读取/过滤分发组的活动目录的子组?
我有一个域名为myDomain.local的Active Directory,在它下面存在一个包含许多组的通讯组。
如何(以编程方式)读取所有这些子组以检索其名称列表?
以及如何优化查询以过滤结果,以便它只检索以Region结尾的所有组?
顺便说一下,我正在使用C#.Net,ASP.Net和sharepoint,而且我没有AD经验。
如果您使用的是.NET 3.5(或可以升级到它),则可以使用System.DirectoryServices.AccountManagement命名空间来使用此代码:
// create the "context" in which to operate - your domain here, // as the old-style NetBIOS domain, and the container where to operate in PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN", "cn=Distribution Group,dc=YourDomain,dc=local"); // define a "prototype" - an example of what you're searching for // Here: just a simple GroupPrincipal - you want all groups GroupPrincipal prototype = new GroupPrincipal(ctx); // define a PrincipalSearcher to find those principals that match your prototype PrincipalSearcher searcher = new PrincipalSearcher(prototype); // define a list of strings to hold the group names List groupNames = new List (); // iterate over the result of the .FindAll() call foreach(var gp in searcher.FindAll()) { // cast result to GroupPrincipal GroupPrincipal group = gp as GroupPrincipal; // if everything - grab the group's name and put it into the list if(group != null) { groupNames.Add(group.Name); } }
这满足了您的需求吗?
有关System.DirectoryServices.AccountManagement命名空间的详细信息,请阅读MSDN杂志中.NET Framework 3.5文章中的管理目录安全主体 。
这是我的解决方案; 对于那些感兴趣的人:
public ArrayList getGroups() { // ACTIVE DIRECTORY AUTHENTICATION DATA string ADDomain = "myDomain.local"; string ADBranchsOU = "Distribution Group"; string ADUser = "Admin"; string ADPassword = "password"; // CREATE ACTIVE DIRECTORY ENTRY DirectoryEntry ADRoot = new DirectoryEntry("LDAP://OU=" + ADBranchsOU + "," + getADDomainDCs(ADDomain), ADUser, ADPassword); // CREATE ACTIVE DIRECTORY SEARCHER DirectorySearcher searcher = new DirectorySearcher(ADRoot); searcher.Filter = "(&(objectClass=group)(cn=* Region))"; SearchResultCollection searchResults = searcher.FindAll(); // ADDING ACTIVE DIRECTORY GROUPS TO LIST ArrayList list = new ArrayList(); foreach (SearchResult result in searchResults) { string groupName = result.GetDirectoryEntry().Name.Trim().Substring(3); list.Add(groupName); } return list; } public string getADDomainDCs(string ADDomain) { return (!String.IsNullOrEmpty(ADDomain)) ? "DC=" + ADDomain.Replace(".", ",DC=") : ADDomain; }