如何使用PrincipalSearcher查找未设置属性的UserPrincipal？

Question

如何使用PrincipalSearcher查找未设置属性的UserPrincipal？

c#.netactive-directoryadamaccount-management

10

我正在尝试在AD LDS（ADAM）实例中搜索未设置属性的用户，例如在ADAM存储（或AD）中未将“company”属性设置为值的情况。

当我使用PrincipalSearcher和自定义UserPrincipal以及自定义AdvancedSearchFilters对象时，我会收到以下错误提示：

An unhandled exception of type 'System.ArgumentException' occurred in System.DirectoryServices.dll

Additional information: The (&(objectClass=user)(!(company=))) search filter is invalid.

这里是我的示例代码：

using System;
using System.DirectoryServices.AccountManagement;
using System.Security.Permissions;
using System.Linq;

namespace AdamDump
{
    class Program
    {
        static void Main(string[] args)
        {
            PrincipalContext context = new PrincipalContext(ContextType.ApplicationDirectory, "MyAdamInstance:50000", "OU=Adam Users,dc=apps01,dc=mydomain", "queryaccount", "password");        

            // initialize a Query By Example
            using (MyUserPrincipal myUserPrincipal = new MyUserPrincipal(context))
            {
                myUserPrincipal.MyAdvancedFilters.WhereCompanyNotSet();

                PrincipalSearchResult<Principal> principals = null;

                // do the search...
                using (PrincipalSearcher principalSearcher = new PrincipalSearcher(myUserPrincipal))
                {
                    principals = principalSearcher.FindAll();
                }

                var myUsers = principals.Select(principal => principal as MyUserPrincipal).ToList();

                foreach (var user in myUsers)
                    Console.WriteLine("Name: {0}, Account{1}", user.DisplayName, user.SamAccountName);

                Console.WriteLine("Total found: {0}", myUsers.Count);
            }                 
        }
    }


    [DirectoryObjectClass("user")]
    [DirectoryRdnPrefix("CN")]
    [EnvironmentPermissionAttribute(SecurityAction.LinkDemand, Unrestricted = true)]
    public class MyUserPrincipal : UserPrincipal
    {
        private MyAdvancedFilters _myAdvancedFilters;

        /// <summary>
        /// Initializes a new instance of the <see cref="MyUserPrincipal"/> class.
        /// </summary>
        /// <param name="context">A <see cref="PrincipalContext"/> to associate this instance with.</param>
        [EnvironmentPermissionAttribute(SecurityAction.LinkDemand, Unrestricted=true)]
        public MyUserPrincipal(PrincipalContext context)
            : base(context) { }

        public MyAdvancedFilters MyAdvancedFilters
        {
            get
            {
                return this.AdvancedSearchFilter as MyAdvancedFilters;
            }
        }

        public override AdvancedFilters AdvancedSearchFilter
        {
            get
            {
                if (_myAdvancedFilters == null)
                {
                    _myAdvancedFilters = new MyAdvancedFilters(this);                    
                }

                return _myAdvancedFilters;
            }
        }
    }

    public class MyAdvancedFilters : AdvancedFilters
    {
        /// <summary>
        /// Initializes a new instance of the <see cref="MyAdvancedFilters"/> class.
        /// </summary>
        /// <param name="principal">The source <see cref="Principal"/></param>
        public MyAdvancedFilters(Principal principal) : base(principal) { }

        public void WhereCompanyNotSet()
        {
            this.AdvancedFilterSet("company", "", typeof(string), MatchType.NotEquals);
        }
    }
}

- Jim

2个回答

3

尝试使用以下内容作为您的查询：

(&(objectClass=user)(!(company=*)))

文档：http://msdn.microsoft.com/en-gb/library/windows/desktop/aa746475(v=vs.85).aspx 在页面的中部，有一段话说“获取所有没有电子邮件属性的条目：”

- Sean Airey

我认为你的方法是正确的，可以使用DirectorySearcher，但由于我需要通过AccountManagement对象来完成这个任务，所以这并不直接适用。 - Jim

尝试使用AccountManagement对象进行以下操作：PrincipalSearcher ps = new PrincipalSearcher(user);((DirectorySearcher)ps.GetUnderlyingSearcher()).Filter = "(&(objectClass=user)(!(company=*)))"; - hidden

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Jim · Accepted Answer

修改我的AdvanceFilters类如下，可以得到我需要的结果。

public class MyAdvancedFilters : AdvancedFilters
{
    /// <summary>
    /// Initializes a new instance of the <see cref="MyAdvancedFilters"/> class.
    /// </summary>
    /// <param name="principal">The source <see cref="Principal"/></param>
    public MyAdvancedFilters(Principal principal) : base(principal) { }

    public void WhereCompanyNotSet()
    {
        this.AdvancedFilterSet("company", "*", typeof(string), MatchType.NotEquals);
    }
}

在AdvancedFilterSet的值部分中，“*”代表任意字符。

感谢Sean引领我们找到了适用于AccountManagement对象的答案。