用于搜索AD的Java程序

Question

这是我目前的代码。我正在创建一个java程序来分析Active Directory以确定用户/计算机应用了哪些策略。目前正在按照以下方式工作。接下来，我将添加向用户添加策略的功能。但是，在检查以下策略时，如果用户不存在，并且用户没有策略，则不会产生任何结果。我无法弄清楚如何确定用户是否不存在？任何帮助将不胜感激。

public class memberOf   {

    ArrayList results;

    memberOf(String computerName){

        Hashtable env = new Hashtable();
        //String adminName = "CN=Administrator,CN=Users,DC=ANTIPODES,DC=COM";
        //String adminPassword = "XXXXXXX";
        String ldapURL = "n";
        env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
        //set security credentials, note using simple cleartext authentication
        env.put(Context.SECURITY_AUTHENTICATION,"simple");


        env.put(Context.SECURITY_PRINCIPAL,"u");
        System.out.println("Enter password");
        Scanner in = new Scanner(System.in);
        String password = in.nextLine();



        env.put(Context.SECURITY_CREDENTIALS,password);
        //env.put(Context.SECURITY_PROTOCOL, "ssl");



        //connect toSdomain controller
        env.put(Context.PROVIDER_URL,ldapURL);

        try {

            //Create the initial directory context
            LdapContext ctx = new InitialLdapContext(env,null);


            //Create the search controls        
            SearchControls searchCtls = new SearchControls();

            //Specify the search scope
            searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);

            //specify the LDAP search filter
            String searchFilter= "CN="+computerName;

            //Specify the Base for the search
            String searchBase = "DC=n,DC=o";

            //initialize counter to total the groups
            int totalResults = 0;


            //Specify the attributes to return
            String returnedAtts[]={"memberOf"};
            searchCtls.setReturningAttributes(returnedAtts);

            //Search for objects using the filter
            NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);


            results = new ArrayList();
                while (answer.hasMoreElements()) {

                    SearchResult sr = (SearchResult)answer.next();

                    Attributes attrs = sr.getAttributes();


                    try {

                        for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) {
                            Attribute attr = (Attribute)ae.next();                          

                            for (NamingEnumeration e = attr.getAll();e.hasMore();totalResults++) {

                                String tempStr = (String)(e.next());
                                int start = tempStr.indexOf("_");
                                int end = tempStr.indexOf(",");
                                tempStr=tempStr.substring(start, end);                          
                                results.add(totalResults,tempStr);                              

                            }

                        }

                    }    
                    catch(Exception e){
                        e.printStackTrace();
                    }                   

                }
        ctx.close();        
        }       
        catch (NamingException e) {
            e.printStackTrace();
        }   

    }
    public ArrayList getResults(){
        System.out.println(results.size());
        if(results.size()==0){
            results.add(0, "No Groups");
        }
        return(results);
    }

}

Answer 1

你不能那样找到它。您需要知道要在用户中搜索的属性（upn，samAccountName等），找到它们，并使用用户对象中的反向链接属性来查找其策略。

看起来你正在反过来 - 看政策并询问＆＃34;谁是这项政策的成员＆＃34;。这很有效 - 但显然无法区分

• 用户存在但不是成员
• 用户根本不存在。