logo标签列表

如何使用LDAP从Active Directory获取所有用户的详细信息

c#asp.netldap
4
我需要使用LDAP从Active Directory获取所有用户的详细信息。以下代码仅给出'Samaccountname'作为“管理员”,但没有每个用户的详细信息,也没有在列表中找到邮件ID。请帮忙解决问题。
string dominName = ConfigurationManager.AppSettings["DominName"].ToString();
string ldapPath = ConfigurationManager.AppSettings["ldapPath"].ToString();
if (!String.IsNullOrEmpty(dominName) && !String.IsNullOrEmpty(ldapPath))
{
    DirectoryEntry entry = new DirectoryEntry(ldapPath, txtUsername.Text.ToString().Trim(), txtPassword.Text.ToString().Trim());
    try
    {
        Object obj = entry.NativeObject;
        DirectorySearcher search = new DirectorySearcher(entry);
        search.Filter = "(&(objectClass=user)(objectCategory=person))";
        search.PropertiesToLoad.Add("samaccountname");
        search.PropertiesToLoad.Add("mail");
        search.PropertiesToLoad.Add("usergroup");
        search.PropertiesToLoad.Add("displayname");//first name

        foreach (System.DirectoryServices.SearchResult resEnt in search.FindAll())
        {    
            System.DirectoryServices.DirectoryEntry de = resEnt.GetDirectoryEntry();
            if (de.Properties["sAMAccountName"].Value != null && de.Properties["userAccountControl"].Value!=null)
            {
                StringBuilder sb = new StringBuilder();
                sb.AppendLine("Name = " + de.Properties["sAMAccountName"].Value.ToString());
                sb.AppendLine("Email = " + de.Properties["Mail"].Value.ToString());
            }
        }

找到解决方案:

这是我的代码:

var userAccountControlValue = 0;
int.TryParse(de.Properties["UserAccountControl"].Value.ToString(), out userAccountControlValue);
var isAccountDisabled = Convert.ToBoolean(userAccountControlValue & 0x0002);
var isNormalAccount = Convert.ToBoolean(userAccountControlValue & 0x0200);
if (de.Properties["sAMAccountName"].Value != null && de.Properties["userAccountControl"].Value != null && de.Properties["userPrincipalName"].Value != null && !isAccountDisabled && isNormalAccount)
{
    //Add Employee details from AD
    PaySlipPortal.Objects.Employee employee = new Employee();
    employee.FirstName = de.Properties["givenName"].Value!=null?(string)de.Properties["givenName"].Value:"";
    employee.Email = de.Properties["userPrincipalName"].Value != null ? (string)de.Properties["userPrincipalName"].Value : "";
    employee.LastName = de.Properties["sn"].Value != null ? 

    (string)de.Properties["sn"].Value : "";
    int deleteID=  empBL.DeleteEmployee(employee.Email.Trim());
    int empID = empBL.AddEmployee(employee);  

}
你确定电子邮件值在AD中已定义? - st4hoo
电子邮件被定义为'userPrincipalName'。 - psobhan
3个回答
25

最近我在做LDAP方面的工作。需要从AD中找到所有信息,因此我编写了一些帮助类来查找它们。以下是一些示例。

我编写了5个类。见下文

ActiveDirectoryHelper.cs

public class ActiveDirectoryHelper
{
    private DirectoryEntry _directoryEntry = null;

    private DirectoryEntry SearchRoot
    {
        get
        {
            if (_directoryEntry == null)
            {
                using (HostingEnvironment.Impersonate())
                {
                    _directoryEntry = new DirectoryEntry(LDAPPath);//, LDAPUser, LDAPPassword, AuthenticationTypes.Secure);
                }
            }
            return _directoryEntry;
        }
    }

    private String LDAPPath
    {
        get
        {
            return ConfigurationManager.AppSettings["LDAPPath"];
        }
    }

    //private String LDAPUser
    //{
    //    get
    //    {
    //        return ConfigurationManager.AppSettings["LDAPUser"];
    //    }
    //}

    //private String LDAPPassword
    //{
    //    get
    //    {
    //        return ConfigurationManager.AppSettings["LDAPPassword"];
    //    }
    //}

    private String LDAPDomain
    {
        get
        {
            return ConfigurationManager.AppSettings["LDAPDomain"];
        }
    }

    internal ADUserDetail GetUserByFullName(String userName)
    {
        try
        {
            using (HostingEnvironment.Impersonate())
            {
                _directoryEntry = null;
                DirectorySearcher directorySearch = new DirectorySearcher(SearchRoot);
                directorySearch.Filter = "(&(objectClass=user)(cn=" + userName + "))";
                SearchResult results = directorySearch.FindOne();

                if (results != null)
                {
                    DirectoryEntry user = new DirectoryEntry(results.Path);// LDAPUser, LDAPPassword);
                    return ADUserDetail.GetUser(user);
                }
                else
                {
                    return null;
                }
            }
        }
        catch (Exception ex)
        {
            return null;
        }
    }

    public ADUserDetail GetUserByLoginName(String userName)
    {


        try
        {
            using (HostingEnvironment.Impersonate())
            {

                // This code runs as the application pool user



                _directoryEntry = null;
                string nn = "LDAP://PRIME.local/DC=PRIME,DC=local";
                DirectoryEntry SearchRoot2 = new DirectoryEntry(nn);

                DirectorySearcher directorySearch = new DirectorySearcher(SearchRoot);
                directorySearch.Filter = "(&(objectClass=user)(SAMAccountName=" + userName + "))";
                SearchResult results = directorySearch.FindOne();

                if (results != null)
                {
                    DirectoryEntry user = new DirectoryEntry(results.Path);//, LDAPUser, LDAPPassword);
                    return ADUserDetail.GetUser(user);
                }
                return null;
            }

        }

        catch (Exception ex)
        {
            return null;
        }
    }


    public ADUserDetail GetUserDetailsByFullName(String FirstName, String MiddleName, String LastName)
    {
        //givenName
        //    initials
        //    sn
        //(initials=" + MiddleName + ")(sn=" + LastName + ")

        try
        {
            using (HostingEnvironment.Impersonate())
            {
                _directoryEntry = null;
                DirectorySearcher directorySearch = new DirectorySearcher(SearchRoot);
                //directorySearch.Filter = "(&(objectClass=user)(givenName=" + FirstName + ") ())";

                if (FirstName != "" && MiddleName != "" && LastName != "")
                {

                    directorySearch.Filter = "(&(objectClass=user)(givenName=" + FirstName + ")(initials=" + MiddleName + ")(sn=" + LastName + "))";
                }
                else if (FirstName != "" && MiddleName != "" && LastName == "")
                {
                    directorySearch.Filter = "(&(objectClass=user)(givenName=" + FirstName + ")(initials=" + MiddleName + "))";
                }
                else if (FirstName != "" && MiddleName == "" && LastName == "")
                {
                    directorySearch.Filter = "(&(objectClass=user)(givenName=" + FirstName + "))";
                }
                else if (FirstName != "" && MiddleName == "" && LastName != "")
                {
                    directorySearch.Filter = "(&(objectClass=user)(givenName=" + FirstName + ")(sn=" + LastName + "))";
                }
                else if (FirstName == "" && MiddleName != "" && LastName != "")
                {
                    directorySearch.Filter = "(&(objectClass=user)(initials=" + MiddleName + ")(sn=" + LastName + "))";
                }
                SearchResult results = directorySearch.FindOne();

                if (results != null)
                {
                    DirectoryEntry user = new DirectoryEntry(results.Path);//, LDAPUser, LDAPPassword);
                    return ADUserDetail.GetUser(user);
                }
                return null;
            }
        }
        catch (Exception ex)
        {
            return null;
        }
    }


    /// <summary>
    /// This function will take a DL or Group name and return list of users
    /// </summary>
    /// <param name="groupName"></param>
    /// <returns></returns>
    public List<ADUserDetail> GetUserFromGroup(String groupName)
    {
        List<ADUserDetail> userlist = new List<ADUserDetail>();
        try
        {
            using (HostingEnvironment.Impersonate())
            {
                _directoryEntry = null;
                DirectorySearcher directorySearch = new DirectorySearcher(SearchRoot);
                directorySearch.Filter = "(&(objectClass=group)(SAMAccountName=" + groupName + "))";
                SearchResult results = directorySearch.FindOne();
                if (results != null)
                {

                    DirectoryEntry deGroup = new DirectoryEntry(results.Path);//, LDAPUser, LDAPPassword);
                    System.DirectoryServices.PropertyCollection pColl = deGroup.Properties;
                    int count = pColl["member"].Count;


                    for (int i = 0; i < count; i++)
                    {
                        string respath = results.Path;
                        string[] pathnavigate = respath.Split("CN".ToCharArray());
                        respath = pathnavigate[0];
                        string objpath = pColl["member"][i].ToString();
                        string path = respath + objpath;


                        DirectoryEntry user = new DirectoryEntry(path);//, LDAPUser, LDAPPassword);
                        ADUserDetail userobj = ADUserDetail.GetUser(user);
                        userlist.Add(userobj);
                        user.Close();
                    }
                }
                return userlist;
            }
        }
        catch (Exception ex)
        {
            return userlist;
        }

    }

    #region Get user with First Name

    public List<ADUserDetail> GetUsersByFirstName(string fName)
    {
        using (HostingEnvironment.Impersonate())
        {

            //UserProfile user;
            List<ADUserDetail> userlist = new List<ADUserDetail>();
            string filter = "";

            _directoryEntry = null;
            DirectorySearcher directorySearch = new DirectorySearcher(SearchRoot);
            directorySearch.Asynchronous = true;
            directorySearch.CacheResults = true;
            filter = string.Format("(givenName={0}*", fName);
            //            filter = "(&(objectClass=user)(objectCategory=person)(givenName="+fName+ "*))";


            directorySearch.Filter = filter;

            SearchResultCollection userCollection = directorySearch.FindAll();
            foreach (SearchResult users in userCollection)
            {
                DirectoryEntry userEntry = new DirectoryEntry(users.Path);//, LDAPUser, LDAPPassword);
                ADUserDetail userInfo = ADUserDetail.GetUser(userEntry);

                userlist.Add(userInfo);

            }

            directorySearch.Filter = "(&(objectClass=group)(SAMAccountName=" + fName + "*))";
            SearchResultCollection results = directorySearch.FindAll();
            if (results != null)
            {

                foreach (SearchResult r in results)
                {
                    DirectoryEntry deGroup = new DirectoryEntry(r.Path);//, LDAPUser, LDAPPassword);

                    ADUserDetail agroup = ADUserDetail.GetUser(deGroup);
                    userlist.Add(agroup);
                }

            }
            return userlist;
        }
    }

    #endregion


    #region AddUserToGroup
    public bool AddUserToGroup(string userlogin, string groupName)
    {
        try
        {
            using (HostingEnvironment.Impersonate())
            {
                _directoryEntry = null;
                ADManager admanager = new ADManager(LDAPDomain);//, LDAPUser, LDAPPassword);
                admanager.AddUserToGroup(userlogin, groupName);
                return true;
            }
        }
        catch (Exception ex)
        {
            return false;
        }
    }
    #endregion

    #region RemoveUserToGroup
    public bool RemoveUserToGroup(string userlogin, string groupName)
    {
        try
        {
            using (HostingEnvironment.Impersonate())
            {
                _directoryEntry = null;
                ADManager admanager = new ADManager("xxx");// LDAPUser, LDAPPassword);
                admanager.RemoveUserFromGroup(userlogin, groupName);
                return true;
            }
        }
        catch (Exception ex)
        {
            return false;
        }
    }
    #endregion
}

账户管理扩展.cs

public static class AccountManagementExtensions
{

    public static String GetProperty(this Principal principal, String property)
    {
        DirectoryEntry directoryEntry = principal.GetUnderlyingObject() as DirectoryEntry;
        if (directoryEntry.Properties.Contains(property))
            return directoryEntry.Properties[property].Value.ToString();
        else
            return String.Empty;
    }

    public static String GetCompany(this Principal principal)
    {
        return principal.GetProperty("company");
    }

    public static String GetDepartment(this Principal principal)
    {
        return principal.GetProperty("department");
    }

}

ADManager.cs

public class ADManager
{

    PrincipalContext context;

    public ADManager()
    {
        context = new PrincipalContext(ContextType.Machine, "xxx", "xxx", "xxx");

    }


    public ADManager(string domain, string container)
    {
        context = new PrincipalContext(ContextType.Domain, domain, container);
    }

    public ADManager(string domain)//, string username, string password)
    {
        context = new PrincipalContext(ContextType.Domain);//, username, password);
    }

    public bool AddUserToGroup(string userName, string groupName)
    {
        bool done = false;
        GroupPrincipal group = GroupPrincipal.FindByIdentity(context, groupName);
        if (group == null)
        {
            group = new GroupPrincipal(context, groupName);
        }
        UserPrincipal user = UserPrincipal.FindByIdentity(context, userName);
        if (user != null & group != null)
        {
            group.Members.Add(user);
            group.Save();
            done = (user.IsMemberOf(group));
        }
        return done;
    }


    public bool RemoveUserFromGroup(string userName, string groupName)
    {
        bool done = false;
        UserPrincipal user = UserPrincipal.FindByIdentity(context, userName);
        GroupPrincipal group = GroupPrincipal.FindByIdentity(context, groupName);
        if (user != null & group != null)
        {
            group.Members.Remove(user);
            group.Save();
            done = !(user.IsMemberOf(group));
        }
        return done;
    }
}

ADProperties.cs

public static class ADProperties
{
    public const String OBJECTCLASS = "objectClass";
    public const String CONTAINERNAME = "cn";
    public const String LASTNAME = "sn";
    public const String COUNTRYNOTATION = "c";
    public const String CITY = "l";
    public const String STATE = "st";
    public const String TITLE = "title";
    public const String POSTALCODE = "postalCode";
    public const String PHYSICALDELIVERYOFFICENAME = "physicalDeliveryOfficeName";
    public const String FIRSTNAME = "givenName";
    public const String MIDDLENAME = "initials";
    public const String DISTINGUISHEDNAME = "distinguishedName";
    public const String INSTANCETYPE = "instanceType";
    public const String WHENCREATED = "whenCreated";
    public const String WHENCHANGED = "whenChanged";
    public const String DISPLAYNAME = "displayName";
    public const String USNCREATED = "uSNCreated";
    public const String MEMBEROF = "memberOf";
    public const String USNCHANGED = "uSNChanged";
    public const String COUNTRY = "co";
    public const String DEPARTMENT = "department";
    public const String COMPANY = "company";
    public const String PROXYADDRESSES = "proxyAddresses";
    public const String STREETADDRESS = "streetAddress";
    public const String DIRECTREPORTS = "directReports";
    public const String NAME = "name";
    public const String OBJECTGUID = "objectGUID";
    public const String USERACCOUNTCONTROL = "userAccountControl";
    public const String BADPWDCOUNT = "badPwdCount";
    public const String CODEPAGE = "codePage";
    public const String COUNTRYCODE = "countryCode";
    public const String BADPASSWORDTIME = "badPasswordTime";
    public const String LASTLOGOFF = "lastLogoff";
    public const String LASTLOGON = "lastLogon";
    public const String PWDLASTSET = "pwdLastSet";
    public const String PRIMARYGROUPID = "primaryGroupID";
    public const String OBJECTSID = "objectSid";
    public const String ADMINCOUNT = "adminCount";
    public const String ACCOUNTEXPIRES = "accountExpires";
    public const String LOGONCOUNT = "logonCount";
    public const String LOGINNAME = "sAMAccountName";
    public const String SAMACCOUNTTYPE = "sAMAccountType";
    public const String SHOWINADDRESSBOOK = "showInAddressBook";
    public const String LEGACYEXCHANGEDN = "legacyExchangeDN";
    public const String USERPRINCIPALNAME = "userPrincipalName";
    public const String EXTENSION = "ipPhone";
    public const String SERVICEPRINCIPALNAME = "servicePrincipalName";
    public const String OBJECTCATEGORY = "objectCategory";
    public const String DSCOREPROPAGATIONDATA = "dSCorePropagationData";
    public const String LASTLOGONTIMESTAMP = "lastLogonTimestamp";
    public const String EMAILADDRESS = "mail";
    public const String MANAGER = "manager";
    public const String MOBILE = "mobile";
    public const String PAGER = "pager";
    public const String FAX = "facsimileTelephoneNumber";
    public const String HOMEPHONE = "homePhone";
    public const String MSEXCHUSERACCOUNTCONTROL = "msExchUserAccountControl";
    public const String MDBUSEDEFAULTS = "mDBUseDefaults";
    public const String MSEXCHMAILBOXSECURITYDESCRIPTOR = "msExchMailboxSecurityDescriptor";
    public const String HOMEMDB = "homeMDB";
    public const String MSEXCHPOLICIESINCLUDED = "msExchPoliciesIncluded";
    public const String HOMEMTA = "homeMTA";
    public const String MSEXCHRECIPIENTTYPEDETAILS = "msExchRecipientTypeDetails";
    public const String MAILNICKNAME = "mailNickname";
    public const String MSEXCHHOMESERVERNAME = "msExchHomeServerName";
    public const String MSEXCHVERSION = "msExchVersion";
    public const String MSEXCHRECIPIENTDISPLAYTYPE = "msExchRecipientDisplayType";
    public const String MSEXCHMAILBOXGUID = "msExchMailboxGuid";
    public const String NTSECURITYDESCRIPTOR = "nTSecurityDescriptor";
}

AD用户详细信息.cs

public class ADUserDetail
{
    private String _firstName;
    private String _middleName;
    private String _lastName;
    private String _loginName;
    private String _loginNameWithDomain;
    private String _streetAddress;
    private String _city;
    private String _state;
    private String _postalCode;
    private String _country;
    private String _homePhone;
    private String _extension;
    private String _mobile;
    private String _fax;
    private String _emailAddress;
    private String _title;
    private String _company;
    private String _manager;
    private String _managerName;
    private String _department;

    public String Department
    {
        get { return _department; }
    }

    public String FirstName
    {
        get { return _firstName; }
    }

    public String MiddleName
    {
        get { return _middleName; }
    }

    public String LastName
    {
        get { return _lastName; }
    }

    public String LoginName
    {
        get { return _loginName; }
    }

    public String LoginNameWithDomain
    {
        get { return _loginNameWithDomain; }
    }

    public String StreetAddress
    {
        get { return _streetAddress; }
    }

    public String City
    {
        get { return _city; }
    }

    public String State
    {
        get { return _state; }
    }

    public String PostalCode
    {
        get { return _postalCode; }
    }

    public String Country
    {
        get { return _country; }
    }

    public String HomePhone
    {
        get { return _homePhone; }
    }

    public String Extension
    {
        get { return _extension; }
    }

    public String Mobile
    {
        get { return _mobile; }
    }

    public String Fax
    {
        get { return _fax; }
    }

    public String EmailAddress
    {
        get { return _emailAddress; }
    }

    public String Title
    {
        get { return _title; }
    }

    public String Company
    {
        get { return _company; }
    }

    public ADUserDetail Manager
    {
        get
        {
            if (!String.IsNullOrEmpty(_managerName))
            {
                ActiveDirectoryHelper ad = new ActiveDirectoryHelper();
                return ad.GetUserByFullName(_managerName);
            }
            return null;
        }
    }

    public String ManagerName
    {
        get { return _managerName; }
    }


    private ADUserDetail(DirectoryEntry directoryUser)
    {

        String domainAddress;
        String domainName;
        _firstName = GetProperty(directoryUser, ADProperties.FIRSTNAME);
        _middleName = GetProperty(directoryUser, ADProperties.MIDDLENAME);
        _lastName = GetProperty(directoryUser, ADProperties.LASTNAME);
        _loginName = GetProperty(directoryUser, ADProperties.LOGINNAME);
        String userPrincipalName = GetProperty(directoryUser, ADProperties.USERPRINCIPALNAME);
        if (!string.IsNullOrEmpty(userPrincipalName))
        {
            domainAddress = userPrincipalName.Split('@')[1];
        }
        else
        {
            domainAddress = String.Empty;
        }

        if (!string.IsNullOrEmpty(domainAddress))
        {
            domainName = domainAddress.Split('.').First();
        }
        else
        {
            domainName = String.Empty;
        }
        _loginNameWithDomain = String.Format(@"{0}\{1}", domainName, _loginName);
        _streetAddress = GetProperty(directoryUser, ADProperties.STREETADDRESS);
        _city = GetProperty(directoryUser, ADProperties.CITY);
        _state = GetProperty(directoryUser, ADProperties.STATE);
        _postalCode = GetProperty(directoryUser, ADProperties.POSTALCODE);
        _country = GetProperty(directoryUser, ADProperties.COUNTRY);
        _company = GetProperty(directoryUser, ADProperties.COMPANY);
        _department = GetProperty(directoryUser, ADProperties.DEPARTMENT);
        _homePhone = GetProperty(directoryUser, ADProperties.HOMEPHONE);
        _extension = GetProperty(directoryUser, ADProperties.EXTENSION);
        _mobile = GetProperty(directoryUser, ADProperties.MOBILE);
        _fax = GetProperty(directoryUser, ADProperties.FAX);
        _emailAddress = GetProperty(directoryUser, ADProperties.EMAILADDRESS);
        _title = GetProperty(directoryUser, ADProperties.TITLE);
        _manager = GetProperty(directoryUser, ADProperties.MANAGER);
        if (!String.IsNullOrEmpty(_manager))
        {
            String[] managerArray = _manager.Split(',');
            _managerName = managerArray[0].Replace("CN=", "");
        }
    }


    private static String GetProperty(DirectoryEntry userDetail, String propertyName)
    {
        if (userDetail.Properties.Contains(propertyName))
        {
            return userDetail.Properties[propertyName][0].ToString();
        }
        else
        {
            return string.Empty;
        }
    }

    public static ADUserDetail GetUser(DirectoryEntry directoryUser)
    {
        return new ADUserDetail(directoryUser);
    }
}

只需在 web.config 文件的 AppSettings 部分添加您的 LDAP 地址。如果需要,可以添加用户名或密码,否则只需添加 LDAP 地址。

<appSettings>
<add key="LDAPPassword" value="" />
<add key="LDAPPath" value="" />
<add key="LDAPUser" value="" />
<add key="LDAPDomain" value="" />
</appSettings>

将这些类包含到您的项目中。现在,您可以从Active Directory获取所有信息。在“ActiveDirectoryHelper.cs”上有一些方法。您可以使用它们来检索信息。

1
类似于这个链接http://www.c-sharpcorner.com/uploadfile/dhananjaycoder/all-operations-on-active-directory-ad-using-C-Sharp/。也许我们可以共同努力。 - Kiquenet
FYI:在 ADManager.cs 文件中,当行上有 //, username, password); 这一行时,应该改为 //, domain, username, password);。 ;) - James Wilkins
我遇到了以下错误: System.ArgumentException:(givenName=Saqib*搜索过滤器无效。 - SAQIB SOHAIL BHATTI
6
请尝试查看“mail”属性(而不是“Mail”)。
sb.AppendLine("Email = " + de.Properties["mail"].Value.ToString());

以下是AD用户属性参考(如果您需要获取其他内容):http://www.kouti.com/tables/userattributes.htm

2
上个月,项目经理让我从Active Directory中查找所有用户信息,并找出特定用户缺少哪些字段的信息。我试图在互联网上查找与.NET Active Directory示例相关的信息,但没有找到太多信息,这促使我写了一篇文章来介绍这个主题。
在本文中,我将解释如何使用Active Directory类并从组件类中检索数据。您可以复制下面的代码行并执行它,但需要在Directory Entry构造函数中传递域名。以下示例取自我的一个开发项目,并进行了修改以便于理解。
我假设您在使用此示例之前对活动目录有一般的了解。 第一步:
Add System.DirectoryServices.Dll (from Project Add reference)

System.DirectoryServices提供了从托管代码访问Active Directory的简便方式。该命名空间包含两个组件类,DirectoryEntry和DirectorySearcher。 第二步:

Using System.DirectoryServices

目录条目类:该类封装了活动目录层次结构中的节点或对象。使用此类绑定对象、读取属性和更新属性。 步骤3:

DirectoryEntry entry = new DirectoryEntry("LDAP://DomainName");

目录搜索器:它将针对活动目录层次结构执行查询。

步骤4:

DirectorySearcher Dsearch = new DirectorySearcher(entry);

步骤五: 隐藏 复制代码
String Name="Richmond";

Filter属性支持对活动目录中所有过滤器的信息。

对于较新的Dotnet,您可以简单地安装Nuget包“Microsoft.Windows.Compatibility”。 - Syed Rafay
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接