AD Functions

string Department = "Billing"
DirectorySearcher LdapSearcher = new DirectorySearcher();
 LdapSearcher.PropertiesToLoad.Add("displayName");
 LdapSearcher.PropertiesToLoad.Add("cn"); 
LdapSearcher.PropertiesToLoad.Add("department");
 LdapSearcher.PropertiesToLoad.Add("title"); 
LdapSearcher.PropertiesToLoad.Add("memberOf"); 
LdapSearcher.Filter = string.Format("(&(objectClass=user)(department={0}))", Department); SearchResultCollection src = LdapSearcher.FindAll(); 

MemberOF

标题:获取AD中用户的组,用Properties["memberOf"].Count统计,结果总是少一个组 作者:crmserver 时间:2008-05-21 09:38
获取AD中用户的组,用Properties["memberOf"].Count统计,结果总是少一个组



代码如下:

DirectorySearcher mySearcher = new DirectorySearcher(entry);

mySearcher.Filter="(&(objectClass=user)(sAMAccountName=test))";

mySearcher.PropertiesToLoad.Add("memberOf");

SearchResult mysr=mySearcher.FindOne();

int iCount = mysr.Properties["memberOf"].Count;

Response.Write(iCount);
标题: 作者:ssbird 时间:2008-05-21 09:38
[color=red][b]此回复于2008-06-03 08:48被 [url=http://bbs.51cto.com/profile-uid-278211.html]ssbird[/url] 评为最佳答案[/b][/color]

请参考下面这段代码,这是完整的访问域用户的类。
public static class DomainInformation
{

#region Constants
//static string[] usersLdapPath = @"LDAP://zzzzzz.com/OU=xxxxxx,DC=yyyyyy,DC=com";
static string usersLdapPath = System.Configuration.ConfigurationManager.AppSettings["LDAPConnectionString"].ToString() ;
const string adLoginName = "administrator"; //管理员用户
const string adLoginPassword = "88888888";
#endregion

static public string[] GetGroupsForUser(string domainADsPath, string username)// 获取用户所属组
{

DirectoryEntry usersDE = Directoryunits(domainADsPath);
DirectorySearcher ds = new DirectorySearcher(usersDE);
ds.Filter = "(&(sAMAccountName=" + username + "))";
ds.PropertiesToLoad.Add("memberof");
SearchResult r = ds.FindOne();

if (r.Properties["memberof"].Count == 0)
{
return (null);
}

string[] results = new string[r.Properties["memberof"].Count];
for (int i = 0; i < r.Properties["memberof"].Count; i++)
{
string theGroupPath = r.Properties["memberof"][i].ToString();
results[i] = theGroupPath.Substring(3, theGroupPath.IndexOf(",") - 3);
}
usersDE.Close();
return (results);
}
///
///
///
///
public static string[] GetGroupsForUser(string username)
{
DirectoryEntry usersDE = DomainInformation.Directory();
DirectorySearcher ds = new DirectorySearcher(usersDE);
ds.Filter = "(&(sAMAccountName=" + username + "))";
ds.PropertiesToLoad.Add("memberof");
SearchResult r = ds.FindOne();
if (r.Properties["memberof"] == null)
{
return (null);
}
string[] results = new string[r.Properties["memberof"].Count+1];
for (int i = 0; i < r.Properties["memberof"].Count; i++)
{
string theGroupPath = r.Properties["memberof"][i].ToString();
results[i] = theGroupPath.Substring(3, theGroupPath.IndexOf(",") - 3);
}
results[r.Properties["memberof"].Count]="All";//All组属于任何人,在AD之外定义了一个组,以便分配用户权限
usersDE.Close();
return (results);
}
static public string[] GetUsersForGroup(string domainADsPath, string Groupname)// 获取用户
{

DirectoryEntry usersDE = Directoryunits(domainADsPath);
DirectorySearcher ds = new DirectorySearcher(usersDE);
ds.Filter = "(&(objectClass=group)(cn=" + Groupname + "))";
ds.PropertiesToLoad.Add("member");
SearchResult r = ds.FindOne();

if (r.Properties["member"] == null)
{
return (null);
}

string[] results = new string[r.Properties["member"].Count];
for (int i = 0; i < r.Properties["member"].Count; i++)
{
string theGroupPath = r.Properties["member"][i].ToString();
results[i] = theGroupPath.Substring(3, theGroupPath.IndexOf(",") - 3);
}
usersDE.Close();
return (results);
}


static public string GetUserDisplayName(string username)// 获取组用户
{
string results;
DirectoryEntry usersDE = Directory();

DirectorySearcher ds = new DirectorySearcher(usersDE);
ds.Filter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
ds.PropertiesToLoad.Add(UserProperty.DisplayName);
SearchResult r = ds.FindOne();
results = r.GetDirectoryEntry().InvokeGet(UserProperty.DisplayName).ToString();
usersDE.Close();
return (results);

}

static public UserInfoEx GetUserInfoEx(string username) //获取域用户详细信息
{
DirectoryEntry usersDE =Directory();
DirectorySearcher ds = new DirectorySearcher(usersDE);
ds.Filter = "(&(objectClass=user)(objectCatogery=person)(sAMAccountName=" + username + "))";
ds.PropertiesToLoad.Add("cn");
ds.PropertiesToLoad.Add(UserProperty.Name);
ds.PropertiesToLoad.Add(UserProperty.UserName);
ds.PropertiesToLoad.Add(UserProperty.homePhone);
ds.PropertiesToLoad.Add(UserProperty.FirstName);
ds.PropertiesToLoad.Add(UserProperty.LastName);
ds.PropertiesToLoad.Add(UserProperty.Email);
ds.PropertiesToLoad.Add(UserProperty.Title);
ds.PropertiesToLoad.Add(UserProperty.Company);
ds.PropertiesToLoad.Add(UserProperty.Address);
ds.PropertiesToLoad.Add(UserProperty.City);
ds.PropertiesToLoad.Add(UserProperty.State);
ds.PropertiesToLoad.Add(UserProperty.PostalCode);
ds.PropertiesToLoad.Add(UserProperty.Phone);
ds.PropertiesToLoad.Add(UserProperty.Country);
SearchResult r = ds.FindOne();

UserInfoEx result = new UserInfoEx();

result.Name = r.GetDirectoryEntry().InvokeGet(UserProperty.Name).ToString();
result.LoginName = r.GetDirectoryEntry().InvokeGet(UserProperty.UserName).ToString();
if (r.GetDirectoryEntry().InvokeGet(UserProperty.FirstName) != null)
{
result.FirstName = r.GetDirectoryEntry().InvokeGet(UserProperty.FirstName).ToString();
}
else
{
result.FirstName = "";
}
if (r.GetDirectoryEntry().InvokeGet(UserProperty.homePhone) != null)
{
result.homePhone = r.GetDirectoryEntry().InvokeGet(UserProperty.homePhone).ToString();
}
else
{
result.homePhone = "";
}
if (r.GetDirectoryEntry().InvokeGet(UserProperty.LastName)!= null)
{
result.LastName = r.GetDirectoryEntry().InvokeGet(UserProperty.LastName).ToString();
}
else
{
result.LastName = "";
}
if (r.GetDirectoryEntry().InvokeGet(UserProperty.Email) != null)
{
result.EmailAddress = r.GetDirectoryEntry().InvokeGet(UserProperty.Email).ToString();
}
else
{
result.EmailAddress = "";
}
if (r.GetDirectoryEntry().InvokeGet(UserProperty.Title) != null)
{
result.Title = r.GetDirectoryEntry().InvokeGet(UserProperty.Title).ToString();
}
else
{
result.Title = "";
}
if (r.GetDirectoryEntry().InvokeGet(UserProperty.Company) != null)
{
result.Company =r.GetDirectoryEntry().InvokeGet(UserProperty.Company).ToString();
}
else
{
result.Company = "";
}
if (r.GetDirectoryEntry().InvokeGet(UserProperty.Address) != null)
{
result.Address =r.GetDirectoryEntry().InvokeGet(UserProperty.Address).ToString();
}
else
{
result.Address = "";
}
if (r.GetDirectoryEntry().InvokeGet(UserProperty.City) != null)
{
result.City =r.GetDirectoryEntry().InvokeGet(UserProperty.City).ToString();
}
else
{
result.City = "";
}
if (r.GetDirectoryEntry().InvokeGet(UserProperty.State) != null)
{
result.State =r.GetDirectoryEntry().InvokeGet(UserProperty.State).ToString();
}
else
{
result.State = "";
}
if (r.GetDirectoryEntry().InvokeGet(UserProperty.PostalCode) != null)
{
result.PostalCode =r.GetDirectoryEntry().InvokeGet(UserProperty.PostalCode).ToString();
}
else
{
result.PostalCode = "";
}
if (r.GetDirectoryEntry().InvokeGet(UserProperty.Phone) != null)
{
result.Phone = r.GetDirectoryEntry().InvokeGet(UserProperty.Phone).ToString();
}
else
{
result.Phone = "";
}
if (r.GetDirectoryEntry().InvokeGet(UserProperty.Country) != null)
{
result.Country =r.GetDirectoryEntry().InvokeGet(UserProperty.Country).ToString();
}
else
{
result.Country = "";
}
usersDE.Close();
return (result);
}

static private string GetAdGroupDescription(string prefix)//根据CN获取组description
{
string results;

DirectoryEntry groupsDE = Directory();
DirectorySearcher groupsDS = new DirectorySearcher(groupsDE);
groupsDS.Filter = "(&(objectClass=group)(CN=" + prefix + "*))";
groupsDS.PropertiesToLoad.Add("cn");
SearchResult sr = groupsDS.FindOne();
results = sr.GetDirectoryEntry().InvokeGet("description").ToString();
groupsDE.Close();
return (results);
}
static private DataTable GetAdGroupInfo()//根据CN获取组信息
{
DataTable dt = new DataTable();
dt.Columns.Add("URL", typeof(System.String));
dt.Columns.Add("cn", typeof(System.String));
dt.Columns.Add("Description", typeof(System.String));

DirectoryEntry groupsDE = Directory();
DirectorySearcher searcher = new DirectorySearcher(groupsDE);

searcher.Filter = "(&(objectClass=group))";
//searcher.SearchScope = SearchScope.Subtree;
//searcher.Sort = new SortOption("description", System.DirectoryServices.SortDirection.Ascending);
searcher.PropertiesToLoad.AddRange(new string[] { "cn", "description"});
SearchResultCollection results = searcher.FindAll();
if (results.Count == 0)
{
return (null);

}
else {
foreach (SearchResult result in results)
{
DataRow dr = dt.NewRow();
dr[0] = result.Path.ToString();
dr[1] = result.GetDirectoryEntry().InvokeGet("cn").ToString();
if (result.GetDirectoryEntry().InvokeGet("Description")!=null)
dr[2] = result.GetDirectoryEntry().InvokeGet("Description").ToString();
else
dr[2] = result.GetDirectoryEntry().InvokeGet("cn").ToString();
dt.Rows.Add(dr);
}
dt.DefaultView.Sort = "description ASC";
groupsDE.Close();
return dt;

}

}

static public string getAccountName(string cn) //根据CN获取登陆名
{
foreach (string path in usersLdapPath)
{
DirectoryEntry userContainerDE = Directoryunits(path);
DirectorySearcher ds = new DirectorySearcher(userContainerDE);
ds.Filter = "(&(objectClass=user)(cn=*" + cn + "*))";
ds.PropertiesToLoad.Add("sAMAccountName");
SearchResult r = ds.FindOne();
if (r!=null)
return r.GetDirectoryEntry().InvokeGet("sAMAccountName").ToString();
}
return null;
}

static public bool isAdUser(string username)//判断是否域用户
{

DirectoryEntry userContainerDE = Directory();
DirectorySearcher ds = new DirectorySearcher(userContainerDE);
ds.Filter = "(&(objectClass=user)(sAMAccountName=" + username + "))";
ds.PropertiesToLoad.Add("cn");
SearchResult r = ds.FindOne();
if (r == null)
{
userContainerDE.Close();
return false;

}
else
{
userContainerDE.Close();
return true;
}

}
static public DataTable adUserlist( string groupname) //生成用户数据表
{
DataTable dt = new DataTable();
dt.Columns.Add("cn", typeof(System.String));
dt.Columns.Add("sAMAccountName", typeof(System.String));
string[] groupmember = GetUsersForGroup(usersLdapPath[0], groupname);
if (groupmember.Length == 0)
{
return null;
}
else
{
foreach (string member in groupmember) {
if(IsAccountActive(getAccountControl(getAccountName(member))))
{
DataRow dr = dt.NewRow();
dr[0] = member.ToString();
dr[1] = getAccountName(member);
dt.Rows.Add(dr);
}
}
return dt;

}


}
static public void adUserlistbox(ListBox results, string groupName) //生成USER
{
results.Items.Clear();
DataTable dt = adUserlist(groupName);
if (dt != null)
{
results.DataSource = dt;
results.DataTextField = dt.Columns[0].Caption;
results.DataValueField = dt.Columns[1].Caption;
results.DataBind();
}
}
static public void adGrouplistbox(ListBox results)
{
results.Items.Clear();
DataTable dt = GetAdGroupInfo();
DataRow dr = dt.NewRow();
dr[1] = "All";
dr[2] = "All";
dt.Rows.Add(dr);
results.DataSource = dt;
results.DataTextField = dt.Columns[2].Caption;
results.DataValueField = dt.Columns[1].Caption;
results.DataBind();

}
static public void aduserGrouplist(DropDownList results) {
results.Items.Clear();
DataTable dt = GetAdGroupInfo();
results.DataSource = dt;
results.DataTextField = dt.Columns[2].Caption;
results.DataValueField = dt.Columns[1].Caption;
results.DataBind();
}
static public DirectoryEntry Directory() {
DirectoryEntry userContainerDE;
string accountName = UserProperty.getAccountName().ToString();
accountName = accountName.Substring(0, accountName.IndexOf("\\")).Trim();
//判断登陆用户是否为域用户,"zzzzzz"为域名,域名用户格式:zzzzzz/username
if (accountName.ToLower() != "zzzzzz")
userContainerDE = new DirectoryEntry(usersLdapPath, adLoginName, adLoginPassword); // AuthenticationTypes.Secure);}

else
userContainerDE = new DirectoryEntry(usersLdapPath);//, adLoginName, adLoginPassword);
return userContainerDE;
}
static public DirectoryEntry Directoryunits(string ldappath )
{
DirectoryEntry userContainerDE;
string accountName = UserProperty.getAccountName().ToString();
accountName = accountName.Substring(0, accountName.IndexOf("\\")).Trim();
// userContainerDE = new DirectoryEntry(ldappath);
if (accountName.ToLower() != "zzzzzz" )
//userContainerDE.Username = adLoginName;
//userContainerDE.Password = adLoginPassword;
//userContainerDE.AuthenticationType = AuthenticationTypes.Secure;
userContainerDE = new DirectoryEntry(ldappath, adLoginName, adLoginPassword);// AuthenticationTypes.Secure);}

else
userContainerDE = new DirectoryEntry(ldappath);//, adLoginName, adLoginPassword);
return userContainerDE;
}
public static int getAccountControl(string accountName)//获取权限码
{
int results;
DirectoryEntry userContainerDE = Directory();
DirectorySearcher ds = new DirectorySearcher(userContainerDE);
ds.Filter = "(&(objectClass=user)(sAMAccountName=" + accountName + "))";
ds.PropertiesToLoad.Add("userAccountControl");
try
{
SearchResult r = ds.FindOne();
results = Convert.ToInt32(r.GetDirectoryEntry().InvokeGet("userAccountControl"));
userContainerDE.Close();
return results;
}
catch {
userContainerDE.Close();
return 0;
}

}

public static bool IsAccountActive(int userAccountControl)//判断是否有效
{
int ADS_UF_ACCOUNTDISABLE = 0X0002;
int userAccountControl_Disabled = Convert.ToInt32(ADS_UF_ACCOUNTDISABLE);
int flagExists = userAccountControl & userAccountControl_Disabled;
if (flagExists > 0)
return false;
else
return true;
}

public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName)
{
DirectoryEntry de = Directory();
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" + sAMAccountName + "))";
// deSearch.SearchScope = SearchScope.Subtree;

try
{
SearchResult result = deSearch.FindOne();
//if (result == null)
//{ return null; }
de = Directoryunits(result.Path);
return de;
}
catch
{
//throw;
return null;
}
}

public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName, string password)
{
DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
if (de != null)
{
// string commonName = de.Properties["cn"][0].ToString();
if (GetDirectoryEntry(sAMAccountName, password) != null)
return GetDirectoryEntry(sAMAccountName, password);
else
return null;
}
else
{
return null;
}
}

public static DirectoryEntry GetDirectoryEntry(string sAMAccountName, string password)
{
try
{
DirectoryEntry userde = new DirectoryEntry(usersLdapPath, sAMAccountName, password, AuthenticationTypes.Secure);
DirectorySearcher deSearch = new DirectorySearcher(userde);
deSearch.Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" + sAMAccountName + "))";
//deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
userde = Directoryunits(result.Path);
return userde;
}
catch
{
//throw;
return null;
}
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
}
}

posted @ 2012-07-28 19:51  hishanghai  阅读(237)  评论(0编辑  收藏  举报