Active Directory搜索-按管理器过滤

本文介绍了Active Directory搜索-按管理器过滤的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在尝试从Active Directory中获取具有指定管理员的用户列表.我使用以下LDAP过滤器未成功:

I'm trying to get a list of users from the Active Directory, who have a specified manager.I used the following LDAP filter without success:

(manager=CN=Misterboss_n*)

但是，它不返回任何结果.用户在manager属性中具有以下值:

However, it returns no result. Users have the following value in the manager attribute:

"CN=Misterboss_n,OU=xyz user,DC=xyz,DC=local"

我做错了什么?如果我将上述过滤器替换为以下内容:

What am I doing wrong? If I replace the above filter with something like this:

(givenName=John*)

工作正常(返回给定名称为John的所有用户).

it works okay (returns all users whose given name is John).

更广泛的上下文:

public List<ADUserDetail> GetAllEmployeesUnderMisterboss()
        {
            List<ADUserDetail> userlist = new List<ADUserDetail>();
            string filter = "";
            _directoryEntry = null;
            DirectorySearcher directorySearch = new DirectorySearcher(SearchRoot);
            directorySearch.Asynchronous = true;
            directorySearch.CacheResults = true;
            filter = "(manager=CN=Misterboss_n*)";
            directorySearch.Filter = filter;
            SearchResultCollection userCollection = directorySearch.FindAll();
            foreach (SearchResult users in userCollection)
            {
                DirectoryEntry userEntry = new DirectoryEntry(users.Path, LDAPUser, LDAPPassword);
                ADUserDetail userInfo = ADUserDetail.GetUser(userEntry);
                userlist.Add(userInfo);
            }
            return userlist;
        }

感谢您的帮助！

推荐答案

我认为没有针对DN类型属性的字段开始搜索.您将必须使用管理器的完整DN.如果您不知道完整的DN，请首先找到管理器的LDAP对象，然后使用其 distinguishedName 属性.

I don't think there is a start-of-field search available for DN-typed properties. You will have to use the full DN of the manager. If you don't know the full DN, find the manager's LDAP object first and use its distinguishedName property.

在构建您的计算机之前，请确保正确转义DN值过滤器-并非在DN中有效的每个字符在LDAP过滤器表达式中也都有效:

Be sure to escape the DN value properly before building your filter - not every character that is valid in a DN is also valid in an LDAP filter expression:

*   as  \2a
(   as  \28
)   as  \29
\   as  \5c
NUL as  \00
/   as  \2f

有关代码示例，请参见以下相关线程，我在其中回答了一个非常类似的问题:从Active Directory获取所有直接报告

For code samples, see this related thread where I answered a very similar question: Getting all direct Reports from Active Directory

这篇关于Active Directory搜索-按管理器过滤的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！