How do I query ActiveDirectory using LDAP with a username, not a CN?

后端 未结 1 607
鱼传尺愫
鱼传尺愫 2021-02-04 20:03

If I set the .NET DirectoryEntry.Path to something like:

LDAP://CN=John Smith,OU=Group Name,DC=example,DC=com

Everything works great, and I get

1条回答
  •  被撕碎了的回忆
    2021-02-04 20:19

    You can't just query by means of creating an LDAP string - you'll need to use code for that.

    Something like:

    DirectoryEntry deRoot = new DirectoryEntry("LDAP://yourserver/CN=Users,dc=YourCompany,dc=com");
    
    DirectorySearcher dsFindUser = new DirectorySearcher(deRoot);
    dsFindUser.SearchScope = SearchScope.SubTree;
    
    dsFindUser.PropertiesToLoad.Add("sn"); // surname = last name
    dsFindUser.PropertiesToLoad.Add("givenName"); // first name
    
    dsFindUser.Filter = string.Format("(&(objectCategory=Person)(anr={0}))", yourUserName);
    
    SearchResult rseult = dsFindUser.FindOne();
    
    if(result != null)
    {
       if(result.Properties["sn"] != null)
       {  
          string lastName = result.Properties["sn"][0].ToString();
       }
    
       if(result.Properties["givenName"] != null)
       {  
          string lastName = result.Properties["givenName"][0].ToString();
       }
    }
    

    The full MSDN documentation on the System.DirectoryServices.DirectorySearcher class can be found on MSDN - it has lots of additional properties and settings.

    If you're on .NET 3.5, things have gotten quite a bit easier with a strongly-typed library of routines for handling users and groups - see this excellent MSDN article on the topic for more info.

    Hope this helps

    Marc

    0 讨论(0)
提交回复
热议问题