从Active Directory检索对象

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了从Active Directory检索对象相关的知识,希望对你有一定的参考价值。

  1. /// <summary>
  2. /// Retrieves all objects from the given DN and returns their given properties
  3. ///
  4. /// If we are told to search recursively then if we find any OU's we iterate through those
  5. /// as well
  6. /// </summary>
  7. /// <param name="DN"></param>
  8. /// <param name="properties"></param>
  9. /// <param name="useRecursion"></param>
  10. /// <returns></returns>
  11. public static List<string> GetAllObjects(string DN, List<string> properties, bool useRecursion)
  12. {
  13. var results = new List<string>();
  14.  
  15. // Certain values from the AD search are
  16. // date/time values. Because of their format
  17. // we need to convert them into something that
  18. // we can understand.
  19. //
  20. // The following is a short list I use to
  21. // convert any of those dates.
  22. //
  23. // Any dates not listed here will not be converted
  24. var dates = new List<string>()
  25. {
  26. "pwdLastSet",
  27. "badPasswordCountTime",
  28. "lastLogoff",
  29. "lastLogon",
  30. "lastLogonTimestamp",
  31. "lockoutTime"
  32. };
  33.  
  34. try
  35. {
  36. DirectoryEntry de = new DirectoryEntry("LDAP://" + DN);
  37. foreach (DirectoryEntry child in de.Children)
  38. {
  39.  
  40. // If we require recursion, this is the place to do it
  41. //
  42. // We need to remove the LDAP:// header though because
  43. // we will re-add it automatically
  44. if (child.Properties.Contains("ou"))
  45. {
  46. if (useRecursion) results.AddRange(GetAllObjects(child.Path.Remove(0, 7), properties, useRecursion));
  47. }
  48. else
  49. {
  50. var propertySb = new StringBuilder();
  51.  
  52. var lcounter = 0;
  53.  
  54. // Since we accept property inputs we need to make sure those
  55. // are what we capture from the search.
  56. //
  57. // In our case we don't return the entire property list if the properties are
  58. // empty. If no properties are specified then no results will be returned
  59. foreach (var property in properties)
  60. {
  61. var val = "";
  62. if (child.Properties.Contains(property))
  63. {
  64. if(dates.Contains(property))
  65. {
  66. var t = child.Properties[property].Value;
  67. var ticks = GetInt64(child, property);
  68. var dateFormattedValue = DateTime.FromFileTime(ticks);
  69. val = dateFormattedValue.ToString();
  70. }
  71. else
  72. {
  73. val = child.Properties[property].Value.ToString();
  74. }
  75.  
  76. if (val != property)
  77. {
  78. if (lcounter + 1 == properties.Count)
  79. {
  80. propertySb.Append(val);
  81. }
  82. else
  83. {
  84. propertySb.Append(val + ",");
  85. }
  86. }
  87. }
  88.  
  89. lcounter++;
  90. }
  91.  
  92. results.Add(propertySb.ToString());
  93. }
  94.  
  95.  
  96. child.Close();
  97. child.Dispose();
  98. }
  99.  
  100. de.Close(); de.Dispose();
  101.  
  102. }
  103. catch (Exception ex)
  104. {
  105. Console.WriteLine(ex.ToString());
  106. }
  107.  
  108. return results;
  109. }
  110.  
  111. /// <summary>
  112. /// Given a directory entry and the property we are looking at
  113. /// we can convert the illegible timestamp into a format
  114. /// that can be parsed by the DateTime class.
  115. /// </summary>
  116. /// <param name="entry"></param>
  117. /// <param name="attr"></param>
  118. /// <returns></returns>
  119. private static Int64 GetInt64(DirectoryEntry entry, string attr)
  120. {
  121. DirectorySearcher ds = new DirectorySearcher(
  122. entry,
  123. String.Format("({0}=*)", attr),
  124. new string[] { attr },
  125. SearchScope.Base
  126. );
  127.  
  128. SearchResult sr = ds.FindOne();
  129.  
  130. if (sr != null)
  131. {
  132. if (sr.Properties.Contains(attr))
  133. {
  134. return (Int64)sr.Properties[attr][0];
  135. }
  136. }
  137. return -1;
  138. }

以上是关于从Active Directory检索对象的主要内容,如果未能解决你的问题,请参考以下文章

如何检索 Active Directory 用户列表

C# - 使用 LDAP 检索 Active Directory 的组成员

我可以将 Azure Active Directory 身份验证连接到现有项目吗?

访问Azure Active Directory用户和角色

从两个 Active Directory 组中提取用户

Active Directory - 如何检索用户的所有架构条目