在Active Dirctory中检索特定组和OU中的用户

时间:2016-08-22 05:11:07

标签: c# active-directory

我想从Active Directory中的特定OU检索给定组中的所有用户。我的代码抛出异常

  

操作已中止,因为超出了客户端超时限制

我在

处得到此例外
foreach (SearchResultEntry entry in searchResponse.Entries)

我的群组名称为Arya,OU名称为TestOU

但是,当我将过滤器编写为

string searchFilter = "(&(objectCategory=user)" 

它起作用并从所有OU返回用户,我认为我不想要。

bool bMoreData = false;

DirectoryEntry rootDSE = new DirectoryEntry("LDAP://" + domain);
string[] attributes = { "samaccountname", "displayname", "name", "initials" };

System.Net.NetworkCredential credential = new System.Net.NetworkCredential(admin, password, "IP address");

LdapDirectoryIdentifier directoryIdentifier = new LdapDirectoryIdentifier("ip address"); //389 (unsecured LDAP)
LdapConnection connection = new LdapConnection(directoryIdentifier, credential);
connection.Bind();

string searchFilter = "(&(objectCategory=user)(memberOf=cn=Arya,ou=TestOU,dc=Maintenance,dc=org))";
SearchRequest request = new SearchRequest("DC=Maintenance,DC=org", searchFilter, System.DirectoryServices.Protocols.SearchScope.Base, attributes);
// getCookie();

DirSyncRequestControl dirSyncRC = new DirSyncRequestControl(cookie, System.DirectoryServices.Protocols.DirectorySynchronizationOptions.IncrementalValues, Int32.MaxValue);
request.Controls.Add(dirSyncRC);

SearchResponse searchResponse = (SearchResponse)connection.SendRequest(request);

foreach (SearchResultEntry entry in searchResponse.Entries)// Exception thrown here
{
    Console.WriteLine("{0}:{1}",
    searchResponse.Entries.IndexOf(entry),
    entry.DistinguishedName);
}

foreach (DirectoryControl control in searchResponse.Controls)
{
    if (control is DirSyncResponseControl)
    {
        DirSyncResponseControl dsrc = control as DirSyncResponseControl;
        cookie = dsrc.Cookie;
        bMoreData = dsrc.MoreData;
        break;
    }
}

2 个答案:

答案 0 :(得分:1)

我发现以下行存在问题

DirSyncRequestControl dirSyncRC = new DirSyncRequestControl(cookie, System.DirectoryServices.Protocols.DirectorySynchronizationOptions.IncrementalValues, Int32.MaxValue);

当它替换它时,它适合我。

DirSyncRequestControl dirSyncRC = new DirSyncRequestControl(cookie, System.DirectoryServices.Protocols.DirectorySynchronizationOptions.ObjectSecurity, Int32.MaxValue);

答案 1 :(得分:0)

您可以绑定到您的OU的PrincipalContext,然后找到您要查找的群组:

// create your domain context - bind to the OU you're interested in
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, null, "OU=TestOU"))
{
   // define a "query-by-example" principal - here, we search for any GroupPrincipal 
   GroupPrincipal group = ctx.FindByIdentity("Arya");

   // if group is found - enumerate its members
   if(group != null) 
   {
       foreach(var found in group.GetMembers())
       {
            // 
       }
   }
}

如果你还没有 - 绝对阅读MSDN文章Managing Directory Security Principals in the .NET Framework 3.5(微软可下载的.CHM文件 - 2008年1月号的MSDN杂志),它很好地展示了如何充分利用新版本System.DirectoryServices.AccountManagement中的功能。或者查看MSDN documentation on the System.DirectoryServices.AccountManagement命名空间。