directoryservices

问题 When using the DirectorySearcher in .net, are these two statements equal? Same for both: Dim ds As New DirectorySearcher ' code to setup the searcher First statement ds.FindOne() Second statement ds.SizeLimit = 1 ds.FindAll() ...except obviously that FindOne() returns a SearchResult object and FindAll() returns a SearchResultCollection object 回答1: Yes, that would be almost the same. Almost, because in .NET 2.0 (not sure if it's been fixed in more recent versions), the .FindOne() call had some

问题 We have a large LDAP directory that we're currently returning all users from. We iterate through the list of users, and compare what we've saved locally to find those that either no-longer exist, or that are new, then create/delete them locally. The problem is that this operation takes HOURS to complete. I think the solution to this would be to define a more specific search query to Directory Services and only return those users that have been modified in the last 24 hours (or whenever it

问题 According to How to determine the type (AD User vs. AD Group) of an account? objectCategory attribute is used to determine whether object is group or user. but objectCategory attribute is removed when an object is deleted. what is the possible way to determine deleted object type ? Following attributes can be retrieved for deleted user objectclass : top objectclass : person objectclass : organizationalPerson objectclass : user msexchmailboxsecuritydescriptor : System.Byte[] usnchanged :

问题 I've got some code that has been working fine for a long time to get someone logged in on my application: private Employee Authenticate(string userName, string password) { DirectorySearcher search = new DirectorySearcher(_rootDirectory); search.Filter = "(&(objectClass=user)(SAMAccountName=" + userName + "))"; try { SearchResultCollection results = search.FindAll(); if (0 < results.Count) { // the rest of my code // that returns an employee // if the password matches } } catch (Exception err)

问题 System.DirectoryServices.AccountManagement can be extended to support additional properties for reading and writing AD properties. Is anyone aware of a full/complete sample implementation that works for AD, Exchange 2003 or 2010? 回答1: There isn't anything online that I know of, but you are welcome to my collection (which I've included). One thing you'll probably notice about my code is that I've almost completely replaced the standard get/set operations with my own code which writes directly

问题 In an ASP.NET 4 application, I have existing code to access a user's Active Directory information (potentially under Windows Authentication or FBA) like this: // authType taken from run-time config file, default below AuthenticationTypes authType = AuthenticationTypes.Secure; string path = "LDAP://" + domain; DirectoryEntry entry = new DirectoryEntry(path); entry.AuthenticationType = authType; // Bind to the native AdsObject to force authentication. Object obj = entry.NativeObject;

问题 I have a really simple question. What is better to use? AD Module (ie. Get-ADComputer) or DirectoryServices .NET Class when trying to connect to AD and pull all computers, users, and groups from a Domain. Or does it not matter at all? The key factors I judge on for which method to use are: Which method's scripts will run faster? Which puts less load on the network / AD What limitations may each method have? I know that the AD Module is only installed default on Win Server 2008 R2 and later,

问题 The following code works fine from a variety of machines on our domain. var context = new PrincipalContext(ContextType.Domain); var principal = UserPrincipal.FindByIdentity(context, @"domain\username") However, if I run this similar code on a machine that is not on a domain, it works but the FindByIdentity line takes 2+ seconds. var context = new PrincipalContext(ContextType.Machine); var principal = UserPrincipal.FindByIdentity(context, @"machinename\username") Can this performance

问题 I am trying to get all Active Directory groups for a user, with the following code: private static IEnumerable<string> GetGroupNames(string userName) { using (var context = new PrincipalContext(ContextType.Domain)) { using (var userPrincipal = UserPrincipal.FindByIdentity(context, userName)) { var groupSearch = userPrincipal.GetGroups(context); var result = new List<string>(); foreach (var principal in groupSearch) { Log.LogDebug("User {0} is member of group {0}", userPrincipal.DisplayName,

问题 The code is fairly simple --- the issue is that there is an invalid character in the groupPath string (a '/' to be exact). What I'm trying to do (at least as a stop gap) is skip over DirectoryEntries that I can't get the cn for --- regardless of why. However when I run this code the catch block doesn't run and I get instead: The server is not operational. and an unhandled System.Runtime.InteropServices.COMException. Why would the catch block not catch this exception. try { using