问题描述
我已经为此尝试过Google,但结果却千差万别,我遇到了紧急情况,很少有时间花在试验和错误上.我有一个Web应用程序,维护着它自己能够访问它的域用户的列表.当前,管理员必须输入用户名,并且拼写等非常不常见,此处与确切的AD用户名不匹配,因此我需要为此提供一个下拉菜单.现在它只能列出所有用户,我将按键入的字母添加过滤器.
I have tried Google for this, but results are widely varied and I have something of an emergency, with very little time to spend on trial and error. I have a web app that maintains it''s own list of domain users that are able to access it. Currently the admin must type in user names, and extremely often the spelling etc. here doesn''t match the exact AD user name, so I need to provide a dropdown for this. For now it can just list all users, I will add a filter by letters typed.
推荐答案
using System.DirectoryServices;
建立联系:
Get connected:
private DirectoryEntry entry;
private List<DirectoryEntry> entryList = new List<DirectoryEntry>();
entry = new DirectoryEntry("LDAP://url.to_your.ad", "user", "password");
提取条目
Fetch entries
public List<DirectoryEntry> GetDirectoryEntries()
{
foreach (DirectoryEntry child in entry.Children)
{
entryList.Add(child);
}
return entryList;
}
现在,您有了AD树的第一级.现在您必须区分
用户和组节点继续.这可以通过检查
Now you have the first level of your AD tree. Now you have to distinguish between
user and group nodes to go on. This can be done by checking
child.SchemaClassName
来完成读取用户"或组".
像
这样的课程
which reads ''user'' or ''group''.
With a class like
public class AdUser
{
public string Firstname = "";
public string Lastname = "";
public string DisplayName = "";
public string Alias = "";
public string MailAddress = "";
public List<string> MailAlias = new List<string>();
public string Description = "";
public string Address = "";
public string TelephoneNumber = "";
public string Department = "";
public string Company = "";
public string Office = "";
public string City = "";
public string State = "";
public string ZipCode = "";
public string LoginName = "";
public string Login = "";
public string Country = "";
public string LastLogonTimestamp = "";
public string HomeDirectory = "";
public List<string> MemberOf = new List<string>();
}
您现在可以逐个节点展开并使用
检查用户
you can now expand node by node and check for users with
public List<AdUser> GetAdUserByGroup(string GroupName)
{
List<AdUser> ret_list = new List<AdUser>();
try
{
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(&(objectClass=user)(memberOf=" + GroupName + "))";
search.PropertiesToLoad.Add("givenname");
search.PropertiesToLoad.Add("sn");
search.PropertiesToLoad.Add("displayName");
search.PropertiesToLoad.Add("mail");
search.PropertiesToLoad.Add("proxyAddresses");
search.PropertiesToLoad.Add("description");
search.PropertiesToLoad.Add("memberof");
search.PropertiesToLoad.Add("streetAddress");
search.PropertiesToLoad.Add("SAMAccountName");
search.PropertiesToLoad.Add("telephoneNumber");
search.PropertiesToLoad.Add("department");
search.PropertiesToLoad.Add("company");
search.PropertiesToLoad.Add("office");
search.PropertiesToLoad.Add("l");
search.PropertiesToLoad.Add("st");
search.PropertiesToLoad.Add("postalCode");
search.PropertiesToLoad.Add("userprincipalname");
search.PropertiesToLoad.Add("co");
search.PropertiesToLoad.Add("lastLogonTimestamp");
_rawAnswer = "";
foreach (SearchResult sr in search.FindAll())
{
AdUser user = new AdUser();
_rawAnswer += sr.GetDirectoryEntry().Path;
if (sr.Properties["givenname"].Count > 0)
user.Firstname = sr.Properties["givenname"][0].ToString();
if (sr.Properties["sn"].Count > 0)
user.Lastname = sr.Properties["sn"][0].ToString();
if (sr.Properties["displayName"].Count > 0)
user.DisplayName = sr.Properties["displayName"][0].ToString();
if (sr.Properties["mail"].Count > 0)
user.MailAddress = sr.Properties["mail"][0].ToString();
if (sr.Properties["description"].Count > 0)
user.Description = sr.Properties["description"][0].ToString();
if (sr.Properties["proxyAddresses"].Count > 0)
{
for (int i = 0; i < sr.Properties["proxyAddresses"].Count; i++)
user.MailAlias.Add(sr.Properties["proxyAddresses"][i].ToString());
}
if (sr.Properties["memberof"].Count > 0)
{
for (int i = 0; i < sr.Properties["memberof"].Count; i++)
{
string s = sr.Properties["memberof"][i].ToString().ToLower();
s = Regex.Replace(s, "ou=.*", "");
s = s.Replace("cn=", "");
s = s.Replace(",", "");
user.MemberOf.Add(s);
}
}
if (sr.Properties["streetAddress"].Count > 0)
user.Address = sr.Properties["streetAddress"][0].ToString();
if (sr.Properties["telephoneNumber"].Count > 0)
user.TelephoneNumber = sr.Properties["telephoneNumber"][0].ToString();
if (sr.Properties["department"].Count > 0)
user.Department = sr.Properties["department"][0].ToString();
if (sr.Properties["company"].Count > 0)
user.Company = sr.Properties["company"][0].ToString();
if (sr.Properties["office"].Count > 0)
user.Office = sr.Properties["office"][0].ToString();
if (sr.Properties["l"].Count > 0)
user.City = sr.Properties["l"][0].ToString();
if (sr.Properties["st"].Count > 0)
user.State = sr.Properties["st"][0].ToString();
if (sr.Properties["postalCode"].Count > 0)
user.ZipCode = sr.Properties["postalCode"][0].ToString();
if (sr.Properties["userprincipalname"].Count > 0)
user.LoginName = sr.Properties["userprincipalname"][0].ToString();
if (sr.Properties["co"].Count > 0)
user.Country = sr.Properties["co"][0].ToString();
if (sr.Properties["SAMAccountName"].Count > 0)
user.Login = sr.Properties["SAMAccountName"][0].ToString();
if (sr.Properties["lastLogonTimestamp"].Count > 0)
user.LastLogonTimestamp = sr.Properties["lastLogonTimestamp"][0].ToString();
ret_list.Add(user);
}
return ret_list;
}
AdUser类只是快速而肮脏的.属性会更好.
希望这至少可以帮助您入门.
Class AdUser is just quick&dirty. Properties would be better.
Hope this helps to get started at least.
这篇关于如何从Active Directory中获取所有域用户的列表?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!