问题
Is there a way in AD Query syntax, to find an OU's full path by searching on its partial path?
For example, the full path to my OU is:
OU=Clerks,OU=OfficeA,OU=Administration,DC=domain,DC=local
Now, I'd like to try and search and find that object by using the partial path:
OU=Clerks,OU=OfficeA
I'd like to be able to search something like:
(&(objectCategory=organizationalUnit)(path=Clerks/OfficeA*))
I can't find any syntax examples of how to accomplish something like this. A program I'm developing requires that I get the paths to a lot of OU's which all have a common structure in the last two levels of OU's, however they can be nested at any given depth in the domain otherwise. If I can search somehow like this, it would be easy to get the full path just searching by the last two OU nested levels.
回答1:
The thing you want to do exists on pure LDAP implementation it's a feature called ExtensibleMatch wich seems to be correctly explained in this wiki article . You will also found something helpfull examples here.
But it's not present in Active-Directory
So here is a method writen in C# that exploit the Parent propertie of a DirectoryEntry.
static List<DirectoryEntry> OuInTheFormOf(DirectoryEntry deBase, string ou1, string ou2)
{
List<DirectoryEntry> deList = null;
/* Directory Search
*/
DirectorySearcher dsLookFor = new DirectorySearcher(deBase);
dsLookFor.Filter = ou1;
dsLookFor.SearchScope = SearchScope.Subtree;
dsLookFor.PropertiesToLoad.Add("ou");
SearchResultCollection srcOUs = dsLookFor.FindAll();
if (srcOUs.Count != 0)
{
deList = new List<DirectoryEntry>();
foreach (SearchResult srOU in srcOUs)
{
DirectoryEntry deOU = srOU.GetDirectoryEntry();
if (deOU.Parent.Name.ToUpper() == ou2.ToUpper())
deList.Add(deOU);
}
}
return deList;
}
Here is the usage :
/* Connection to Active Directory
*/
DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/dc=dom,dc=fr");
List<DirectoryEntry> l = OuInTheFormOf(deBase, "ou=Clerks", "ou=OfficeA");
foreach (DirectoryEntry deTmp in l)
{
Console.WriteLine(deTmp.Properties["distinguishedName"].Value);
}
来源:https://stackoverflow.com/questions/5872838/search-active-directory-for-an-ou-using-a-partial-path-to-the-ou