Cシャープを使用してアクティブなディレクトリにグループを反復する

Question

アクティブなディレクトリのグループを反復処理し、そのグループのユーザの特定のプロパティをチェックできるサーバからプログラムを実行できる必要があります。これは私がこれまで持っているものです。

public static bool searchUser(string domain, string userName, string password, string objectDN) 
{ 
    DirectoryEntry obj = new DirectoryEntry("LDAP://" + domain + "/" + objectDN, userName, password); 
    if (obj.Properties["objectCategory"].ToString().Equals("group")) 
    { 
     object users = obj.Invoke("Members", null); 
     foreach (object members in users) 
     { } 
    } 
} 

Answer 1

次のコードは、ひどくリファクタリングする必要がありますが、それは月のために右の仕事をしています、私はここで

private List<DirectoryUser> GetUsersInGroup(string groupName) 
    { 
     List<DirectoryUser> directoryUsers = new List<DirectoryUser>(); 

     try 
     { 
      ResultPropertyValueCollection members = null; 

      using (var entry = new DirectoryEntry(_server)) 
      { 
       entry.Path = "LDAP://" + _usersRoot; 
       entry.Username = _domain + @"\" + _serviceAccountUsername; 
       entry.Password = _serviceAccountPassword; 
       entry.AuthenticationType = AuthenticationTypes.Secure; 

       using (DirectorySearcher searcher = new DirectorySearcher(entry)) 
       { 
        searcher.Filter = "(&(objectClass=group)(cn=" + groupName + "))"; 
        searcher.PropertiesToLoad.Add("member"); 

        SearchResult result = searcher.FindOne(); 

        if (result == null) 
         return directoryUsers; 

        members = result.Properties["member"]; 
       } 
      } 

      if (members == null || members.Count == 0) 
       return directoryUsers; 

      foreach (var member in members) 
      { 
       using (var entry = new DirectoryEntry(_server)) 
       { 
        entry.Path = "LDAP://" + member; 
        entry.Username = _domain + @"\" + _serviceAccountUsername; 
        entry.Password = _serviceAccountPassword; 
        entry.AuthenticationType = AuthenticationTypes.Secure; 

        using (DirectorySearcher searcher = new DirectorySearcher(entry)) 
        { 
         searcher.Filter = "(objectClass=user)"; 
         searcher.SearchScope = SearchScope.Base; 

         searcher.PropertiesToLoad.Add("mail"); 
         searcher.PropertiesToLoad.Add("givenName"); 
         searcher.PropertiesToLoad.Add("sn"); 
         searcher.PropertiesToLoad.Add("sAMAccountName"); 
         searcher.PropertiesToLoad.Add("telephoneNumber"); 

         SearchResult result = searcher.FindOne(); 

         if (result == null) 
          continue; 

         var dirUser = new DirectoryUser(); 
         dirUser.Username = Convert.ToString(result.Properties["sAMAccountName"][0]); 
         dirUser.FirstName = Convert.ToString(result.Properties["givenName"][0]); 
         dirUser.LastName = Convert.ToString(result.Properties["sn"][0]); 
         dirUser.Email = Convert.ToString(result.Properties["mail"][0]); 
         dirUser.Phone = Convert.ToString(result.Properties["telephoneNumber"][0]); 

         directoryUsers.Add(dirUser); 


        } 

       } 
      } 


     } 
     catch { } 

     return directoryUsers; 

    } 

Answer 2

をチェックし、最後の時間は、再帰的にそれを行うための方法ですDirectotyEntryとMicrosoft LDAP_MATCHING_RULE_IN_CHAINを使用します。私は、ActiveDirectoryの中Framework 2.0で動作します2003年および2008 R2

using System.DirectoryServices; 
using System.Security.Principal; 

static void Main(string[] args) 

{ 
    //Connection to Active Directory 
    string sFromWhere = "LDAP://SRVENTR2:389/dc=societe,dc=fr"; 
    DirectoryEntry deBase = new DirectoryEntry(sFromWhere, "societe\\administrateur", "test.2011"); 

    // To find all the users member of groups "Grp1" : 
    // Set the base to the groups container DN; for example root DN (dc=societe,dc=fr) 
    // Set the scope to subtree 
    // Use the following filter : 
    // (member:1.2.840.113556.1.4.1941:=CN=Grp1,OU=MonOu,DC=X) 
    // 
    DirectorySearcher dsLookFor = new DirectorySearcher(deBase); 
    dsLookFor.Filter = "(&(memberof:1.2.840.113556.1.4.1941:=CN=Grp1,OU=MonOu,DC=societe,DC=fr)(objectCategory=user))"; 
    dsLookFor.SearchScope = SearchScope.Subtree; 
    dsLookFor.PropertiesToLoad.Add("cn"); 

    SearchResultCollection srcUsers = dsLookFor.FindAll(); 

    // To check user properties 
    foreach (SearchResult srcUser in srcUsers) 
    { 
    Console.WriteLine("{0}", srcUser.Path); 

    } 
    Console.ReadLine(); 
} 

あなたはDirectory Security Principalsを使用して、このようにそれを行うことができますフレームワーク3.5以降：

/* Retreiving a principal context 
*/ 
PrincipalContext context = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "jpb", "root.123"); 

DirectoryContext dc = new DirectoryContext(DirectoryContextType.DirectoryServer, "WM2008R2ENT:389"); 
Domain dn = Domain.GetDomain(dc); 
//Console.WriteLine("Le nom : {0}", dn.PdcRoleOwner.Domain); 

/* Retreive a users from group 
*/ 
using (var group = GroupPrincipal.FindByIdentity(context, IdentityType.SamAccountName, @"MonGrpSec")) 
{ 
    if (group != null) 
    { 
    foreach (var p in group.GetMembers(false)) 
    { 
     Console.WriteLine(p.SamAccountName); 
    } 
    } 
}