从 2 个 OU 中查找 Active Directory 用户
时间:2022-11-27问题描述
我有一个 .Net 应用程序,它从特定 OU (ABCUsers) 中的活动目录读取用户.代码如下:
I have a .Net application that reads user from active directory that is in a specific OU (ABCUsers). The following is the code:
string DomainIP = "some domain IP";
string ContainerConnectionString = "OU=ABCUsers,DC=test,DC=com";
PrincipalContext domain = new PrincipalContext(ContextType.Domain, DomainIP, ContainerConnectionString, ContextOptions.SimpleBind);
PrincipalSearcher searcher = new PrincipalSearcher();
UserPrincipal findUser = new UserPrincipal(domain);
findUser.SamAccountName = "some username";
searcher.QueryFilter = findUser;
UserPrincipal foundUser = (UserPrincipal)searcher.FindOne();
上面的代码工作正常,但我需要更改代码,以便它检索用户是否在 OU=ABCUsers 或 OU=XYZUsers 中,但不在任何其他 OU 中.
The above code works fine, but I need to change the code so that it retrieves a user whether he/she is in OU=ABCUsers or OU=XYZUsers but not in any other OU.
推荐答案
(更新:再读一遍)
(不过我更喜欢下面的全局目录的解决方案,因为它的代码更少,更健壮.)
(I would nevertheless prefer the solution with the Global Catalog below, because it is much less code and more robust.)
因为在不使用 全局目录 时它可能无法与 OR-LDAP-search 字符串一起使用,如下所述,您可以重复上述操作(我想工作)两个 OU 的代码与此类似,例如在单独的函数中(伪代码):
Since it would probably not work with an OR-LDAP-search string when not using the Global Catalog as explained below, you could just kind of repeat the above (I guess working) code for the two OUs similar to this when put e.g. in a separate function (pseudo code):
UserPrincipal findUserInOu( String ou ) {
string DomainIP = "some domain IP";
string ContainerConnectionString = "OU=" + ou + ",DC=test,DC=com";
// ... above code continued
}
UserPrincipal foundUser = findUserInOu("ABCUsers");
if ( foundUser == null )
foundUser = findUserInOu("XYZUsers");
<小时>
GlobalCatalog 解决方案
正如我在这里所说的,使用一些OR-搜索字符串等来完成.似乎对我不起作用,您可能必须使用 Global Catalog 服务(在默认的 端口 3268 上,如果您有 MS Active Directory 否则我不知道其他目录服务是否有此功能).我猜您必须在 PrincipalContext 上指定它,它可能会使用其他一些默认值(389?).
GlobalCatalog solution
As I said here, to do it with some OR-search string etc. did not work for me and it seems, you may have to use the Global Catalog service (on the default port 3268, if you have a MS Active Directory otherwise I don't know if other directory services would have this feature).
I guess you would have to specify this on the PrincipalContext which may use some other default (389?).
这篇关于从 2 个 OU 中查找 Active Directory 用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!
相关文章
使用 AccountManagement 扩展类时如何设置二进制属性?How to set a binary attribute when using a AccountManagement Extension Class?(使用 AccountManagement 扩展类时如何设置二进制属性?)- 如何在用户密码过期或“用户下次登录时必须更改密码"时检查 AD 用户凭据How to check AD user credentials when the user password is expired or quot;user must change password at next logonquot;(如何在用户密码过期或“用户下次
- 在 Active Directory 中的计算机上获取上次登录时间Getting last Logon Time on Computers in Active Directory(在 Active Directory 中的计算机上获取上次登录时间)
- 客户可配置的 asp.net 网站安全性,用于对页面和按钮访问进行细粒度控制customer-configurable asp.net web site security for fine-grained control of page and button access(客户可配置的 asp.net 网站安全性,用于对页面和按钮访
- Active Directory - 用户的角色Active Directory - Roles of a user(Active Directory - 用户的角色)
- 如何在 C# 中通过 LDAPS 连接到 Active Directory?How to connect to Active Directory via LDAPS in C#?(如何在 C# 中通过 LDAPS 连接到 Active Directory?)
最新文章
- 如何在用户密码过期或“用户下次登录时必须更改密码"时检查 AD 用户凭据
- 在 Active Directory 中的计算机上获取上次登录时间
- 客户可配置的 asp.net 网站安全性,用于对页面和按钮访问进行细粒度控制
- Active Directory - 用户的角色
- 如何在 C# 中通过 LDAPS 连接到 Active Directory?
- 与 PrincipalSearcher 相比,为什么 DirectorySearcher 如此缓慢?
- 特定 Active Directory 通讯组中的用户列表
- Active Directory 用户组成员资格 GroupPrincipal
- 从 ActiveDirectory 检索用户帐户到期
- 如何从 ASP.NET Web 服务代码对 Active Directory 进行身份验证?