列出所有 Active Directory 组

问题描述

以下代码列出了一些(但不是全部)Active Directory 组.为什么?

The following code lists some, but not all, Active Directory Groups. Why?

我正在尝试列出所有安全组、通讯组、计算机组等.我是否指定了错误的 objectClass?

I am trying to list all security groups, distribution groups, computer groups etc. Have I specified the wrong objectClass?

private static void ListGroups()
{
    DirectoryEntry objADAM = default(DirectoryEntry);
    DirectoryEntry objGroupEntry = default(DirectoryEntry);
    DirectorySearcher objSearchADAM = default(DirectorySearcher);
    SearchResultCollection objSearchResults = default(SearchResultCollection);
    SearchResult myResult=null;

    objADAM = new DirectoryEntry(LDAP);
    objADAM.RefreshCache();
    objSearchADAM = new DirectorySearcher(objADAM);
    objSearchADAM.Filter = "(&(objectClass=group))";
    objSearchADAM.SearchScope = SearchScope.Subtree;
    objSearchResults = objSearchADAM.FindAll();

    // Enumerate groups 
    try
    {
        fileGroups.AutoFlush = true;
        if (objSearchResults.Count != 0)
        {
            foreach (SearchResult objResult in objSearchResults)
            {
                myResult = objResult;
                objGroupEntry = objResult.GetDirectoryEntry();
                Console.WriteLine(objGroupEntry.Name);
                fileGroups.WriteLine(objGroupEntry.Name.Substring(3));
            }
        }
        else
        {
            throw new Exception("No groups found");
        }  
    } 
    catch (PrincipalException e)
    {
        fileErrorLog.AutoFlush = true;
        fileErrorLog.WriteLine(e.Message + " " + myResult.Path);
    }
    catch (Exception e)
    {
        throw new Exception(e.Message);
    }
}

推荐答案

如果您使用的是 .NET 3.5 或更新版本，您可以使用 PrincipalSearcher 和query-by-example"主体进行搜索:

If you're on .NET 3.5 or newer, you can use a PrincipalSearcher and a "query-by-example" principal to do your searching:

// create your domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// define a "query-by-example" principal - here, we search for a GroupPrincipal 
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);

// find all matches
foreach(var found in srch.FindAll())
{
    // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
}

如果您还没有 - 绝对阅读 MSDN 文章在 .NET Framework 3.5 中管理目录安全主体，它很好地展示了如何充分利用 System.DirectoryServices.AccountManagement 中的新功能代码>

If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement