如何从active directory获取用户列表?

时间:2022-02-01 06:33:00

How can I get a list of users from active directory? Is there a way to pull username, firstname, lastname? I saw a similar post where this was used:

如何从active directory获取用户列表?有办法提取用户名,名,姓吗?我看到一个类似的帖子:

 PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "YOURDOMAIN");

I have never done anything with active directory so I am completely lost. Any help would be greatly appreciated!

我从来没有使用过active directory,所以我完全迷失了。如有任何帮助,我们将不胜感激!

4 个解决方案

#1


179  

If you are new to Active Directory, I suggest you should understand how Active Directory stores data first.

如果您是Active Directory的新手,我建议您首先了解Active Directory如何存储数据。

Active Directory is actually a LDAP server. Objects stored in LDAP server are stored hierarchically. It's very similar to you store your files in your file system. That's why it got the name Directory server and Active Directory

Active Directory实际上是一个LDAP服务器。存储在LDAP服务器中的对象是分层存储的。它非常类似于将文件存储在文件系统中。这就是它得到名称目录服务器和活动目录的原因。

The containers and objects on Active Directory can be specified by a distinguished name. The distinguished name is like this CN=SomeName,CN=SomeDirectory,DC=yourdomain,DC=com. Like a traditional relational database, you can run query against a LDAP server. It's called LDAP query.

活动目录上的容器和对象可以用专有名称指定。专有名称如下:CN=SomeName,CN=SomeDirectory,DC=yourdomain,DC=com。与传统的关系数据库一样,您可以对LDAP服务器运行查询。它被称为LDAP查询。

There are a number of ways to run a LDAP query in .NET. You can use DirectorySearcher from System.DirectoryServices or SearchRequest from System.DirectoryServices.Protocol.

在. net中运行LDAP查询的方法有很多。您可以使用系统中的DirectorySearcher。来自System.DirectoryServices.Protocol的DirectoryServices或SearchRequest。

For your question, since you are asking to find user principal object specifically, I think the most intuitive way is to use PrincipalSearcher from System.DirectoryServices.AccountManagement. You can easily find a lot of different examples from google. Here is a sample that is doing exactly what you are asking for.

对于您的问题,由于您要求查找用户主体对象,我认为最直观的方法是使用System.DirectoryServices.AccountManagement中的PrincipalSearcher。您可以很容易地从谷歌中找到许多不同的示例。这是一个样本,它完全符合你的要求。

using (var context = new PrincipalContext(ContextType.Domain, "yourdomain.com"))
{
    using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
    {
        foreach (var result in searcher.FindAll())
        {
            DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
            Console.WriteLine("First Name: " + de.Properties["givenName"].Value);
            Console.WriteLine("Last Name : " + de.Properties["sn"].Value);
            Console.WriteLine("SAM account name   : " + de.Properties["samAccountName"].Value);
            Console.WriteLine("User principal name: " + de.Properties["userPrincipalName"].Value);
            Console.WriteLine();
        }
    }
}
Console.ReadLine();

Note that on the AD user object, there are a number of attributes. In particular, givenName will give you the First Name and sn will give you the Last Name. About the user name. I think you meant the user logon name. Note that there are two logon names on AD user object. One is samAccountName, which is also known as pre-Windows 2000 user logon name. userPrincipalName is generally used after Windows 2000.

注意,在AD user对象上有许多属性。特别地,givenName会给你名,而sn会给你名。的用户名。我想你指的是用户登录名。注意,在AD用户对象上有两个登录名。一个是samAccountName,它也被称为windows 2000之前的用户登录名。userPrincipalName通常在Windows 2000之后使用。

#2


18  

If you want to filter y active accounts add this to Harvey's code:

如果你想过滤y活跃账户,请将其添加到哈维的代码中:

 UserPrincipal userPrin = new UserPrincipal(context);
 userPrin.Enabled = true;

after the first using. Then add

在第一次使用。然后添加

  searcher.QueryFilter = userPrin;

before the find all. And that should get you the active ones.

在找到所有之前。这样就能得到活性物质。

#3


3  

Certainly the credit goes to @Harvey Kwok here, but I just wanted to add this example because in my case I wanted to get an actual List of UserPrincipals. It's probably more efficient to filter this query upfront, but in my small environment, it's just easier to pull everything and then filter as needed later from my list.

当然,这里的功劳归于@Harvey Kwok,但我只想添加这个例子,因为在我的例子中,我想获得一个真正的用户主体列表。预先过滤这个查询可能更有效,但是在我的小环境中,更容易从列表中提取所有内容,然后根据需要进行过滤。

Depending on what you need, you may not need to cast to DirectoryEntry, but some properties are not available from UserPrincipal.

根据您需要的内容,您可能不需要向DirectoryEntry转换,但是一些属性无法从UserPrincipal中获得。

using (var searcher = new PrincipalSearcher(new UserPrincipal(new PrincipalContext(ContextType.Domain, Environment.UserDomainName))))
{
    List<UserPrincipal> users = searcher.FindAll().Select(u => (UserPrincipal)u).ToList();
    foreach(var u in users)
        {
            DirectoryEntry d = (DirectoryEntry)e.GetUnderlyingObject();
            Console.WriteLine(d.Properties["GivenName"].Value.ToString() + d.Properties["sn"].Value.ToString());
        }
}

#4


2  

Include the System.DirectoryServices.dll, then use the code below:

包括System.DirectoryServices。然后使用下面的代码:

DirectoryEntry directoryEntry = new DirectoryEntry("WinNT://" + Environment.MachineName);
string userNames="<strong class="highlight">Users</strong> :  ";
foreach (DirectoryEntry child in directoryEntry.Children)
{
    if (child.SchemaClassName == "User")
    {
        userNames += child.Name + Environment.NewLine   ;         
    }

}
MessageBox.Show(userNames);

#1


179  

If you are new to Active Directory, I suggest you should understand how Active Directory stores data first.

如果您是Active Directory的新手,我建议您首先了解Active Directory如何存储数据。

Active Directory is actually a LDAP server. Objects stored in LDAP server are stored hierarchically. It's very similar to you store your files in your file system. That's why it got the name Directory server and Active Directory

Active Directory实际上是一个LDAP服务器。存储在LDAP服务器中的对象是分层存储的。它非常类似于将文件存储在文件系统中。这就是它得到名称目录服务器和活动目录的原因。

The containers and objects on Active Directory can be specified by a distinguished name. The distinguished name is like this CN=SomeName,CN=SomeDirectory,DC=yourdomain,DC=com. Like a traditional relational database, you can run query against a LDAP server. It's called LDAP query.

活动目录上的容器和对象可以用专有名称指定。专有名称如下:CN=SomeName,CN=SomeDirectory,DC=yourdomain,DC=com。与传统的关系数据库一样,您可以对LDAP服务器运行查询。它被称为LDAP查询。

There are a number of ways to run a LDAP query in .NET. You can use DirectorySearcher from System.DirectoryServices or SearchRequest from System.DirectoryServices.Protocol.

在. net中运行LDAP查询的方法有很多。您可以使用系统中的DirectorySearcher。来自System.DirectoryServices.Protocol的DirectoryServices或SearchRequest。

For your question, since you are asking to find user principal object specifically, I think the most intuitive way is to use PrincipalSearcher from System.DirectoryServices.AccountManagement. You can easily find a lot of different examples from google. Here is a sample that is doing exactly what you are asking for.

对于您的问题,由于您要求查找用户主体对象,我认为最直观的方法是使用System.DirectoryServices.AccountManagement中的PrincipalSearcher。您可以很容易地从谷歌中找到许多不同的示例。这是一个样本,它完全符合你的要求。

using (var context = new PrincipalContext(ContextType.Domain, "yourdomain.com"))
{
    using (var searcher = new PrincipalSearcher(new UserPrincipal(context)))
    {
        foreach (var result in searcher.FindAll())
        {
            DirectoryEntry de = result.GetUnderlyingObject() as DirectoryEntry;
            Console.WriteLine("First Name: " + de.Properties["givenName"].Value);
            Console.WriteLine("Last Name : " + de.Properties["sn"].Value);
            Console.WriteLine("SAM account name   : " + de.Properties["samAccountName"].Value);
            Console.WriteLine("User principal name: " + de.Properties["userPrincipalName"].Value);
            Console.WriteLine();
        }
    }
}
Console.ReadLine();

Note that on the AD user object, there are a number of attributes. In particular, givenName will give you the First Name and sn will give you the Last Name. About the user name. I think you meant the user logon name. Note that there are two logon names on AD user object. One is samAccountName, which is also known as pre-Windows 2000 user logon name. userPrincipalName is generally used after Windows 2000.

注意,在AD user对象上有许多属性。特别地,givenName会给你名,而sn会给你名。的用户名。我想你指的是用户登录名。注意,在AD用户对象上有两个登录名。一个是samAccountName,它也被称为windows 2000之前的用户登录名。userPrincipalName通常在Windows 2000之后使用。

#2


18  

If you want to filter y active accounts add this to Harvey's code:

如果你想过滤y活跃账户,请将其添加到哈维的代码中:

 UserPrincipal userPrin = new UserPrincipal(context);
 userPrin.Enabled = true;

after the first using. Then add

在第一次使用。然后添加

  searcher.QueryFilter = userPrin;

before the find all. And that should get you the active ones.

在找到所有之前。这样就能得到活性物质。

#3


3  

Certainly the credit goes to @Harvey Kwok here, but I just wanted to add this example because in my case I wanted to get an actual List of UserPrincipals. It's probably more efficient to filter this query upfront, but in my small environment, it's just easier to pull everything and then filter as needed later from my list.

当然,这里的功劳归于@Harvey Kwok,但我只想添加这个例子,因为在我的例子中,我想获得一个真正的用户主体列表。预先过滤这个查询可能更有效,但是在我的小环境中,更容易从列表中提取所有内容,然后根据需要进行过滤。

Depending on what you need, you may not need to cast to DirectoryEntry, but some properties are not available from UserPrincipal.

根据您需要的内容,您可能不需要向DirectoryEntry转换,但是一些属性无法从UserPrincipal中获得。

using (var searcher = new PrincipalSearcher(new UserPrincipal(new PrincipalContext(ContextType.Domain, Environment.UserDomainName))))
{
    List<UserPrincipal> users = searcher.FindAll().Select(u => (UserPrincipal)u).ToList();
    foreach(var u in users)
        {
            DirectoryEntry d = (DirectoryEntry)e.GetUnderlyingObject();
            Console.WriteLine(d.Properties["GivenName"].Value.ToString() + d.Properties["sn"].Value.ToString());
        }
}

#4


2  

Include the System.DirectoryServices.dll, then use the code below:

包括System.DirectoryServices。然后使用下面的代码:

DirectoryEntry directoryEntry = new DirectoryEntry("WinNT://" + Environment.MachineName);
string userNames="<strong class="highlight">Users</strong> :  ";
foreach (DirectoryEntry child in directoryEntry.Children)
{
    if (child.SchemaClassName == "User")
    {
        userNames += child.Name + Environment.NewLine   ;         
    }

}
MessageBox.Show(userNames);