用C Sharp

Question

在活動目錄中迭代一個組我需要能夠從任何可以遍歷活動目錄中的組的服務器執行程序，並檢查該組中用戶的某些屬性。這是我到目前爲止有：必須非常重構

public static bool searchUser(string domain, string userName, string password, string objectDN) 
{ 
    DirectoryEntry obj = new DirectoryEntry("LDAP://" + domain + "/" + objectDN, userName, password); 
    if (obj.Properties["objectCategory"].ToString().Equals("group")) 
    { 
     object users = obj.Invoke("Members", null); 
     foreach (object members in users) 
     { } 
    } 
} 

Answer 1

下面的代碼，但它已經一個月權工作，我檢查

private List<DirectoryUser> GetUsersInGroup(string groupName) 
    { 
     List<DirectoryUser> directoryUsers = new List<DirectoryUser>(); 

     try 
     { 
      ResultPropertyValueCollection members = null; 

      using (var entry = new DirectoryEntry(_server)) 
      { 
       entry.Path = "LDAP://" + _usersRoot; 
       entry.Username = _domain + @"\" + _serviceAccountUsername; 
       entry.Password = _serviceAccountPassword; 
       entry.AuthenticationType = AuthenticationTypes.Secure; 

       using (DirectorySearcher searcher = new DirectorySearcher(entry)) 
       { 
        searcher.Filter = "(&(objectClass=group)(cn=" + groupName + "))"; 
        searcher.PropertiesToLoad.Add("member"); 

        SearchResult result = searcher.FindOne(); 

        if (result == null) 
         return directoryUsers; 

        members = result.Properties["member"]; 
       } 
      } 

      if (members == null || members.Count == 0) 
       return directoryUsers; 

      foreach (var member in members) 
      { 
       using (var entry = new DirectoryEntry(_server)) 
       { 
        entry.Path = "LDAP://" + member; 
        entry.Username = _domain + @"\" + _serviceAccountUsername; 
        entry.Password = _serviceAccountPassword; 
        entry.AuthenticationType = AuthenticationTypes.Secure; 

        using (DirectorySearcher searcher = new DirectorySearcher(entry)) 
        { 
         searcher.Filter = "(objectClass=user)"; 
         searcher.SearchScope = SearchScope.Base; 

         searcher.PropertiesToLoad.Add("mail"); 
         searcher.PropertiesToLoad.Add("givenName"); 
         searcher.PropertiesToLoad.Add("sn"); 
         searcher.PropertiesToLoad.Add("sAMAccountName"); 
         searcher.PropertiesToLoad.Add("telephoneNumber"); 

         SearchResult result = searcher.FindOne(); 

         if (result == null) 
          continue; 

         var dirUser = new DirectoryUser(); 
         dirUser.Username = Convert.ToString(result.Properties["sAMAccountName"][0]); 
         dirUser.FirstName = Convert.ToString(result.Properties["givenName"][0]); 
         dirUser.LastName = Convert.ToString(result.Properties["sn"][0]); 
         dirUser.Email = Convert.ToString(result.Properties["mail"][0]); 
         dirUser.Phone = Convert.ToString(result.Properties["telephoneNumber"][0]); 

         directoryUsers.Add(dirUser); 


        } 

       } 
      } 


     } 
     catch { } 

     return directoryUsers; 

    } 

Answer 2

這裏是一個辦法做到這一點遞歸最後一次使用DirectotyEntry和Microsoft LDAP_MATCHING_RULE_IN_CHAIN。我工作在框架2.0在ActiveDirectory的2003年和2008 R2

using System.DirectoryServices; 
using System.Security.Principal; 

static void Main(string[] args) 

{ 
    //Connection to Active Directory 
    string sFromWhere = "LDAP://SRVENTR2:389/dc=societe,dc=fr"; 
    DirectoryEntry deBase = new DirectoryEntry(sFromWhere, "societe\\administrateur", "test.2011"); 

    // To find all the users member of groups "Grp1" : 
    // Set the base to the groups container DN; for example root DN (dc=societe,dc=fr) 
    // Set the scope to subtree 
    // Use the following filter : 
    // (member:1.2.840.113556.1.4.1941:=CN=Grp1,OU=MonOu,DC=X) 
    // 
    DirectorySearcher dsLookFor = new DirectorySearcher(deBase); 
    dsLookFor.Filter = "(&(memberof:1.2.840.113556.1.4.1941:=CN=Grp1,OU=MonOu,DC=societe,DC=fr)(objectCategory=user))"; 
    dsLookFor.SearchScope = SearchScope.Subtree; 
    dsLookFor.PropertiesToLoad.Add("cn"); 

    SearchResultCollection srcUsers = dsLookFor.FindAll(); 

    // To check user properties 
    foreach (SearchResult srcUser in srcUsers) 
    { 
    Console.WriteLine("{0}", srcUser.Path); 

    } 
    Console.ReadLine(); 
} 

開始Framework 3.5中您可以使用Directory Security Principals並做到這一點是這樣的：

/* Retreiving a principal context 
*/ 
PrincipalContext context = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "jpb", "root.123"); 

DirectoryContext dc = new DirectoryContext(DirectoryContextType.DirectoryServer, "WM2008R2ENT:389"); 
Domain dn = Domain.GetDomain(dc); 
//Console.WriteLine("Le nom : {0}", dn.PdcRoleOwner.Domain); 

/* Retreive a users from group 
*/ 
using (var group = GroupPrincipal.FindByIdentity(context, IdentityType.SamAccountName, @"MonGrpSec")) 
{ 
    if (group != null) 
    { 
    foreach (var p in group.GetMembers(false)) 
    { 
     Console.WriteLine(p.SamAccountName); 
    } 
    } 
}