如何从DirectoryEntry对象获取所有属性

时间:2016-10-08 08:22:18

标签: .net active-directory ldap

我尝试编写一个过程来获取可用DirectoryEntry

中的所有属性 
// create LDAP connection object  

DirectoryEntry myLdapConnection = createDirectoryEntry();  

// create search object which operates on LDAP connection object  
// and set search object to only find the user specified  

DirectorySearcher search = new DirectorySearcher(myLdapConnection);  
search.Filter = "(cn=" + username + ")";  

// create results objects from search object  

SearchResult result = search.FindOne();  

if (result != null)  
{  
    // user exists, cycle through LDAP fields (cn, telephonenumber etc.)  

    ResultPropertyCollection fields = result.Properties;  

    foreach (String ldapField in fields.PropertyNames)  
    {  
         // cycle through objects in each field e.g. group membership  
         // (for many fields there will only be one object such as name)  

         foreach (Object myCollection in fields[ldapField])   
             Console.WriteLine(String.Format("{0,-20} : {1}",   
                    ldapField, myCollection.ToString()));  
    }  
 }  

 else  
 {  
      // user does not exist  
      Console.WriteLine("User not found!");  
 }

当我尝试在一个用户下执行此过程时,它会返回一个属性列表,但是当我尝试在另一个用户下执行此过程时,它会返回不同数量的属性。

为了获得 所有 属性,我需要什么样的授权?

提前致谢

了Kobi

2 个答案:

答案 0 :(得分:0)

默认情况下,所有成功登录的AD帐户(Authenticated Users)都具有Active Directory的读取权限(请参阅https://blog.varonis.com/the-difference-between-everyone-and-authenticated-users/)。但是在某些情况下,管理员可能会更改行为。要检查用户有权访问哪些AD对象属性,请在任何DC上打开ADUC管理单元,打开所需的AD对象属性,转到“安全”选项卡。在那里,您可以看到所有用户\组的常见安全信息。如果单击选项卡上的“高级”按钮,然后转到“有效访问”选项卡,则可以验证所需安全主体对该对象的有效访问权限。

最简单的方法是使用属于Domain Admins \ Enterprise Admins组的帐户连接到DC。但是,由于安全原因并正确配置权限,我建议避免这种情况

答案 1 :(得分:0)

使用 LDAP:

DirectoryEntry entry = new DirectoryEntry("LDAP://KLM.ENS");

using (DirectorySearcher adSearch = new DirectorySearcher(entry))
{
    adSearch.Filter = "(sAMAccountName=userName)";
    SearchResult adSearchResult = adSearch.FindOne();
    foreach(var propertyName in adSearchResult.Properties.PropertyNames)
    {
        Console.WriteLine($"{propertyName} : {adSearchResult.Properties[propertyName.ToString()][0]}");                        
    }
}

使用 WinNT:

string Domain_Slash_Machine = System.Web.HttpContext.Current.User.Identity.Name;
Domain_Slash_Machine = Domain_Slash_Machine.Replace(@"\", @"/");
string queryString = @"WinNT://" + Domain_Slash_Machine;

DirectoryEntry obDirEntry = new DirectoryEntry(queryString);
System.DirectoryServices.PropertyCollection propColl =
obDirEntry.Properties;
foreach (var propertyName in obDirEntry.Properties.PropertyNames)
{
    Console.WriteLine($"{propertyName} : {propColl[propertyName.ToString()].Value}");                    
}
相关问题
最新问题