问题描述
什么是让所有成员的列表的最快方法/用户在给定的AD组,并确定用户是否启用(或禁用)?
What is the fastest way to get a list of all members/users in a given AD group and determine whether or not a user is enabled (or disabled)?
我们可能谈论20K用户,所以我想,以避免击中AD为每个用户。
We are potentially talking about 20K users, so I would like to avoid hitting the AD for each individual user.
推荐答案
如果你在.NET 3.5及以上,你应该看看 System.DirectoryServices.AccountManagement (S.DS.AM)命名空间。阅读所有关于它的:
If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
- Managing Directory Security Principals in the .NET Framework 3.5
- MSDN docs on System.DirectoryServices.AccountManagement
基本上,你可以定义域范围内,并很容易地找到在AD用户和/或组:
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find the group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");
// if found....
if (group != null)
{
// iterate over members
foreach (Principal p in group.GetMembers())
{
Console.WriteLine("{0}: {1}", p.StructuralObjectClass, p.DisplayName);
// do whatever you need to do to those members
UserPrincipal theUser = p as UserPrincipal;
if(theUser != null)
{
if(theUser.IsAccountLockedOut())
{
...
}
else
{
...
}
}
}
}
新S.DS.AM使得它可以很容易地玩弄用户和组AD!
The new S.DS.AM makes it really easy to play around with users and groups in AD!
这篇关于获得Active Directory组成员,并检查是否已启用或禁用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!