本文介绍了获得Active Directory组成员,并检查是否已启用或禁用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

什么是让所有成员的列表的最快方法/用户在给定的AD组,并确定用户是否启用(或禁用)?

What is the fastest way to get a list of all members/users in a given AD group and determine whether or not a user is enabled (or disabled)?

我们可能谈论20K用户,所以我想,以避免击中AD为每个用户。

We are potentially talking about 20K users, so I would like to avoid hitting the AD for each individual user.

推荐答案

如果你在.NET 3.5及以上,你应该看看 System.DirectoryServices.AccountManagement (S.DS.AM)命名空间。阅读所有关于它的:

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

  • Managing Directory Security Principals in the .NET Framework 3.5
  • MSDN docs on System.DirectoryServices.AccountManagement

基本上,你可以定义域范围内,并很容易地找到在AD用户和/或组:

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find the group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");

// if found....
if (group != null)
{
   // iterate over members
   foreach (Principal p in group.GetMembers())
   {
      Console.WriteLine("{0}: {1}", p.StructuralObjectClass, p.DisplayName);

      // do whatever you need to do to those members
      UserPrincipal theUser = p as UserPrincipal;

      if(theUser != null)
      {
          if(theUser.IsAccountLockedOut())
          {
               ...
          }
          else
          {
               ...
          }
      }
   }
}

新S.DS.AM使得它可以很容易地玩弄用户和组AD!

The new S.DS.AM makes it really easy to play around with users and groups in AD!

这篇关于获得Active Directory组成员,并检查是否已启用或禁用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-01 18:49