列出所有 Active Directory 组

时间:2022-11-10
本文介绍了列出所有 Active Directory 组的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

以下代码列出了一些(但不是全部)Active Directory 组.为什么?

The following code lists some, but not all, Active Directory Groups. Why?

我正在尝试列出所有安全组、通讯组、计算机组等.我是否指定了错误的 objectClass?

I am trying to list all security groups, distribution groups, computer groups etc. Have I specified the wrong objectClass?

private static void ListGroups()
{
    DirectoryEntry objADAM = default(DirectoryEntry);
    DirectoryEntry objGroupEntry = default(DirectoryEntry);
    DirectorySearcher objSearchADAM = default(DirectorySearcher);
    SearchResultCollection objSearchResults = default(SearchResultCollection);
    SearchResult myResult=null;

    objADAM = new DirectoryEntry(LDAP);
    objADAM.RefreshCache();
    objSearchADAM = new DirectorySearcher(objADAM);
    objSearchADAM.Filter = "(&(objectClass=group))";
    objSearchADAM.SearchScope = SearchScope.Subtree;
    objSearchResults = objSearchADAM.FindAll();

    // Enumerate groups 
    try
    {
        fileGroups.AutoFlush = true;
        if (objSearchResults.Count != 0)
        {
            foreach (SearchResult objResult in objSearchResults)
            {
                myResult = objResult;
                objGroupEntry = objResult.GetDirectoryEntry();
                Console.WriteLine(objGroupEntry.Name);
                fileGroups.WriteLine(objGroupEntry.Name.Substring(3));
            }
        }
        else
        {
            throw new Exception("No groups found");
        }  
    } 
    catch (PrincipalException e)
    {
        fileErrorLog.AutoFlush = true;
        fileErrorLog.WriteLine(e.Message + " " + myResult.Path);
    }
    catch (Exception e)
    {
        throw new Exception(e.Message);
    }
}

推荐答案

如果您使用的是 .NET 3.5 或更新版本,您可以使用 PrincipalSearcher 和query-by-example"主体进行搜索:

If you're on .NET 3.5 or newer, you can use a PrincipalSearcher and a "query-by-example" principal to do your searching:

// create your domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// define a "query-by-example" principal - here, we search for a GroupPrincipal 
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);

// create your principal searcher passing in the QBE principal    
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);

// find all matches
foreach(var found in srch.FindAll())
{
    // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....          
}

如果您还没有 - 绝对阅读 MSDN 文章 在 .NET Framework 3.5 中管理目录安全主体,它很好地展示了如何充分利用 System.DirectoryServices.AccountManagement 中的新功能代码>

If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement

这篇关于列出所有 Active Directory 组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!