从Active Directory中的组中获取所有用户
我正在尝试在AD中获取特定组的所有用户,然后将Employees列表返回到我的Employee类中的属性。 我有:
我的filter没有产生任何结果 – 应该是什么?
此外,我在这里尝试了第一个解决方案: 特定Active Directory通讯组中的用户列表 ,但我需要移动设备,扩展程序等详细信息,这是我无法使用该方法获得的。
public static List CreateEmployeeList(string department) { List employees = new List(); string filter = string.Format("(&(ObjectClass=person)(memberOf=CN={0},OU=Users & Groups,OU=Blah,DC=Blah,DC=Blah,DC=Blah))", department); DirectoryEntry adRoot = new DirectoryEntry("LDAP://" + domain, null, null, AuthenticationTypes.Secure); DirectorySearcher searcher = new DirectorySearcher(adRoot); searcher.SearchScope = SearchScope.Subtree; searcher.ReferralChasing = ReferralChasingOption.All; searcher.Filter = filter; SearchResultCollection results = searcher.FindAll(); foreach (SearchResult user in results) { // do whatever you need to do with the entry if (user != null) { UserDirectoryEntry = user.GetDirectoryEntry(); string displayName = GetUserProperty("displayName"); string firstName = GetUserProperty("givenName"); string lastName = GetUserProperty("sn"); string email = GetUserProperty("mail"); string tel = GetUserProperty("telephonenumber"); string extension = GetUserProperty("ipphone"); string mobile = GetUserProperty("mobile"); string title = GetUserProperty("description"); employees.Add(new Employee{ FullName = displayName, FirstName = firstName, Surname = lastName, Email = email.ToLower(), Telephone = tel, Extension = extension, Mobile = mobile, JobTitle = title }); } } return employees; } using (var context = new PrincipalContext(ContextType.Domain, "domainName")) { using (var group = GroupPrincipal.FindByIdentity(context, "groupName")) { if (group == null) { MessageBox.Show("Group does not exist"); } else { var users = group.GetMembers(true); foreach (UserPrincipal user in users) { //user variable has the details about the user } } } }
这应该返回组中的所有Active Directory用户。
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.DirectoryServices; namespace ADQuery { class Program { static void Main(string[] args) { GetListOfAdUsersByGroup("domain", "group"); Console.ReadLine(); } public static void GetListOfAdUsersByGroup(string domainName, string groupName) { DirectoryEntry entry = new DirectoryEntry("LDAP://DC=" + domainName + ",DC=com"); DirectorySearcher search = new DirectorySearcher(entry); string query = "(&(objectCategory=person)(objectClass=user)(memberOf=*))"; search.Filter = query; search.PropertiesToLoad.Add("memberOf"); search.PropertiesToLoad.Add("name"); System.DirectoryServices.SearchResultCollection mySearchResultColl = search.FindAll(); Console.WriteLine("Members of the {0} Group in the {1} Domain", groupName, domainName); foreach (SearchResult result in mySearchResultColl) { foreach (string prop in result.Properties["memberOf"]) { if (prop.Contains(groupName)) { Console.WriteLine(" " + result.Properties["name"][0].ToString()); } } } } } }
祝好运!
在Dalton的示例的基础上,这里有简洁的代码来获取组的用户名:
static SortedSet GetUsernames(string domainName, string groupName) { using (var pc = new PrincipalContext(ContextType.Domain, domainName)) using (var gp = GroupPrincipal.FindByIdentity(pc, groupName)) return gp == null ? null : new SortedSet ( gp.GetMembers(true).Select(u => u.SamAccountName)); }
以下代码将以递归方式搜索嵌套域本地组和/或全局组以查找用户。 您可以修改此选项以查看任何组的顺序以满足您的需要或返回您想要的任何类型的组。
// Set the list to return and get the group we are looking through. List list = new List (); GroupPrincipal group = GroupPrincipal.FindByIdentity(new PrincipalContext(/* connection info here */), ((groupName.Length > 0) ? groupName : this.Properties.Name)); // For each member of the group add all Users. foreach (Principal princ in group.Members) { /* To change what you are looking for or how you are looking for it, simply change some of the following conditions to match what you want. */ // If this member is a User then add them. if (princ.StructuralObjectClass == "user") { list.Add(UserPrincipal.FindByIdentity(new PrincipalContext(/* connection info here */), princ.Name); } // If we are looking recursively and this member is a GL_Group then get the Users in it and add them. if (recursive && (princ.StructuralObjectClass == "group") && (((GroupPrincipal)princ).GroupScope == GroupScope.Global)) { list.AddRange(this.GetUsers(true, princ.Name)); } } return list;
在这篇文章中,我写了一些在ActiveDirectory 2003和2008 R2中工作的东西。 我使用Microsoft LDAP_MATCHING_RULE_IN_CHAIN 。 此服务使用DirectoryServices。 这个代码要小心,因为有双重搜索。
但您也可以使用.NET Framework 3.5中的管理目录安全主体来执行此操作 。 你可以阅读这篇文章 。 您必须获得GroupPrincipal并且您正在寻找Members财产。 它还存在StackOverflow中的其他条目。