我正在尝试使用.Net的DirectorySearcher来查询已禁用的用户。
我使用的是一个非常快速的列表功能,非常类似于此处发布的功能。 Enumerating Large Groups With Active Directory
我尝试将过滤器更改为
(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=2))
我没有结果。似乎我不能在这个庄园中使用DirectorySearcher。有没有人这样做过。我只需要基本信息,并且更喜欢轻量级/快速查询。
答案 0 :(得分:3)
使用.NET 3.5中引入的System.DirectoryServices.AccountManagement命名空间,这样的事情变得容易多了。
在此处阅读所有相关信息:Managing Directory Security Principals in the .NET Framework 3.5
首先必须为您的操作建立上下文 - 明确支持AD LDS:
// create a context for an AD LDS store pointing to the
// partition root using the credentials for a user in the AD LDS store
// and SSL for encryption
PrincipalContext ldsContext = new PrincipalContext(
ContextType.ApplicationDirectory, "sea-dc-02.fabrikam.com:50001",
"ou=ADAM Users,o=microsoft,c=us",
ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind,
"CN=administrator,OU=ADAM Users,O=Microsoft,C=US ", "pass@1w0rd01");
然后你创建一个PrincipalSearcher并以“按示例查询”的方式定义你要找的东西:
// create a principal object representation to describe
// what will be searched
UserPrincipal user = new UserPrincipal(ldsContext);
// define the properties of the search (this can use wildcards)
user.Enabled = false;
user.Name = "user*";
// create a principal searcher for running a search operation
PrincipalSearcher pS = new PrincipalSearcher();
// assign the query filter property for the principal object you created
// you can also pass the user principal in the PrincipalSearcher constructor
pS.QueryFilter = user;
// run the query
PrincipalSearchResult<Principal> results = pS.FindAll();
Console.WriteLine("Disabled accounts starting with a name of 'user':");
foreach (Principal result in results)
{
Console.WriteLine("name: {0}", result.Name);
}
漂亮俏皮,嗯?如果你能 - 使用新的S.DS.AM命名空间!!