如何从 C# 中找到活动目录中的用户?

作者: 请叫我--王者
来源: 51数据库
2022-10-21

问题描述

我试图弄清楚如何从 C# 搜索 AD，类似于查找用户、联系人和组"在 Active Directory 用户和计算机工具中的工作方式.我有一个包含组名或用户名的字符串(通常格式为 firstname middleinitial [if they have one] lastname，但并非总是如此).即使我对组和用户进行单独的查询，我也无法想出一种可以捕获大多数用户帐户的搜索方法.查找用户、联系人和组工具几乎每次都会将它们带回来.有人有什么建议吗?

I'm trying to figure out how to search AD from C# similarly to how "Find Users, Contacts, and Groups" works in the Active Directory Users and Computers tool. I have a string that either contains a group name, or a user's name (usually in the format firstname middleinitial [if they have one] lastname, but not always). Even if I do a seperate query for groups vs. users, I can't come up with a way to search that captures most user accounts. The Find Users, Contacts, and Groups tool brings them back almost every time. Anyone have any suggestions?

我已经知道如何使用 DirectorySearcher 类，问题是我找不到可以执行我想要的查询.cn 和 samaccount 名称都与此中的用户名无关，因此我无法搜索这些名称.拆分并搜索 sn 和 givenName 并没有像该工具那样捕获任何地方.

I already know how to use the DirectorySearcher class, the issue is that I can't find a query that does what I'd like. Neither cn nor samaccount name has anything to do with the user's name in this, so I'm unable to search on those. Splitting things up and searching on sn and givenName doesn't catch anywhere near as much as that tool does.

推荐答案

您使用 .NET 3.5 吗?如果是这样 - AD 在 .NET 3.5 中有很棒的新功能 - 查看这篇文章在 .NET 3.5 中管理目录安全主体，作者 Ethan Wilanski 和 Joe Kaplan.

Are you on .NET 3.5 ? If so - AD has great new features in .NET 3.5 - check out this article Managing Directory Security Principals in .NET 3.5 by Ethan Wilanski and Joe Kaplan.

其中一个重要的新功能是PrincipalSearcher"类，它应该可以大大简化在 AD 中查找用户和/或组的过程.

One of the big new features is a "PrincipalSearcher" class which should greatly simplify finding users and/or groups in AD.

如果您不能使用 .NET 3.5，可以让您的生活更轻松的一件事称为歧义名称解析"，它是一种鲜为人知的特殊搜索过滤器，可以一次性搜索几乎所有与名称相关的属性.

If you cannot use .NET 3.5, one thing that might make your life easier is called "Ambiguous Name Resolution", and it's a little known special search filter that will search in just about any name-related attribute all at once.

像这样指定您的 LDAP 搜索查询:

Specify your LDAP search query like this:

searcher.Filter = string.Format("(&(objectCategory=person)(anr={0}))", yourSearchTerm)

另外，我建议过滤objectCategory"属性，因为它是单值的并且在 AD 中默认索引，这比使用objectClass"快很多.

Also, I would recommend filtering on the "objectCategory" attribute, since that's single-valued and indexed by default in AD, which is a lot faster than using "objectClass".

马克