代码之家  ›  专栏  ›  技术社区  ›  NoBullMan

从广告中获得经理的员工

distinguishedname active-directory c#
  •  3
  • NoBullMan  · 技术社区  · 7 年前

    我正试图得到一个经理的雇员名单。 假设登录用户是管理器,

    1)使用sAMAccountName(即域ID)在active directory中搜索manager并检索distinguishedName

    2)在活动目录中搜索“manager”属性等于先前检索到的可分辨名称的所有用户对象

    但是,我的目录项集合始终为空。假设给定了用户/管理器的DN,下面是我所做的。 

    private static List<DirectoryEntry> GetUserDEByManagerDN(string sDN)
{
    string adPath = ConfigurationManager.AppSettings["ADPath"].ToString();
    DirectoryEntry de = new DirectoryEntry(adPath + "/" + sDN);
    List<DirectoryEntry> lsUsers = new List<DirectoryEntry>();

    using (DirectorySearcher Search = new DirectorySearcher())
    {
        Search.SearchRoot = de;
        Search.Filter = "(&(manager=" + sDN + "))";
        //Search.Filter = "(&(manager=" + sDN + ")(extensionAttribute14=INV))";
        Search.SearchScope = SearchScope.Base;  // Also tried SearchScope.Subtree
        SearchResultCollection Results = Search.FindAll();

        if (null != Results)  // Results is not null but has zero length
        {
            foreach (SearchResult Result in Results)
            {
                DirectoryEntry deUser = Result.GetDirectoryEntry();

                if (null != deUser)
                    lsUsers.Add(deUser);
            }
        }
    }
    return lsUsers;
}

    我还尝试使用以下命令转义DN: 

    string sEscapedDN = sDN.Replace('\\', '\x5C').Replace(')', '\x29').Replace('(', '\x28').Replace('*', '\x2A');

    运气不好。如有任何帮助,我们将不胜感激。

    1 回复  |  直到 7 年前
        1
  •  1
  •   NoBullMan    7 年前

    在itsme86建议设置包含所有用户的容器以及Camilo Terevinto建议从AD路径中删除manager的DN之后,问题得到了解决。我还不得不将搜索范围从基树更改为子树。

    以下是对我有用的: 

    private static List<DirectoryEntry> GetUserDEByManagerDN(string sManagerDN)
{
    string adPath = ConfigurationManager.AppSettings["ADPath"].ToString();

    /* This was one of the issues  */
    //DirectoryEntry de = new DirectoryEntry(adPath + "/" + sManagerDN);
    DirectoryEntry de = new DirectoryEntry(adPath);

    List<DirectoryEntry> lsUsers = new List<DirectoryEntry>();

    using (DirectorySearcher Search = new DirectorySearcher())
    {
        Search.SearchRoot = de;

        /* I had to include extension attribute 14 to get rid of some unusual "users", like Fax, special accounts, etc. You might not need it
        //Search.Filter = "(manager=" + sDN + ")";
        Search.Filter = "(&(manager=" + sDN + ")(extensionAttribute14=INV))";

        //Search.SearchScope = SearchScope.Base;  
        Search.SearchScope = SearchScope.Subtree;
        SearchResultCollection Results = Search.FindAll();

        if (null != Results)
        {
            foreach (SearchResult Result in Results)
            {
                DirectoryEntry deUser = Result.GetDirectoryEntry();

                if (null != deUser)
                    lsUsers.Add(deUser);
            }
        }
    }
    return lsUsers;
}
    推荐文章
    关于   移动版
    代码之家 - 一站式码农服务社区
    沪ICP备11025650号