通过 LDAP 连接到 Active Directory

问题描述

我想使用 C# 连接到我们本地的 Active Directory.

I want to connect to our local Active Directory with C#.

我找到了这个很好的文档.

但我真的不知道如何通过 LDAP 连接.

But I really don't get how to connect via LDAP.

有人能解释一下如何使用所询问的参数吗?

Can somebody of you explain how to use the asked parameters?

示例代码:

  static DirectoryEntry createDirectoryEntry()  
  {  
     // create and return new LDAP connection with desired settings  

     DirectoryEntry ldapConnection     = new DirectoryEntry("rizzo.leeds-art.ac.uk");  
     ldapConnection.Path               = "LDAP://OU=staffusers,DC=leeds-art,DC=ac,DC=uk";  
     ldapConnection.AuthenticationType = AuthenticationTypes.Secure;  
     return ldapConnection;  
  }  

我只有我们的 Active Directory 服务器的主机名和 IP 地址.DC=xxx,DC=xx 等是什么意思?

I just have the Hostname and the IP Address of our Active Directory Server. What does DC=xxx,DC=xx and so on mean?

推荐答案

DC 是您的域.如果您想连接到域 example.com，那么您的 dc 是: DC=example,DC=com

DC is your domain. If you want to connect to the domain example.com than your dc's are: DC=example,DC=com

您实际上不需要域控制器的任何主机名或 IP 地址(可能有很多).

You actually don't need any hostname or ip address of your domain controller (There could be plenty of them).

想象一下您正在连接到域本身.所以为了连接到域example.com，你可以简单地写

Just imagine that you're connecting to the domain itself. So for connecting to the domain example.com you can simply write

DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");

你已经完成了.

您还可以指定用于连接的用户和密码:

You can also specify a user and a password used to connect:

DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com", "username", "password");

还要确保始终以大写形式写入 LDAP.我遇到了一些麻烦和奇怪的异常，直到我在某处读到我应该尝试用大写写它并解决了我的问题.

Also be sure to always write LDAP in upper case. I had some trouble and strange exceptions until I read somewhere that I should try to write it in upper case and that solved my problems.

directoryEntry.Path 属性允许您深入了解您的域.因此，如果您想在特定 OU(组织单位)中搜索用户，您可以将其设置在那里.

The directoryEntry.Path Property allows you to dive deeper into your domain. So if you want to search a user in a specific OU (Organizational Unit) you can set it there.

DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");
directoryEntry.Path = "LDAP://OU=Specific Users,OU=All Users,OU=Users,DC=example,DC=com";

这将匹配以下 AD 层次结构:

This would match the following AD hierarchy:

• com
  • 示例
    • 用户
      • 所有用户
        • 特定用户

        简单地写出从最深到最高的层次结构.

        Simply write the hierarchy from deepest to highest.

        现在你可以做很多事情

        例如通过帐户名搜索用户并获取用户的姓氏:

        For example search a user by account name and get the user's surname:

        DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");
        DirectorySearcher searcher = new DirectorySearcher(directoryEntry) {
            PageSize = int.MaxValue,
            Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=AnAccountName))"
        };
        
        searcher.PropertiesToLoad.Add("sn");
        
        var result = searcher.FindOne();
        
        if (result == null) {
            return; // Or whatever you need to do in this case
        }
        
        string surname;
        
        if (result.Properties.Contains("sn")) {
            surname = result.Properties["sn"][0].ToString();
        }