问题
We have a large LDAP directory that we're currently returning all users from. We iterate through the list of users, and compare what we've saved locally to find those that either no-longer exist, or that are new, then create/delete them locally.
The problem is that this operation takes HOURS to complete.
I think the solution to this would be to define a more specific search query to Directory Services and only return those users that have been modified in the last 24 hours (or whenever it last ran). Unfortunately I'm having difficulty finding which property to use in order to make the search query more specific.
I've looked at this list of available properties, but all I can see that might work is 'ms-DFS-Last-Modified-v2', however, I'm not sure how to use it.
Any other ideas?
The code we're using to search currently is below:
PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "MYDOMAIN", "dc=MYDOMAIN,dc=co,dc=za");
UserPrincipal theuser = new UserPrincipal(domainContext);
theuser.Name = "*";
// create a principal searcher for running a search operation
PrincipalSearcher pS = new PrincipalSearcher(theuser);
// assign the query filter property for the principal object
pS.QueryFilter = theuser;
// run the query
PrincipalSearchResult<Principal> theresults = pS.FindAll();
retUsers = new List<ActiveDirectoryUser>();
List<UserPrincipal> copyUsers = new List<UserPrincipal>();
copyUsers = theresults.OfType<UserPrincipal>().Where(userresult => userresult.EmailAddress != null).ToList();
foreach (UserPrincipal result in copyUsers)
{
... process users.
}
回答1:
You should use LDAP filters, and find a few examples easy enough. I am not sure about the filter syntax for dates though. I would check documentation for that.
Edit: You can get the list of attributes by querying the schema. There aren't many examples in documentation unfortunately. Have a look at questions about Active Directory attribute listings for examples.
回答2:
This was resolved by using these LDAP filter properties:
Modified : 7/10/2014 8:35:17 AM
modifyTimeStamp : 7/10/2014 8:35:17 AM
Which were found by following the instructions from this post.
来源:https://stackoverflow.com/questions/24649579/searching-directoryservices-to-return-a-list-of-modified-users-by-date