目录搜索器过滤器

问题描述

当我运行这个查询时

// Next row is used to login to AD
DirectoryEntry entry = GetEntry(domain, *****User, *****Password);
// Here starts the query
DirectorySearcher search = new DirectorySearcher(entry)
{
    SearchScope = SearchScope.Subtree,
    Filter = "(&" +
        "(objectClass=user)" +
        // "(distinguishedname=*OU=Ingegneria*)" +
        "(givenname=s*)" +
        "(samaccountname=*100)" +
    ")"
};
search.PropertiesToLoad.Add("distinguishedname");
SearchResultCollection result = search.FindAll();

我得到了六个条目，这是正确的.
所有记录，如果我使用 record.GetDirectoryEntry() 有

I get six entries and that's correct.
All records, if I use record.GetDirectoryEntry() have

distinguishedname: CN=xxx,OU=Utenti,OU=Ingegneria,DC=xxx,DC=xxx

无论如何，如果我删除对过滤器 distinguishedname 部分的评论，我会得到零个条目！！
我也尝试使用 search.PropertiesToLoad.Add("distinguishedname"); 没有运气.
如何在过滤器中搜索 distinguishedname?

Anyway if I remove comment on distinguishedname part of the filter, I get zero entries!!
I also tried to use search.PropertiesToLoad.Add("distinguishedname"); without luck.
How can I search distinguishedname in filter?

更新:
如果我尝试在 filter 中使用 "(distinguishedname=*)" + ，我仍然得到六条记录，所以我想我可以搜索专有名称...
更新2:
我还尝试在 使用指向 OU 的部分路径在 Active Directory 中搜索 OU:

UPDATE:
If I try to use "(distinguishedname=*)" + in filter , I still get six records, so I think I can search on distinguishedname...
UPDATE2:
I also tried to use code in Search Active Directory for an OU using a partial path to the OU:

Filter = "(&(objectClass=user)(ou=Ingegneria))";

但是我有零个条目(如果我删除 (objectClass=user) 部分，我会得到两个)

but I have zero entries (I got two if I remove (objectClass=user) part)

推荐答案

如果你只想查询那个，那么你应该在你的初始连接中绑定到那个容器:

If you want to query just that then you should bind to that container in your initial connect:

// Next row is used to login to AD
string ldapPath = "LDAP://OU=Ingegneria,DC=xxx,DC=xxx";
DirectoryEntry searchRoot = GetEntry(ldapPath, *****User, *****Password);

// Here starts the query
DirectorySearcher search = new DirectorySearcher(searchRoot)
{
    SearchScope = SearchScope.Subtree,
    Filter = "(&" +
        "(objectClass=user)" +
        "(givenname=s*)" +
        "(samaccountname=*100)" +
    ")"
};

search.PropertiesToLoad.Add("distinguishedname");
SearchResultCollection result = search.FindAll();

这样，您还可以大幅减少 AD 中需要搜索的空间，从而加快搜索速度.

That way, you also massively reduce the space in AD that needs to be searched, thus speeding up your search.

如果您使用 .NET 3.5 或更新版本，您可以使用 PrincipalSearcher 和query-by-example"主体进行搜索:

And if you're using .NET 3.5 or newer, you can use a PrincipalSearcher and a "query-by-example" principal to do your searching:

// create your domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN", "OU=Ingegneria,DC=xxx,DC=xxx");

// define a "query-by-example" principal - here, we search for a UserPrincipal 
UserPrincipal qbeUser = new UserPrincipal(ctx);
qbeUser.GivenName = "s*";
qbeUser.SamAccountName = "*100";

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeUser);

// find all matches
foreach(var found in srch.FindAll())
{
    // do whatever here - "found" is of type "Principal"
    UserPrincipal userFound = found as UserPrincipal;

    if(userFound != null)
    {
       // do something with your user principal here....
    }
}

如果您还没有 - 绝对阅读 MSDN 文章管理目录安全主体在 .NET Framework 3.5 中很好地展示了如何充分利用 System.DirectoryServices.AccountManagement

If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement