我需要编写一个 C# 脚本,该脚本返回所有组名以特定名称开头的 Active Directory 组.我知道可以使用以下代码返回一组.
I need to write a C# script that returns all the Active Directory groups with group names that start with a certain name. I know can return one group using the following code.
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
GroupPrincipal grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, "Groupname");
但是,我想要 Groupname 开头的所有组,比如GroupPrefix".然后,我想使用以下代码遍历所有这些组,并将成员"存储在一个数组/列表中,以便稍后用于搜索.
However, I want all the groups where the Groupname starts with, say "GroupPrefix". I then want to traverse all these groups using the following code and store the "members" in an array/list that I can use later for searching.
foreach (UserPrincipal p in grp.GetMembers(true))
如果我能得到任何帮助,我将不胜感激.
I would much appreciate any help that I can get with this.
您可以使用 PrincipalSearcher
和query-by-example"主体进行搜索:
You can use a PrincipalSearcher
and a "query-by-example" principal to do your searching:
// create your domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
// define a "query-by-example" principal - here, we search for a GroupPrincipal
// and with the name like some pattern
GroupPrincipal qbeGroup = new GroupPrincipal(ctx);
qbeGroup.Name = "GroupPrefix*";
// create your principal searcher passing in the QBE principal
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);
// find all matches
foreach(var found in srch.FindAll())
{
// do whatever here - "found" is of type "Principal"
}
}
如果您还没有 - 绝对阅读 MSDN 文章 在 .NET Framework 3.5 中管理目录安全主体,它很好地展示了如何充分利用 System 中的新功能.DirectoryServices.AccountManagement
.或查看 System.DirectoryServices.AccountManagement 上的 MSDN 文档a> 命名空间.
If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement
. Or see the MSDN documentation on the System.DirectoryServices.AccountManagement namespace.
当然,根据您的需要,您可能希望在您创建的query-by-example"组主体上指定其他属性:
Of course, depending on your need, you might want to specify other properties on that "query-by-example" group principal you create:
DisplayName
(通常:名字 + 空格 + 姓氏)SAM 帐户名
- 您的 Windows/AD 帐户名DisplayName
(typically: first name + space + last name)SAM Account Name
- your Windows/AD account name您可以指定 GroupPrincipal
上的任何属性,并将这些属性用作 PrincipalSearcher
的示例查询".
You can specify any of the properties on the GroupPrincipal
and use those as "query-by-example" for your PrincipalSearcher
.
这篇关于查找组名类似的 Active Directory 组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!