问题
I have a .Net application that reads user from active directory that is in a specific OU (ABCUsers). The following is the code:
string DomainIP = "some domain IP";
string ContainerConnectionString = "OU=ABCUsers,DC=test,DC=com";
PrincipalContext domain = new PrincipalContext(ContextType.Domain, DomainIP, ContainerConnectionString, ContextOptions.SimpleBind);
PrincipalSearcher searcher = new PrincipalSearcher();
UserPrincipal findUser = new UserPrincipal(domain);
findUser.SamAccountName = "some username";
searcher.QueryFilter = findUser;
UserPrincipal foundUser = (UserPrincipal)searcher.FindOne();
The above code works fine, but I need to change the code so that it retrieves a user whether he/she is in OU=ABCUsers or OU=XYZUsers but not in any other OU.
回答1:
(update: reading it again)
function/loop solution
(I would nevertheless prefer the solution with the Global Catalog below, because it is much less code and more robust.)
Since it would probably not work with an OR-LDAP-search string when not using the Global Catalog as explained below, you could just kind of repeat the above (I guess working) code for the two OUs similar to this when put e.g. in a separate function (pseudo code):
UserPrincipal findUserInOu( String ou ) {
string DomainIP = "some domain IP";
string ContainerConnectionString = "OU=" + ou + ",DC=test,DC=com";
// ... above code continued
}
UserPrincipal foundUser = findUserInOu("ABCUsers");
if ( foundUser == null )
foundUser = findUserInOu("XYZUsers");
GlobalCatalog solution
As I said here, to do it with some OR-search string etc. did not work for me and it seems, you may have to use the Global Catalog service (on the default port 3268, if you have a MS Active Directory otherwise I don't know if other directory services would have this feature).
I guess you would have to specify this on the PrincipalContext which may use some other default (389?).
来源:https://stackoverflow.com/questions/42971315/finding-active-directory-users-from-2-ou