Columns.Add(GUIDColumn);

                    DataRow dr;
                    int count = 0;
                    using (SearchResultCollection results = mySearcher.FindAll())
                    {

                        foreach (SearchResult resEnt in results)
                        {
                            string Flex1Region = resEnt.GetDirectoryEntry().Properties["distinguishedName"].Value as string;
                            string[] Flex1Array = Flex1Region.Split(',');
                            Flex1Region = Flex1Array[3];
                            Flex1Region = Flex1Region.Split('=')[1];
                            count++;
                            dr = dtAdUsers.NewRow();
                            dr["firstName"] = resEnt.GetDirectoryEntry().Properties["givenName"].Value as string;
                            dr["lastName"] = resEnt.GetDirectoryEntry().Properties["sn"].Value as string;
                            dr["middleInitial"] = resEnt.GetDirectoryEntry().Properties["initials"].Value as string;
                            dr["title"] = resEnt.GetDirectoryEntry().Properties["title"].Value as string;
                            dr["companyName"] = resEnt.GetDirectoryEntry().Properties["company"].Value as string;
                            dr["address1"] = resEnt.GetDirectoryEntry().Properties["streetAddress"].Value as string;
                            dr["city"] = resEnt.GetDirectoryEntry().Properties["l"].Value as string;
                            dr["state"] = resEnt.GetDirectoryEntry().Properties["st"].Value as string;
                            dr["zipcode"] = resEnt.GetDirectoryEntry().Properties["postalCode"].Value as string;
                            dr["country"] = resEnt.GetDirectoryEntry().Properties["co"].Value as string;
                            dr["email"] = resEnt.GetDirectoryEntry().Properties["mail"].Value as string;
                            dr["phoneNumber"] = resEnt.GetDirectoryEntry().Properties["telephoneNumber"].Value as string;
                            dr["flex1Region"] = Flex1Region;
                            dr["flex2Company"] = resEnt.GetDirectoryEntry().Properties["company"].Value as string;
                            dr["flex3SubBrand"] = resEnt.GetDirectoryEntry().Properties["GroupMcompany"].Value as string;
                            dr["extensionAttribute15"] = resEnt.GetDirectoryEntry().Properties[extAttribute].Value as string;
                            dr["ObjectGUID"] = resEnt.GetDirectoryEntry().Guid.ToString();

                            dtAdUsers.Rows.Add(dr);
                            lblText.Text = "Ad Users " + count.ToString();
                            lblText.Refresh();
                            Application.DoEvents();
                        }
                    }

                }

它只返回1000条记录。可以有人建议问题是什么

2 个答案:

答案 0 :(得分:3)

由于值PageSize属性设置为

mySearcher.PageSize = 1001

和SizeLimit属性使用其默认值(= 1000)。

http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.pagesize(v=vs.110).aspx

另外,请查看 SizeLimit 属性 http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.sizelimit(v=vs.110).aspx

答案 1 :(得分:1)

您可以通过AD配置中的某个位置通过LDAP查询获得更多结果,但是有充分的理由将LDAP查询限制为最多1000个结果(在大型企业域中,即使不知道......,您也可以真正简单地运行DOS攻击) 最佳方法(从基础架构的角度来看)是使用 范围 参数将您的查询拆分为数千个

在PowerShell中查看此代码(getUsers.ps1 myADGroupName)

#get the group
$myGroup = [string]$args[0];
$myGroup = $myGroup.replace(" ",",");
$group = [adsi]("LDAP://$($myGroup)");

#set the inital from value
$from = 0 

#escape trigger when the $ds.findall() errors
$all = $false 

#array for the members of the group
$members = @() 


while (! $all) { 
   #catch an error and set all to $true to escape
   trap{$script:all = $True;continue} 

   #top end of the range so initally 0-999. a Range of 1000 is used to make sure it works on all versions of AD
   $to = $from + 999 

   #Query the group object for members using "member;range=$from-$to" to just return the range of objects for this pass.
   #This will generate an error with an invalid range
   $DS = New-Object DirectoryServices.DirectorySearcher($Group,"(objectClass=*)","member;range=$from-$to",'Base') 

   #as the variable name for the group name is not member, but member;range=0-999 etc, the $_.PropertyNames -like 'member;*' catches all instances
   $members += $ds.findall() | foreach {$_.properties | foreach {$_.item($_.PropertyNames -like 'member;*')}} 

   #set up the next search range
   $from += 1000 
} 

#dislay the count
$currentExecuting = (Get-Item $MyInvocation.MyCommand.Path)
$group.sAMAccountName
$members | measure-object 

#dislay the member list
$members > "$($currentExecuting.Directory)\$($group.sAMAccountName).txt"
相关问题
最新问题