问题描述
我正在尝试获取将作为程序输入的特定域的用户信息.根据域名,它应该返回用户名/或用户的 NT Id 和 SID 的列表.我是 ldap 编程的新手,任何人都可以帮助我获取此列表.
I am trying to get the user information for a specific domain which will be the input of the program. On the basis of the domain name it should return the list of the users name/ or NT Id and SID of the user. I am new for the ldap programming can any one help me for get this list.
推荐答案
如果您使用 .NET 3.5 及更高版本并谈论 Active Directory,那么您应该查看 System.DirectoryServices.AccountManagement (SDS.AM) 命名空间.在此处阅读所有相关信息:
If you're on .NET 3.5 and up and talking about Active Directory, then you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
- 在 .NET Framework 3.5 中管理目录安全主体莉>
- 有关 System.DirectoryServices.AccountManagement 的 MSDN 文档
基本上,您可以定义域上下文并轻松找到 AD 中的用户和/或组:
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context PrincipalContext ctx = new PrincipalContext(ContextType.Domain); // find a user UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName"); if(user != null) { // do something here.... var usersSid = user.Sid; // not sure what you mean by "username" - the "DisplayName" ? The "SAMAccountName"?? var username = user.DisplayName; var userSamAccountName = user.SamAccountName; }
新的 S.DS.AM 使在 AD 中与用户和组一起玩变得非常容易!
The new S.DS.AM makes it really easy to play around with users and groups in AD!
更新:如果您需要遍历域的所有用户 - 试试这个:
Update: if you need to loop through all the users of a domain - try this:
您可以使用 PrincipalSearcher 和query-by-example"主体来进行搜索:
You can use a PrincipalSearcher and a "query-by-example" principal to do your searching:
// create your domain context PrincipalContext ctx = new PrincipalContext(ContextType.Domain); // define a "query-by-example" principal - here, we search for a UserPrincipal UserPrincipal qbeUser = new UserPrincipal(ctx); // create your principal searcher passing in the QBE principal PrincipalSearcher srch = new PrincipalSearcher(qbeUser); // find all matches foreach(var found in srch.FindAll()) { UserPrincipal user = found as UserPrincipal; if(user != null) { // do whatever here var usersSid = user.Sid; // not sure what you mean by "username" - the "DisplayName" ? var username = user.DisplayName; var userSamAccountName = user.SamAccountName; } }
更新 #2:如果您不能(或不想)使用 S.DS.AM 方法 - 这是最简单的方法,对于 Active目录,到目前为止 - 那么你需要回退到 System.DirectoryServices 类和方法:
Update #2: if you can't (or don't want to) use the S.DS.AM approach - which is the easiest, for Active Directory, by far - then you need to fall back to the System.DirectoryServices classes and methods:
// define the root of your search DirectoryEntry root = new DirectoryEntry("LDAP://dc=YourCompany,dc=com"); // set up DirectorySearcher DirectorySearcher srch = new DirectorySearcher(root); srch.Filter = "(objectCategory=Person)"; srch.SearchScope = SearchScope.Subtree; // define properties to load srch.PropertiesToLoad.Add("objectSid"); srch.PropertiesToLoad.Add("displayName"); // search the directory foreach(SearchResult result in srch.FindAll()) { // grab the data - if present if(result.Properties["objectSid"] != null && result.Properties["objectSid"].Count > 1) { var sid = result.Properties["objectSid"][0]; } if(result.Properties["displayName"] != null && result.Properties["displayName"].Count > 0) { var userName = result.Properties["displayName"][0].ToString(); } }