如何使用LDAP从Active Directory获取所有用户的详细信息
我需要使用LDAP从Active Directory获取所有用户的详细信息。 以下代码确实将Samaccountname作为“管理员”,但不是每个用户的详细信息,并且在列表中找不到邮件ID。 请帮助。
string dominName = ConfigurationManager.AppSettings["DominName"].ToString(); string ldapPath = ConfigurationManager.AppSettings["ldapPath"].ToString(); if (!String.IsNullOrEmpty(dominName) && !String.IsNullOrEmpty(ldapPath)) { DirectoryEntry entry = new DirectoryEntry(ldapPath, txtUsername.Text.ToString().Trim(), txtPassword.Text.ToString().Trim()); try { Object obj = entry.NativeObject; DirectorySearcher search = new DirectorySearcher(entry); search.Filter = "(&(objectClass=user)(objectCategory=person))"; search.PropertiesToLoad.Add("samaccountname"); search.PropertiesToLoad.Add("mail"); search.PropertiesToLoad.Add("usergroup"); search.PropertiesToLoad.Add("displayname");//first name foreach (System.DirectoryServices.SearchResult resEnt in search.FindAll()) { System.DirectoryServices.DirectoryEntry de = resEnt.GetDirectoryEntry(); if (de.Properties["sAMAccountName"].Value != null && de.Properties["userAccountControl"].Value!=null) { StringBuilder sb = new StringBuilder(); sb.AppendLine("Name = " + de.Properties["sAMAccountName"].Value.ToString()); sb.AppendLine("Email = " + de.Properties["Mail"].Value.ToString()); } }
找到解决方案
这是我的代码:
var userAccountControlValue = 0; int.TryParse(de.Properties["UserAccountControl"].Value.ToString(), out userAccountControlValue); var isAccountDisabled = Convert.ToBoolean(userAccountControlValue & 0x0002); var isNormalAccount = Convert.ToBoolean(userAccountControlValue & 0x0200); if (de.Properties["sAMAccountName"].Value != null && de.Properties["userAccountControl"].Value != null && de.Properties["userPrincipalName"].Value != null && !isAccountDisabled && isNormalAccount) { //Add Employee details from AD PaySlipPortal.Objects.Employee employee = new Employee(); employee.FirstName = de.Properties["givenName"].Value!=null?(string)de.Properties["givenName"].Value:""; employee.Email = de.Properties["userPrincipalName"].Value != null ? (string)de.Properties["userPrincipalName"].Value : ""; employee.LastName = de.Properties["sn"].Value != null ? (string)de.Properties["sn"].Value : ""; int deleteID= empBL.DeleteEmployee(employee.Email.Trim()); int empID = empBL.AddEmployee(employee); }
尝试查看“邮件”属性(不是“邮件”)。
sb.AppendLine("Email = " + de.Properties["mail"].Value.ToString());
这是AD用户属性参考(如果您想获得其他信息): http : //www.kouti.com/tables/userattributes.htm
最近我在LDAP上工作。我需要从AD.so中找到所有信息,我已经编写了一些辅助类来查找它们。这里有一些例子。
我写过5个课程。见下文
ActiveDirectoryHelper.cs
public class ActiveDirectoryHelper { private DirectoryEntry _directoryEntry = null; private DirectoryEntry SearchRoot { get { if (_directoryEntry == null) { using (HostingEnvironment.Impersonate()) { _directoryEntry = new DirectoryEntry(LDAPPath);//, LDAPUser, LDAPPassword, AuthenticationTypes.Secure); } } return _directoryEntry; } } private String LDAPPath { get { return ConfigurationManager.AppSettings["LDAPPath"]; } } //private String LDAPUser //{ // get // { // return ConfigurationManager.AppSettings["LDAPUser"]; // } //} //private String LDAPPassword //{ // get // { // return ConfigurationManager.AppSettings["LDAPPassword"]; // } //} private String LDAPDomain { get { return ConfigurationManager.AppSettings["LDAPDomain"]; } } internal ADUserDetail GetUserByFullName(String userName) { try { using (HostingEnvironment.Impersonate()) { _directoryEntry = null; DirectorySearcher directorySearch = new DirectorySearcher(SearchRoot); directorySearch.Filter = "(&(objectClass=user)(cn=" + userName + "))"; SearchResult results = directorySearch.FindOne(); if (results != null) { DirectoryEntry user = new DirectoryEntry(results.Path);// LDAPUser, LDAPPassword); return ADUserDetail.GetUser(user); } else { return null; } } } catch (Exception ex) { return null; } } public ADUserDetail GetUserByLoginName(String userName) { try { using (HostingEnvironment.Impersonate()) { // This code runs as the application pool user _directoryEntry = null; string nn = "LDAP://PRIME.local/DC=PRIME,DC=local"; DirectoryEntry SearchRoot2 = new DirectoryEntry(nn); DirectorySearcher directorySearch = new DirectorySearcher(SearchRoot); directorySearch.Filter = "(&(objectClass=user)(SAMAccountName=" + userName + "))"; SearchResult results = directorySearch.FindOne(); if (results != null) { DirectoryEntry user = new DirectoryEntry(results.Path);//, LDAPUser, LDAPPassword); return ADUserDetail.GetUser(user); } return null; } } catch (Exception ex) { return null; } } public ADUserDetail GetUserDetailsByFullName(String FirstName, String MiddleName, String LastName) { //givenName // initials // sn //(initials=" + MiddleName + ")(sn=" + LastName + ") try { using (HostingEnvironment.Impersonate()) { _directoryEntry = null; DirectorySearcher directorySearch = new DirectorySearcher(SearchRoot); //directorySearch.Filter = "(&(objectClass=user)(givenName=" + FirstName + ") ())"; if (FirstName != "" && MiddleName != "" && LastName != "") { directorySearch.Filter = "(&(objectClass=user)(givenName=" + FirstName + ")(initials=" + MiddleName + ")(sn=" + LastName + "))"; } else if (FirstName != "" && MiddleName != "" && LastName == "") { directorySearch.Filter = "(&(objectClass=user)(givenName=" + FirstName + ")(initials=" + MiddleName + "))"; } else if (FirstName != "" && MiddleName == "" && LastName == "") { directorySearch.Filter = "(&(objectClass=user)(givenName=" + FirstName + "))"; } else if (FirstName != "" && MiddleName == "" && LastName != "") { directorySearch.Filter = "(&(objectClass=user)(givenName=" + FirstName + ")(sn=" + LastName + "))"; } else if (FirstName == "" && MiddleName != "" && LastName != "") { directorySearch.Filter = "(&(objectClass=user)(initials=" + MiddleName + ")(sn=" + LastName + "))"; } SearchResult results = directorySearch.FindOne(); if (results != null) { DirectoryEntry user = new DirectoryEntry(results.Path);//, LDAPUser, LDAPPassword); return ADUserDetail.GetUser(user); } return null; } } catch (Exception ex) { return null; } } /// /// This function will take a DL or Group name and return list of users /// /// /// GetUserFromGroup(String groupName) { List userlist = new List (); try { using (HostingEnvironment.Impersonate()) { _directoryEntry = null; DirectorySearcher directorySearch = new DirectorySearcher(SearchRoot); directorySearch.Filter = "(&(objectClass=group)(SAMAccountName=" + groupName + "))"; SearchResult results = directorySearch.FindOne(); if (results != null) { DirectoryEntry deGroup = new DirectoryEntry(results.Path);//, LDAPUser, LDAPPassword); System.DirectoryServices.PropertyCollection pColl = deGroup.Properties; int count = pColl["member"].Count; for (int i = 0; i < count; i++) { string respath = results.Path; string[] pathnavigate = respath.Split("CN".ToCharArray()); respath = pathnavigate[0]; string objpath = pColl["member"][i].ToString(); string path = respath + objpath; DirectoryEntry user = new DirectoryEntry(path);//, LDAPUser, LDAPPassword); ADUserDetail userobj = ADUserDetail.GetUser(user); userlist.Add(userobj); user.Close(); } } return userlist; } } catch (Exception ex) { return userlist; } } #region Get user with First Name public List GetUsersByFirstName(string fName) { using (HostingEnvironment.Impersonate()) { //UserProfile user; List userlist = new List (); string filter = ""; _directoryEntry = null; DirectorySearcher directorySearch = new DirectorySearcher(SearchRoot); directorySearch.Asynchronous = true; directorySearch.CacheResults = true; filter = string.Format("(givenName={0}*", fName); // filter = "(&(objectClass=user)(objectCategory=person)(givenName="+fName+ "*))"; directorySearch.Filter = filter; SearchResultCollection userCollection = directorySearch.FindAll(); foreach (SearchResult users in userCollection) { DirectoryEntry userEntry = new DirectoryEntry(users.Path);//, LDAPUser, LDAPPassword); ADUserDetail userInfo = ADUserDetail.GetUser(userEntry); userlist.Add(userInfo); } directorySearch.Filter = "(&(objectClass=group)(SAMAccountName=" + fName + "*))"; SearchResultCollection results = directorySearch.FindAll(); if (results != null) { foreach (SearchResult r in results) { DirectoryEntry deGroup = new DirectoryEntry(r.Path);//, LDAPUser, LDAPPassword); ADUserDetail agroup = ADUserDetail.GetUser(deGroup); userlist.Add(agroup); } } return userlist; } } #endregion #region AddUserToGroup public bool AddUserToGroup(string userlogin, string groupName) { try { using (HostingEnvironment.Impersonate()) { _directoryEntry = null; ADManager admanager = new ADManager(LDAPDomain);//, LDAPUser, LDAPPassword); admanager.AddUserToGroup(userlogin, groupName); return true; } } catch (Exception ex) { return false; } } #endregion #region RemoveUserToGroup public bool RemoveUserToGroup(string userlogin, string groupName) { try { using (HostingEnvironment.Impersonate()) { _directoryEntry = null; ADManager admanager = new ADManager("xxx");// LDAPUser, LDAPPassword); admanager.RemoveUserFromGroup(userlogin, groupName); return true; } } catch (Exception ex) { return false; } } #endregion }
AccountManagementExtensions.cs
public static class AccountManagementExtensions { public static String GetProperty(this Principal principal, String property) { DirectoryEntry directoryEntry = principal.GetUnderlyingObject() as DirectoryEntry; if (directoryEntry.Properties.Contains(property)) return directoryEntry.Properties[property].Value.ToString(); else return String.Empty; } public static String GetCompany(this Principal principal) { return principal.GetProperty("company"); } public static String GetDepartment(this Principal principal) { return principal.GetProperty("department"); } }
ADManager.cs
public class ADManager { PrincipalContext context; public ADManager() { context = new PrincipalContext(ContextType.Machine, "xxx", "xxx", "xxx"); } public ADManager(string domain, string container) { context = new PrincipalContext(ContextType.Domain, domain, container); } public ADManager(string domain)//, string username, string password) { context = new PrincipalContext(ContextType.Domain);//, username, password); } public bool AddUserToGroup(string userName, string groupName) { bool done = false; GroupPrincipal group = GroupPrincipal.FindByIdentity(context, groupName); if (group == null) { group = new GroupPrincipal(context, groupName); } UserPrincipal user = UserPrincipal.FindByIdentity(context, userName); if (user != null & group != null) { group.Members.Add(user); group.Save(); done = (user.IsMemberOf(group)); } return done; } public bool RemoveUserFromGroup(string userName, string groupName) { bool done = false; UserPrincipal user = UserPrincipal.FindByIdentity(context, userName); GroupPrincipal group = GroupPrincipal.FindByIdentity(context, groupName); if (user != null & group != null) { group.Members.Remove(user); group.Save(); done = !(user.IsMemberOf(group)); } return done; } }
ADProperties.cs
public static class ADProperties { public const String OBJECTCLASS = "objectClass"; public const String CONTAINERNAME = "cn"; public const String LASTNAME = "sn"; public const String COUNTRYNOTATION = "c"; public const String CITY = "l"; public const String STATE = "st"; public const String TITLE = "title"; public const String POSTALCODE = "postalCode"; public const String PHYSICALDELIVERYOFFICENAME = "physicalDeliveryOfficeName"; public const String FIRSTNAME = "givenName"; public const String MIDDLENAME = "initials"; public const String DISTINGUISHEDNAME = "distinguishedName"; public const String INSTANCETYPE = "instanceType"; public const String WHENCREATED = "whenCreated"; public const String WHENCHANGED = "whenChanged"; public const String DISPLAYNAME = "displayName"; public const String USNCREATED = "uSNCreated"; public const String MEMBEROF = "memberOf"; public const String USNCHANGED = "uSNChanged"; public const String COUNTRY = "co"; public const String DEPARTMENT = "department"; public const String COMPANY = "company"; public const String PROXYADDRESSES = "proxyAddresses"; public const String STREETADDRESS = "streetAddress"; public const String DIRECTREPORTS = "directReports"; public const String NAME = "name"; public const String OBJECTGUID = "objectGUID"; public const String USERACCOUNTCONTROL = "userAccountControl"; public const String BADPWDCOUNT = "badPwdCount"; public const String CODEPAGE = "codePage"; public const String COUNTRYCODE = "countryCode"; public const String BADPASSWORDTIME = "badPasswordTime"; public const String LASTLOGOFF = "lastLogoff"; public const String LASTLOGON = "lastLogon"; public const String PWDLASTSET = "pwdLastSet"; public const String PRIMARYGROUPID = "primaryGroupID"; public const String OBJECTSID = "objectSid"; public const String ADMINCOUNT = "adminCount"; public const String ACCOUNTEXPIRES = "accountExpires"; public const String LOGONCOUNT = "logonCount"; public const String LOGINNAME = "sAMAccountName"; public const String SAMACCOUNTTYPE = "sAMAccountType"; public const String SHOWINADDRESSBOOK = "showInAddressBook"; public const String LEGACYEXCHANGEDN = "legacyExchangeDN"; public const String USERPRINCIPALNAME = "userPrincipalName"; public const String EXTENSION = "ipPhone"; public const String SERVICEPRINCIPALNAME = "servicePrincipalName"; public const String OBJECTCATEGORY = "objectCategory"; public const String DSCOREPROPAGATIONDATA = "dSCorePropagationData"; public const String LASTLOGONTIMESTAMP = "lastLogonTimestamp"; public const String EMAILADDRESS = "mail"; public const String MANAGER = "manager"; public const String MOBILE = "mobile"; public const String PAGER = "pager"; public const String FAX = "facsimileTelephoneNumber"; public const String HOMEPHONE = "homePhone"; public const String MSEXCHUSERACCOUNTCONTROL = "msExchUserAccountControl"; public const String MDBUSEDEFAULTS = "mDBUseDefaults"; public const String MSEXCHMAILBOXSECURITYDESCRIPTOR = "msExchMailboxSecurityDescriptor"; public const String HOMEMDB = "homeMDB"; public const String MSEXCHPOLICIESINCLUDED = "msExchPoliciesIncluded"; public const String HOMEMTA = "homeMTA"; public const String MSEXCHRECIPIENTTYPEDETAILS = "msExchRecipientTypeDetails"; public const String MAILNICKNAME = "mailNickname"; public const String MSEXCHHOMESERVERNAME = "msExchHomeServerName"; public const String MSEXCHVERSION = "msExchVersion"; public const String MSEXCHRECIPIENTDISPLAYTYPE = "msExchRecipientDisplayType"; public const String MSEXCHMAILBOXGUID = "msExchMailboxGuid"; public const String NTSECURITYDESCRIPTOR = "nTSecurityDescriptor"; }
ADUserDetail.cs
public class ADUserDetail { private String _firstName; private String _middleName; private String _lastName; private String _loginName; private String _loginNameWithDomain; private String _streetAddress; private String _city; private String _state; private String _postalCode; private String _country; private String _homePhone; private String _extension; private String _mobile; private String _fax; private String _emailAddress; private String _title; private String _company; private String _manager; private String _managerName; private String _department; public String Department { get { return _department; } } public String FirstName { get { return _firstName; } } public String MiddleName { get { return _middleName; } } public String LastName { get { return _lastName; } } public String LoginName { get { return _loginName; } } public String LoginNameWithDomain { get { return _loginNameWithDomain; } } public String StreetAddress { get { return _streetAddress; } } public String City { get { return _city; } } public String State { get { return _state; } } public String PostalCode { get { return _postalCode; } } public String Country { get { return _country; } } public String HomePhone { get { return _homePhone; } } public String Extension { get { return _extension; } } public String Mobile { get { return _mobile; } } public String Fax { get { return _fax; } } public String EmailAddress { get { return _emailAddress; } } public String Title { get { return _title; } } public String Company { get { return _company; } } public ADUserDetail Manager { get { if (!String.IsNullOrEmpty(_managerName)) { ActiveDirectoryHelper ad = new ActiveDirectoryHelper(); return ad.GetUserByFullName(_managerName); } return null; } } public String ManagerName { get { return _managerName; } } private ADUserDetail(DirectoryEntry directoryUser) { String domainAddress; String domainName; _firstName = GetProperty(directoryUser, ADProperties.FIRSTNAME); _middleName = GetProperty(directoryUser, ADProperties.MIDDLENAME); _lastName = GetProperty(directoryUser, ADProperties.LASTNAME); _loginName = GetProperty(directoryUser, ADProperties.LOGINNAME); String userPrincipalName = GetProperty(directoryUser, ADProperties.USERPRINCIPALNAME); if (!string.IsNullOrEmpty(userPrincipalName)) { domainAddress = userPrincipalName.Split('@')[1]; } else { domainAddress = String.Empty; } if (!string.IsNullOrEmpty(domainAddress)) { domainName = domainAddress.Split('.').First(); } else { domainName = String.Empty; } _loginNameWithDomain = String.Format(@"{0}\{1}", domainName, _loginName); _streetAddress = GetProperty(directoryUser, ADProperties.STREETADDRESS); _city = GetProperty(directoryUser, ADProperties.CITY); _state = GetProperty(directoryUser, ADProperties.STATE); _postalCode = GetProperty(directoryUser, ADProperties.POSTALCODE); _country = GetProperty(directoryUser, ADProperties.COUNTRY); _company = GetProperty(directoryUser, ADProperties.COMPANY); _department = GetProperty(directoryUser, ADProperties.DEPARTMENT); _homePhone = GetProperty(directoryUser, ADProperties.HOMEPHONE); _extension = GetProperty(directoryUser, ADProperties.EXTENSION); _mobile = GetProperty(directoryUser, ADProperties.MOBILE); _fax = GetProperty(directoryUser, ADProperties.FAX); _emailAddress = GetProperty(directoryUser, ADProperties.EMAILADDRESS); _title = GetProperty(directoryUser, ADProperties.TITLE); _manager = GetProperty(directoryUser, ADProperties.MANAGER); if (!String.IsNullOrEmpty(_manager)) { String[] managerArray = _manager.Split(','); _managerName = managerArray[0].Replace("CN=", ""); } } private static String GetProperty(DirectoryEntry userDetail, String propertyName) { if (userDetail.Properties.Contains(propertyName)) { return userDetail.Properties[propertyName][0].ToString(); } else { return string.Empty; } } public static ADUserDetail GetUser(DirectoryEntry directoryUser) { return new ADUserDetail(directoryUser); } }
您只需要在AppSettings部分的web.config文件中添加您的LDAP地址。如果需要,您可以添加用户名或密码。另外,只需添加LDAP地址即可。
在项目中包含这些类。现在可以从Active Directory获取所有信息。“ActiveDirectoryHelper.cs”上有一些方法。 您可以使用它们来重新获取信息。
上个月,项目经理让我写信从Active目录中查找所有用户信息,以及哪些字段缺少特定用户的信息。 我试图在Internet上搜索有关.NET Active Directory示例的信息,我无法在网上找到太多信息,它促使我写了一篇关于这个主题的文章。
在本文中,我将解释如何使用Active Directory类并从组件类中检索数据。 您可以剪切并经过下面的代码行并执行它,但您需要在Directory Entry构造函数中传递域名。 以下示例取自我开发的一个项目并进行了修改以便于理解。
在使用此示例之前,我假设您对活动目录有一般性的了解。 步骤1:
Add System.DirectoryServices.Dll (from Project Add reference)
System.DirectoryServices可以从托管代码轻松访问活动目录。 此命名空间包含两个组件类:DirectoryEntry和DirectorySearcher。 第2步:
Using System.DirectoryServices
目录条目类:此类将节点或对象封装在活动目录层次结构中。 使用此类绑定对象,读取属性和更新属性。 第3步:
DirectoryEntry entry = new DirectoryEntry("LDAP://DomainName");
目录搜索器:它将对活动目录层次结构执行查询步骤4:
DirectorySearcher Dsearch = new DirectorySearcher(entry);
第5步:隐藏复制代码
String Name="Richmond";
Filter属性支持all过滤活动目录的信息。