I want to create a quick application for people to resolve the name of a user stored in Active Directory from a set of credentials. Some applications only provide the user id and it is too much to expect an end user to fire up the Active Directory Users and Groups MMC snap-in.
我想为人们创建一个快速应用程序,以便从一组凭据中解析存储在Active Directory中的用户的名称。某些应用程序仅提供用户ID,并且期望最终用户启动Active Directory用户和组MMC管理单元太多。
Input would be something like "MYCORP\a_user" and output would be "Dave Smith" if that is what is stored in AD.
输入将类似于“MYCORP \ a_user”,输出将是“Dave Smith”,如果这是存储在AD中的内容。
I want this to be able to run in my test domain and also in a multi-forest environment.
我希望这能够在我的测试域中运行,也可以在多林环境中运行。
Can someone provide a sample that does this? Does retrieval of other attributes from AD such as telephone number follow the same pattern?
有人可以提供这样做的样本吗?从AD中检索其他属性(如电话号码)是否遵循相同的模式?
Target platform: .NET 2.0 and above.
目标平台:.NET 2.0及更高版本。
3 个解决方案
#1
Here's the code I use, taken from my authentication class:
这是我使用的代码,取自我的身份验证类:
string[] strUserName = username.Split("\\".ToCharArray());
using (var entry = new DirectoryEntry("LDAP://" + ADServer, ADServiceDomain + "\\" + ADServiceAccount, ADServicePassword))
using (var ds = new DirectorySearcher(entry, "sAMAccountName=" + strUserName[1])) {
ds.SearchScope = SearchScope.Subtree;
SearchResult result = ds.FindOne();
string fullname = result.Properties["displayName"][0].ToString();
}
System.DirectoryServices sucks. As you can see, it takes a ridiculous amount of code to do even the most basic things. I'd like to see a user authentication method that didn't require using exceptions for flow control.
System.DirectoryServices糟透了。正如您所看到的,即使是最基本的东西也需要大量的代码才能完成。我想看到一个不需要使用流控制异常的用户身份验证方法。
#2
Working with Active Directory is a bit painfull in C#, sure 3.5 adds some new classes to help, but for pure productivity I like to use Powershell and Quest's free PowerShell Commands for Active Directory in which case the code looks something like
使用Active Directory在C#中有点痛苦,确保3.5增加了一些新的类来帮助,但为了纯粹的生产力,我喜欢使用Powershell和Quest的免费PowerShell命令用于Active Directory,在这种情况下代码看起来像
get-qaduser userid | select PhoneNumber,DisplayName
if you need this to run as part of your C# program, you can do that too
如果您需要将其作为C#程序的一部分运行,您也可以这样做
public static IEnumerable<PSObject> Invoke(string script, params object[] input)
{
IList errors = null;
using (var run = new RunspaceInvoke())
{
var psResults = run.Invoke(script, input, out errors);
if (errors != null && errors.Count > 0)
Debug.WriteLine(errors.Count);
foreach (PSObject res in psResults)
yield return res;
}
}
PSObject psUser = POSHelp.Invoke(
@"add-pssnapin Quest.ActiveRoles.ADManagement
($userid) = $input | % { $_ }
get-qaduser $userid", "auserid").Single();
Debug.WriteLine(psUser.Properties["DisplayName"].Value);
add a ref to Program Files\Reference Assemblies\Microsoft\WindowsPowerShell\v1.0\System.Management.Automation.dll
添加一个引用Program Files \ Reference Assemblies \ Microsoft \ WindowsPowerShell \ v1.0 \ System.Management.Automation.dll
#3
See DirectorySearcher, loading the property "DisplayName".
请参阅DirectorySearcher,加载属性“DisplayName”。
#1
Here's the code I use, taken from my authentication class:
这是我使用的代码,取自我的身份验证类:
string[] strUserName = username.Split("\\".ToCharArray());
using (var entry = new DirectoryEntry("LDAP://" + ADServer, ADServiceDomain + "\\" + ADServiceAccount, ADServicePassword))
using (var ds = new DirectorySearcher(entry, "sAMAccountName=" + strUserName[1])) {
ds.SearchScope = SearchScope.Subtree;
SearchResult result = ds.FindOne();
string fullname = result.Properties["displayName"][0].ToString();
}
System.DirectoryServices sucks. As you can see, it takes a ridiculous amount of code to do even the most basic things. I'd like to see a user authentication method that didn't require using exceptions for flow control.
System.DirectoryServices糟透了。正如您所看到的,即使是最基本的东西也需要大量的代码才能完成。我想看到一个不需要使用流控制异常的用户身份验证方法。
#2
Working with Active Directory is a bit painfull in C#, sure 3.5 adds some new classes to help, but for pure productivity I like to use Powershell and Quest's free PowerShell Commands for Active Directory in which case the code looks something like
使用Active Directory在C#中有点痛苦,确保3.5增加了一些新的类来帮助,但为了纯粹的生产力,我喜欢使用Powershell和Quest的免费PowerShell命令用于Active Directory,在这种情况下代码看起来像
get-qaduser userid | select PhoneNumber,DisplayName
if you need this to run as part of your C# program, you can do that too
如果您需要将其作为C#程序的一部分运行,您也可以这样做
public static IEnumerable<PSObject> Invoke(string script, params object[] input)
{
IList errors = null;
using (var run = new RunspaceInvoke())
{
var psResults = run.Invoke(script, input, out errors);
if (errors != null && errors.Count > 0)
Debug.WriteLine(errors.Count);
foreach (PSObject res in psResults)
yield return res;
}
}
PSObject psUser = POSHelp.Invoke(
@"add-pssnapin Quest.ActiveRoles.ADManagement
($userid) = $input | % { $_ }
get-qaduser $userid", "auserid").Single();
Debug.WriteLine(psUser.Properties["DisplayName"].Value);
add a ref to Program Files\Reference Assemblies\Microsoft\WindowsPowerShell\v1.0\System.Management.Automation.dll
添加一个引用Program Files \ Reference Assemblies \ Microsoft \ WindowsPowerShell \ v1.0 \ System.Management.Automation.dll
#3
See DirectorySearcher, loading the property "DisplayName".
请参阅DirectorySearcher,加载属性“DisplayName”。