我有一个 .Net 应用程序,它从特定 OU (ABCUsers) 中的活动目录读取用户.代码如下:
I have a .Net application that reads user from active directory that is in a specific OU (ABCUsers). The following is the code:
string DomainIP = "some domain IP";
string ContainerConnectionString = "OU=ABCUsers,DC=test,DC=com";
PrincipalContext domain = new PrincipalContext(ContextType.Domain, DomainIP, ContainerConnectionString, ContextOptions.SimpleBind);
PrincipalSearcher searcher = new PrincipalSearcher();
UserPrincipal findUser = new UserPrincipal(domain);
findUser.SamAccountName = "some username";
searcher.QueryFilter = findUser;
UserPrincipal foundUser = (UserPrincipal)searcher.FindOne();
上面的代码工作正常,但我需要更改代码,以便它检索用户是否在 OU=ABCUsers 或 OU=XYZUsers 中,但不在任何其他 OU 中.
The above code works fine, but I need to change the code so that it retrieves a user whether he/she is in OU=ABCUsers or OU=XYZUsers but not in any other OU.
(更新:再读一遍)
(不过我更喜欢下面的全局目录的解决方案,因为它的代码更少,更健壮.)
(I would nevertheless prefer the solution with the Global Catalog below, because it is much less code and more robust.)
因为在不使用 全局目录 时它可能无法与 OR
-LDAP-search 字符串一起使用,如下所述,您可以重复上述操作(我想工作)两个 OU 的代码与此类似,例如在单独的函数中(伪代码):
Since it would probably not work with an OR
-LDAP-search string when not using the Global Catalog as explained below, you could just kind of repeat the above (I guess working) code for the two OUs similar to this when put e.g. in a separate function (pseudo code):
UserPrincipal findUserInOu( String ou ) {
string DomainIP = "some domain IP";
string ContainerConnectionString = "OU=" + ou + ",DC=test,DC=com";
// ... above code continued
}
UserPrincipal foundUser = findUserInOu("ABCUsers");
if ( foundUser == null )
foundUser = findUserInOu("XYZUsers");
<小时>
正如我在这里所说的,使用一些OR
-搜索字符串等来完成.似乎对我不起作用,您可能必须使用 Global Catalog 服务(在默认的 端口 3268 上,如果您有 MS Active Directory
否则我不知道其他目录服务是否有此功能).我猜您必须在 PrincipalContext
上指定它,它可能会使用其他一些默认值(389?).
As I said here, to do it with some OR
-search string etc. did not work for me and it seems, you may have to use the Global Catalog service (on the default port 3268, if you have a MS Active Directory
otherwise I don't know if other directory services would have this feature).
I guess you would have to specify this on the PrincipalContext
which may use some other default (389?).
这篇关于从 2 个 OU 中查找 Active Directory 用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!