LDAP获取登录名列表

Question

我需要在我的程序中获取组中的用户登录名列表。

这是我到目前为止，但它只返回所有用户...我需要减少到一个组中的那些，我的名字。

Option Explicit On 
Imports System.DirectoryServices 
Imports System.DirectoryServices.ActiveDirectory 

Module Module1 
    Sub Main() 
     Dim ADEntry As New DirectoryServices.DirectoryEntry("LDAP://OU=Users,OU=Irvine,OU=KNS,DC=corp,DC=kns,DC=com") 
     Dim objSearch As New System.DirectoryServices.DirectorySearcher(ADEntry) 

     Dim oResults As DirectoryServices.SearchResultCollection 
     Dim oResult As DirectoryServices.SearchResult 

     ' THIS DOESNT WORK 
     ' objSearch.Filter = "department = engineering" 

     oResults = objSearch.FindAll 

     For Each oResult In oResults 
      Console.WriteLine(oResult.GetDirectoryEntry.Properties("sAMAccountName").Value) 
     Next 
    End Sub 
End Module 

Answer 1

尝试改变滤波器，以

objSearch.Filter = "(&(objectCategory=user)(memberOf=CN=Employees,OU=Security Groups,DC=yourdomain,DC=com))" 

的基团是雇员。

来源：How to write a LDAP search filter

注：我不能对此进行测试。让我知道它是否有效。

Answer 2

如果你想有一个组的所有成员，试试这个：

1）结合组：

DirectoryEntry theGroup = 
    new DirectoryEntry("LDAP://cn=YourGroupname,ou=SomeOU,dc=YourCompany,dc=com"); 

2）然后，枚举其成员 - 它的“成员”属性集团DirectoryEntry：

foreach(object dn in theGroup.Properties["member"]) 
{ 
    Console.WriteLine(dn); 
} 

在组的“成员”属性应该是其成员的完整DN（专有名称）的每个条目 - 用户或其他组。

你的问题说你想枚举一个组的成员 - 但是你的代码看起来更像是你试图枚举OU（组织单位）中的所有东西 - 这两个任务是完全不同的！你真的需要哪个？

你可以在MSDN库上找到Quick List for Visual Basic.NET Code Samples，或者你可以在CodeProject上学习更多关于How to do almost everything in Active Directory的知识（包含C＃示例）。

马克

Answer 3

Dim ADEntry As New DirectoryServices.DirectoryEntry("LDAP://ou=users,ou=irvine,ou=kns,dc=corp,dc=kns,dc=com") 
    Dim objSearch As New System.DirectoryServices.DirectorySearcher(ADEntry) 

    Dim oResults As DirectoryServices.SearchResultCollection 
    Dim oResult As DirectoryServices.SearchResult 

    objSearch.Filter = "(&(objectCategory=person)(objectClass=user)(department=Engineering)(!userAccountControl:1.2.840.113556.1.4.803:=2))" 
    oResults = objSearch.FindAll 

    For Each oResult In oResults 
     Console.WriteLine(oResult.GetDirectoryEntry.Properties("sAMAccountName").Value) 
    Next 

这个工作！

Answer 4

许多年前，我建立了一个AD组件，我们经常使用它来完成这个任务。尝试这个。

Public Function GetUsersInGroup(ByVal GroupName As String) As String() 
     If GroupName = String.Empty Then Return Nothing 
     Dim Users() As String = Nothing 
     Dim S As String = "LDAP://DC=YourCompany,DC=com" 
     Dim Parent As New DirectoryServices.DirectoryEntry(S) 
     Dim Search As New DirectoryServices.DirectorySearcher(Parent) 

     Search.SearchScope = DirectoryServices.SearchScope.Subtree 
     Search.Filter = "(CN=" & GroupName & ")" 
     Search.PropertiesToLoad.Add("member") 

     Dim Result As DirectoryServices.SearchResult = Search.FindOne 
     Dim prop_value As String, i As Integer = 0 
     If Result IsNot Nothing Then 
      If Result.Properties("member").Count > 0 Then 
       ReDim Users(Result.Properties("member").Count - 1) 
       For Each prop_value In Result.Properties("member") 
        Dim S2 As New DirectoryServices.DirectorySearcher(Parent) 
        S2.SearchScope = DirectoryServices.SearchScope.Subtree 
        S2.Filter = "(" & prop_value.Substring(0, prop_value.IndexOf(","c)) & ")" 
        S2.PropertiesToLoad.Add("SAMAccountName") 
        Dim R2 As DirectoryServices.SearchResult = S2.FindOne 
        For Each Prop As String In R2.Properties("SAMAccountName") 
         Users(i) = Prop.ToUpper 
         i = i + 1 
        Next 
       Next 
       Exit For 
      End If 
     End If 
End Function 

如果您知道在哪里查找，可以从AD获取大量信息。