javascript活动目录用户/组查询

时间:2021-12-06 03:01:36

Is it possible to query AD from javascript?

是否可以从javascript查询AD?

I'm working from within SharePoint, and I can get the current SharePoint user's information using some js I found on a blog.

我在SharePoint中工作,我可以使用我在博客上找到的一些js来获取当前SharePoint用户的信息。

But I'm wondering if I can then query AD to see if the current user is in a specific AD group.

但我想知道我是否可以查询AD以查看当前用户是否在特定的AD组中。

3 个解决方案

#1


4  

I think you'd be better off writing a quick asp.net page that you could call via AJAX and get some JSON back. .NET directory services class are going to be much better at talking to Active Directory than javascript, unless you can find a js library specifically for this (which I haven't been able to find).

我认为你最好写一个快速的asp.net页面,你可以通过AJAX调用并获得一些JSON。 .NET目录服务类在与Active Directory交谈时要比javascript好得多,除非你能找到专门用于此的js库(我无法找到)。

#2


3  

This is a little late, but for future visitors from Google, I had to write something in JavaScript to fix a scheduled task that is run with cscript:

这有点晚了,但是对于来自Google的未来访问者,我不得不用JavaScript编写一些内容来修复使用cscript运行的计划任务:

var conn = WScript.CreateObject("ADODB.Connection")
var rootDSE = GetObject("LDAP://RootDSE");
var context = rootDSE.Get("defaultNamingContext");

conn.Provider = "ADsDSOObject";
conn.Open("ADs Provider");

var query = "<LDAP://" + context + ">;(&(objectCategory=person)(objectClass=user));samAccountName;subtree";
var cmd = WScript.CreateObject("ADODB.Command");

cmd.ActiveConnection = conn;
cmd.CommandText = query;
cmd.Properties.Item("SearchScope") = 2;
cmd.Properties.Item("Page Size") = 500;

var r = cmd.Execute();

while(!r.EOF)
{
  for (var e=new Enumerator(r.Fields);!e.atEnd();e.moveNext())
  {
    WScript.Stdout.Write(e.Item().name + "=" + e.Item().value + "  ");
  }
  WScript.Stdout.WriteLine("");

  r.MoveNext();
}

#3


0  

There is no way known to me how one could access AD from a client script. I could only think of some kind of an ActiveX control which does the job, however that 1) would work only in IE 2) would also be limited to zone settings in IE.

我无法知道如何从客户端脚本访问AD。我只能想到某种类型的ActiveX控件可以完成这项工作,但是1)只能在IE 2中工作也会限制在IE中的区域设置。

So, the reason is why you need this. Most probably, to be able to show the user something or hide something from the user. If this is the case, you could think of applying the "target audiences" solution to your page (see here - http://office.microsoft.com/en-us/sharepointserver/HA101690531033.aspx). For instance, add two versions of your webpart to the page, one for users who are in the group and another for users who aren't.

所以,原因就是你需要这个。最有可能的是,能够向用户显示某些内容或向用户隐藏某些内容。如果是这种情况,您可以考虑将“目标受众”解决方案应用于您的页面(请参阅此处 - http://office.microsoft.com/en-us/sharepointserver/HA101690531033.aspx)。例如,在页面中添加两个版本的webpart,一个用于组中的用户,另一个用于非用户。

If you really need to have this information on the client side in JS, you can create some "AD helper" web service on your server and call into that service using AJAX, as per @squillman's post.

如果你真的需要在JS的客户端获得这些信息,你可以在你的服务器上创建一些“AD帮助”Web服务,并使用AJAX调用该服务,根据@ squillman的帖子。

#1


4  

I think you'd be better off writing a quick asp.net page that you could call via AJAX and get some JSON back. .NET directory services class are going to be much better at talking to Active Directory than javascript, unless you can find a js library specifically for this (which I haven't been able to find).

我认为你最好写一个快速的asp.net页面,你可以通过AJAX调用并获得一些JSON。 .NET目录服务类在与Active Directory交谈时要比javascript好得多,除非你能找到专门用于此的js库(我无法找到)。

#2


3  

This is a little late, but for future visitors from Google, I had to write something in JavaScript to fix a scheduled task that is run with cscript:

这有点晚了,但是对于来自Google的未来访问者,我不得不用JavaScript编写一些内容来修复使用cscript运行的计划任务:

var conn = WScript.CreateObject("ADODB.Connection")
var rootDSE = GetObject("LDAP://RootDSE");
var context = rootDSE.Get("defaultNamingContext");

conn.Provider = "ADsDSOObject";
conn.Open("ADs Provider");

var query = "<LDAP://" + context + ">;(&(objectCategory=person)(objectClass=user));samAccountName;subtree";
var cmd = WScript.CreateObject("ADODB.Command");

cmd.ActiveConnection = conn;
cmd.CommandText = query;
cmd.Properties.Item("SearchScope") = 2;
cmd.Properties.Item("Page Size") = 500;

var r = cmd.Execute();

while(!r.EOF)
{
  for (var e=new Enumerator(r.Fields);!e.atEnd();e.moveNext())
  {
    WScript.Stdout.Write(e.Item().name + "=" + e.Item().value + "  ");
  }
  WScript.Stdout.WriteLine("");

  r.MoveNext();
}

#3


0  

There is no way known to me how one could access AD from a client script. I could only think of some kind of an ActiveX control which does the job, however that 1) would work only in IE 2) would also be limited to zone settings in IE.

我无法知道如何从客户端脚本访问AD。我只能想到某种类型的ActiveX控件可以完成这项工作,但是1)只能在IE 2中工作也会限制在IE中的区域设置。

So, the reason is why you need this. Most probably, to be able to show the user something or hide something from the user. If this is the case, you could think of applying the "target audiences" solution to your page (see here - http://office.microsoft.com/en-us/sharepointserver/HA101690531033.aspx). For instance, add two versions of your webpart to the page, one for users who are in the group and another for users who aren't.

所以,原因就是你需要这个。最有可能的是,能够向用户显示某些内容或向用户隐藏某些内容。如果是这种情况,您可以考虑将“目标受众”解决方案应用于您的页面(请参阅此处 - http://office.microsoft.com/en-us/sharepointserver/HA101690531033.aspx)。例如,在页面中添加两个版本的webpart,一个用于组中的用户,另一个用于非用户。

If you really need to have this information on the client side in JS, you can create some "AD helper" web service on your server and call into that service using AJAX, as per @squillman's post.

如果你真的需要在JS的客户端获得这些信息,你可以在你的服务器上创建一些“AD帮助”Web服务,并使用AJAX调用该服务,根据@ squillman的帖子。