LDAP獲取登錄名列表

Question

我需要在我的程序中獲取組中的用戶登錄名列表。

這是我到目前爲止，但它只返回所有用戶...我需要減少到一個組中的那些，我的名字。

Option Explicit On 
Imports System.DirectoryServices 
Imports System.DirectoryServices.ActiveDirectory 

Module Module1 
    Sub Main() 
     Dim ADEntry As New DirectoryServices.DirectoryEntry("LDAP://OU=Users,OU=Irvine,OU=KNS,DC=corp,DC=kns,DC=com") 
     Dim objSearch As New System.DirectoryServices.DirectorySearcher(ADEntry) 

     Dim oResults As DirectoryServices.SearchResultCollection 
     Dim oResult As DirectoryServices.SearchResult 

     ' THIS DOESNT WORK 
     ' objSearch.Filter = "department = engineering" 

     oResults = objSearch.FindAll 

     For Each oResult In oResults 
      Console.WriteLine(oResult.GetDirectoryEntry.Properties("sAMAccountName").Value) 
     Next 
    End Sub 
End Module 

Answer 1

嘗試改變濾波器，以

objSearch.Filter = "(&(objectCategory=user)(memberOf=CN=Employees,OU=Security Groups,DC=yourdomain,DC=com))" 

的基團是僱員。

來源：How to write a LDAP search filter

注：我不能對此進行測試。讓我知道它是否有效。

Answer 2

如果你想有一個組的所有成員，試試這個：

1）結合組：

DirectoryEntry theGroup = 
    new DirectoryEntry("LDAP://cn=YourGroupname,ou=SomeOU,dc=YourCompany,dc=com"); 

2）然後，枚舉其成員 - 它的「成員」屬性集團DirectoryEntry：

foreach(object dn in theGroup.Properties["member"]) 
{ 
    Console.WriteLine(dn); 
} 

在組的「成員」屬性應該是其成員的完整DN（專有名稱）的每個條目 - 用戶或其他組。

你的問題說你想枚舉一個組的成員 - 但是你的代碼看起來更像是你試圖枚舉OU（組織單位）中的所有東西 - 這兩個任務是完全不同的！你真的需要哪個？

你可以在MSDN庫上找到Quick List for Visual Basic.NET Code Samples，或者你可以在CodeProject上學習更多關於How to do almost everything in Active Directory的知識（包含C＃示例）。

馬克

Answer 3

Dim ADEntry As New DirectoryServices.DirectoryEntry("LDAP://ou=users,ou=irvine,ou=kns,dc=corp,dc=kns,dc=com") 
    Dim objSearch As New System.DirectoryServices.DirectorySearcher(ADEntry) 

    Dim oResults As DirectoryServices.SearchResultCollection 
    Dim oResult As DirectoryServices.SearchResult 

    objSearch.Filter = "(&(objectCategory=person)(objectClass=user)(department=Engineering)(!userAccountControl:1.2.840.113556.1.4.803:=2))" 
    oResults = objSearch.FindAll 

    For Each oResult In oResults 
     Console.WriteLine(oResult.GetDirectoryEntry.Properties("sAMAccountName").Value) 
    Next 

這個工作！

Answer 4

許多年前，我建立了一個AD組件，我們經常使用它來完成這個任務。嘗試這個。

Public Function GetUsersInGroup(ByVal GroupName As String) As String() 
     If GroupName = String.Empty Then Return Nothing 
     Dim Users() As String = Nothing 
     Dim S As String = "LDAP://DC=YourCompany,DC=com" 
     Dim Parent As New DirectoryServices.DirectoryEntry(S) 
     Dim Search As New DirectoryServices.DirectorySearcher(Parent) 

     Search.SearchScope = DirectoryServices.SearchScope.Subtree 
     Search.Filter = "(CN=" & GroupName & ")" 
     Search.PropertiesToLoad.Add("member") 

     Dim Result As DirectoryServices.SearchResult = Search.FindOne 
     Dim prop_value As String, i As Integer = 0 
     If Result IsNot Nothing Then 
      If Result.Properties("member").Count > 0 Then 
       ReDim Users(Result.Properties("member").Count - 1) 
       For Each prop_value In Result.Properties("member") 
        Dim S2 As New DirectoryServices.DirectorySearcher(Parent) 
        S2.SearchScope = DirectoryServices.SearchScope.Subtree 
        S2.Filter = "(" & prop_value.Substring(0, prop_value.IndexOf(","c)) & ")" 
        S2.PropertiesToLoad.Add("SAMAccountName") 
        Dim R2 As DirectoryServices.SearchResult = S2.FindOne 
        For Each Prop As String In R2.Properties("SAMAccountName") 
         Users(i) = Prop.ToUpper 
         i = i + 1 
        Next 
       Next 
       Exit For 
      End If 
     End If 
End Function 

如果您知道在哪裏查找，可以從AD獲取大量信息。