问题描述
以下代码列出了一些(但不是全部)Active Directory 组.为什么?
The following code lists some, but not all, Active Directory Groups. Why?
我正在尝试列出所有安全组、通讯组、计算机组等.我是否指定了错误的 objectClass?
I am trying to list all security groups, distribution groups, computer groups etc. Have I specified the wrong objectClass?
private static void ListGroups() { DirectoryEntry objADAM = default(DirectoryEntry); DirectoryEntry objGroupEntry = default(DirectoryEntry); DirectorySearcher objSearchADAM = default(DirectorySearcher); SearchResultCollection objSearchResults = default(SearchResultCollection); SearchResult myResult=null; objADAM = new DirectoryEntry(LDAP); objADAM.RefreshCache(); objSearchADAM = new DirectorySearcher(objADAM); objSearchADAM.Filter = "(&(objectClass=group))"; objSearchADAM.SearchScope = SearchScope.Subtree; objSearchResults = objSearchADAM.FindAll(); // Enumerate groups try { fileGroups.AutoFlush = true; if (objSearchResults.Count != 0) { foreach (SearchResult objResult in objSearchResults) { myResult = objResult; objGroupEntry = objResult.GetDirectoryEntry(); Console.WriteLine(objGroupEntry.Name); fileGroups.WriteLine(objGroupEntry.Name.Substring(3)); } } else { throw new Exception("No groups found"); } } catch (PrincipalException e) { fileErrorLog.AutoFlush = true; fileErrorLog.WriteLine(e.Message + " " + myResult.Path); } catch (Exception e) { throw new Exception(e.Message); } }
推荐答案
如果您使用的是 .NET 3.5 或更新版本,您可以使用 PrincipalSearcher 和query-by-example"主体进行搜索:
If you're on .NET 3.5 or newer, you can use a PrincipalSearcher and a "query-by-example" principal to do your searching:
// create your domain context PrincipalContext ctx = new PrincipalContext(ContextType.Domain); // define a "query-by-example" principal - here, we search for a GroupPrincipal GroupPrincipal qbeGroup = new GroupPrincipal(ctx); // create your principal searcher passing in the QBE principal PrincipalSearcher srch = new PrincipalSearcher(qbeGroup); // find all matches foreach(var found in srch.FindAll()) { // do whatever here - "found" is of type "Principal" - it could be user, group, computer..... }
如果您还没有 - 绝对阅读 MSDN 文章 在 .NET Framework 3.5 中管理目录安全主体,它很好地展示了如何充分利用 System.DirectoryServices.AccountManagement 中的新功能代码>
If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement