使用指向 OU 的部分路径在 Active Directory 中搜索 OU

作者: a07葬心
来源: 51数据库
2022-10-28

问题描述

AD Query 语法中有没有办法通过搜索部分路径来找到 OU 的完整路径?

Is there a way in AD Query syntax, to find an OU's full path by searching on its partial path?

例如，我的 OU 的完整路径是:

For example, the full path to my OU is:

OU=Clerks,OU=OfficeA,OU=*****istration,DC=domain,DC=local

现在，我想尝试使用部分路径搜索并找到该对象:

Now, I'd like to try and search and find that object by using the partial path:

OU=Clerks,OU=OfficeA

我希望能够搜索以下内容:

I'd like to be able to search something like:

(&(objectCategory=organizationalUnit)(path=Clerks/OfficeA*))

我找不到有关如何完成此类操作的任何语法示例.我正在开发的一个程序要求我获得许多 OU 的路径，这些 OU 在 OU 的最后两个级别中都有一个共同的结构，但是它们可以嵌套在域中的任何给定深度.如果我能以这种方式进行搜索，那么只需搜索最后两个 OU 嵌套级别即可轻松获得完整路径.

I can't find any syntax examples of how to accomplish something like this. A program I'm developing requires that I get the paths to a lot of OU's which all have a common structure in the last two levels of OU's, however they can be nested at any given depth in the domain otherwise. If I can search somehow like this, it would be easy to get the full path just searching by the last two OU nested levels.

推荐答案

您想做的事情存在于纯 LDAP 实现中，它是一个名为 ExtensibleMatch 的功能，它似乎在这篇维基文章.您还可以在此处找到一些有用的示例.

The thing you want to do exists on pure LDAP implementation it's a feature called ExtensibleMatch wich seems to be correctly explained in this wiki article . You will also found something helpfull examples here.

但它不存在于 Active Directory 中

But it's not present in Active-Directory

这里有一个用 C# 编写的方法，它利用了 DirectoryEntry 的 Parent 属性.

So here is a method writen in C# that exploit the Parent propertie of a DirectoryEntry.

   static List<DirectoryEntry> OuInTheFormOf(DirectoryEntry deBase, string ou1, string ou2)
    {
      List<DirectoryEntry> deList = null;

      /* Directory Search
       */
      DirectorySearcher dsLookFor = new DirectorySearcher(deBase);
      dsLookFor.Filter = ou1;
      dsLookFor.SearchScope = SearchScope.Subtree;
      dsLookFor.PropertiesToLoad.Add("ou");

      SearchResultCollection srcOUs = dsLookFor.FindAll();

      if (srcOUs.Count != 0)
      {
        deList = new List<DirectoryEntry>();

        foreach (SearchResult srOU in srcOUs)
        {
          DirectoryEntry deOU = srOU.GetDirectoryEntry();
          if (deOU.Parent.Name.ToUpper() == ou2.ToUpper())
            deList.Add(deOU);
        }
      }
      return deList;
    }

这是用法:

  /* Connection to Active Directory
   */
  DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/dc=dom,dc=fr");

  List<DirectoryEntry> l = OuInTheFormOf(deBase, "ou=Clerks", "ou=OfficeA");

  foreach (DirectoryEntry deTmp in l)
  {
    Console.WriteLine(deTmp.Properties["distinguishedName"].Value);
  }