我想从Active Directory中的特定OU检索给定组中的所有用户。我的代码抛出异常
操作已中止,因为超出了客户端超时限制
我在
处得到此例外foreach (SearchResultEntry entry in searchResponse.Entries)
我的群组名称为Arya,OU名称为TestOU
但是,当我将过滤器编写为
时string searchFilter = "(&(objectCategory=user)"
它起作用并从所有OU返回用户,我认为我不想要。
bool bMoreData = false;
DirectoryEntry rootDSE = new DirectoryEntry("LDAP://" + domain);
string[] attributes = { "samaccountname", "displayname", "name", "initials" };
System.Net.NetworkCredential credential = new System.Net.NetworkCredential(admin, password, "IP address");
LdapDirectoryIdentifier directoryIdentifier = new LdapDirectoryIdentifier("ip address"); //389 (unsecured LDAP)
LdapConnection connection = new LdapConnection(directoryIdentifier, credential);
connection.Bind();
string searchFilter = "(&(objectCategory=user)(memberOf=cn=Arya,ou=TestOU,dc=Maintenance,dc=org))";
SearchRequest request = new SearchRequest("DC=Maintenance,DC=org", searchFilter, System.DirectoryServices.Protocols.SearchScope.Base, attributes);
// getCookie();
DirSyncRequestControl dirSyncRC = new DirSyncRequestControl(cookie, System.DirectoryServices.Protocols.DirectorySynchronizationOptions.IncrementalValues, Int32.MaxValue);
request.Controls.Add(dirSyncRC);
SearchResponse searchResponse = (SearchResponse)connection.SendRequest(request);
foreach (SearchResultEntry entry in searchResponse.Entries)// Exception thrown here
{
Console.WriteLine("{0}:{1}",
searchResponse.Entries.IndexOf(entry),
entry.DistinguishedName);
}
foreach (DirectoryControl control in searchResponse.Controls)
{
if (control is DirSyncResponseControl)
{
DirSyncResponseControl dsrc = control as DirSyncResponseControl;
cookie = dsrc.Cookie;
bMoreData = dsrc.MoreData;
break;
}
}
答案 0 :(得分:1)
我发现以下行存在问题
DirSyncRequestControl dirSyncRC = new DirSyncRequestControl(cookie, System.DirectoryServices.Protocols.DirectorySynchronizationOptions.IncrementalValues, Int32.MaxValue);
当它替换它时,它适合我。
DirSyncRequestControl dirSyncRC = new DirSyncRequestControl(cookie, System.DirectoryServices.Protocols.DirectorySynchronizationOptions.ObjectSecurity, Int32.MaxValue);
答案 1 :(得分:0)
您可以绑定到您的OU的PrincipalContext,然后找到您要查找的群组:
// create your domain context - bind to the OU you're interested in
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, null, "OU=TestOU"))
{
// define a "query-by-example" principal - here, we search for any GroupPrincipal
GroupPrincipal group = ctx.FindByIdentity("Arya");
// if group is found - enumerate its members
if(group != null)
{
foreach(var found in group.GetMembers())
{
//
}
}
}
如果你还没有 - 绝对阅读MSDN文章Managing Directory Security Principals in the .NET Framework 3.5(微软可下载的.CHM文件 - 2008年1月号的MSDN杂志),它很好地展示了如何充分利用新版本System.DirectoryServices.AccountManagement中的功能。或者查看MSDN documentation on the System.DirectoryServices.AccountManagement命名空间。