使用子查詢結果的LDAP查詢

我一直在用這種方式抨擊我的頭，並且無法使其工作。我有一個LDAP查詢，我確實在AD用戶和計算機上工作，但不知道如何在C＃中以編程方式執行此操作。（memberOf = CN = AccRght，OU =組，OU = P，OU = Server，DC = mydomain，DC = com）（objectCategory = user）（（））（ objectClass = user）（l = City）使用子查詢結果的LDAP查詢

我已使用此代碼獲取用戶帳戶以獲取CN = AccRght的成員，但我未成功限制屬於特定城市的用戶。

public StringCollection GetGroupMembers(string strDomain, string strGroup) 
{ 
    StringCollection groupMemebers = new StringCollection(); 
    try 
    { 
     DirectoryEntry ent = new DirectoryEntry("LDAP://DC=" + strDomain + ",DC=com"); 
     DirectorySearcher srch = new DirectorySearcher("(CN=" + strGroup + ")"); 
     SearchResultCollection coll = srch.FindAll(); 
     foreach (SearchResult rs in coll) 
     { 
      ResultPropertyCollection resultPropColl = rs.Properties; 
      foreach(Object memberColl in resultPropColl["member"]) 
      { 
       DirectoryEntry gpMemberEntry = new DirectoryEntry("LDAP://" + memberColl); 
       System.DirectoryServices.PropertyCollection userProps = gpMemberEntry.Properties; 
       object obVal = userProps["sAMAccountName"].Value; 
       if (null != obVal) 
       { 
        groupMemebers.Add(obVal.ToString()); 
       } 
      } 
     } 
    } 
    catch (Exception ex) 
    { 
     Console.Write(ex.Message); 
    } 
    return groupMemebers; 
}

感謝您的幫助！

來源

2010-01-03 StefanE

您使用的是什麼版本的.NET？ LDAP可能不是必需的，有利於使用System.DirectoryServices.AccountManagement命名空間。 – ProfK 2010-01-03 13:54:16

我正在使用.NET 3.5。我將看看System.DirectoryServices.AccountManagement，看起來很有趣！ – StefanE 2010-01-03 14:00:32

DirectoryServices.AccountManagement方式更易於使用，對我來說更合乎邏輯。謝謝你的提示！ – StefanE 2010-01-03 14:28:20

好了，基本上所有你需要的是轉移你使用的工具到您的DirectorySearcher該LDAP過濾器 - 是這樣的：

public StringCollection GetGroupMembers(string strDomain, string strGroup) 
{ 
    StringCollection groupMemebers = new StringCollection(); 

    try 
    { 
     DirectoryEntry ent = new DirectoryEntry("LDAP://DC=" + strDomain + ",DC=com"); 

     DirectorySearcher srch = new DirectorySearcher(); 

     // build the LDAP filter from your (CN=strGroup) part that you had 
     // in the constructor, plus that filter you used in the AD tool 
     // to "AND" those together, use the LDAP filter syntax: 
     // (&(condition1)(condition2)) 
     srch.Filter = string.Format("(&(CN={0})(memberOf=CN=AccRght,OU=Groups,OU=P,OU=Server,DC=mydomain,DC=com)(objectCategory=user)(objectClass=user)(l=City))", strGroup); 

     SearchResultCollection coll = srch.FindAll(); 

     foreach (SearchResult rs in coll) 
     { 
      ResultPropertyCollection resultPropColl = rs.Properties; 

      foreach(Object memberColl in resultPropColl["member"]) 
      { 
       DirectoryEntry gpMemberEntry = new DirectoryEntry("LDAP://" + memberColl); 
       System.DirectoryServices.PropertyCollection userProps = gpMemberEntry.Properties; 
       object obVal = userProps["sAMAccountName"].Value; 
       if (null != obVal) 
       { 
        groupMemebers.Add(obVal.ToString()); 
       } 
      } 
     } 
    } 
    catch (Exception ex) 
    { 
     Console.Write(ex.Message); 
    } 
    return groupMemebers; 
}

應該應用過濾到您的搜索，例如你現在應該只能找回那個特定城市的用戶。

絕對看看這個MSDN文章Managing Directory Security Principals in the .NET Framework 3.5 - 優秀的介紹S.DS.AM！ :-)

來源

2010-01-03 16:05:12