发表新帖
发表新帖

Quick way to retrieve user information Active Directory

前端 未结
关注
5 862
佛祖请我去吃肉
佛祖请我去吃肉 2020-12-13 04:33

How to query user information from Active Directory? I have code that works, but it\'s really slow. I\'m using C#. This is the code I currently use:

    sta
相关标签:
5条回答
  • 栀梦
    2020-12-13 04:54

    Well, if you know where your user lives in the AD hierarchy (e.g. quite possibly in the "Users" container, if it's a small network), you could also bind to the user account directly, instead of searching for it.

    DirectoryEntry deUser = new DirectoryEntry("LDAP://cn=John Doe,cn=Users,dc=yourdomain,dc=com");

if (deUser != null)
{
  ... do something with your user
}

    And if you're on .NET 3.5 already, you could even use the vastly expanded System.DirectorySrevices.AccountManagement namespace with strongly typed classes for each of the most common AD objects:

    // bind to your domain
PrincipalContext pc = new PrincipalContext(ContextType.Domain, "LDAP://dc=yourdomain,dc=com");

// find the user by identity (or many other ways)
UserPrincipal user = UserPrincipal.FindByIdentity(pc, "cn=John Doe");

    There's loads of information out there on System.DirectoryServices.AccountManagement - check out this excellent article on MSDN by Joe Kaplan and Ethan Wilansky on the topic.

    0 讨论(0)
  • 小蘑菇
    2020-12-13 05:00

    The reason why your code is slow is that your LDAP query retrieves every single user object in your domain even though you're only interested in one user with a common name of "Adit":

    dSearcher.Filter = "(&(objectClass=user))";

    So to optimize, you need to narrow your LDAP query to just the user you are interested in. Try something like:

    dSearcher.Filter = "(&(objectClass=user)(cn=Adit))";

    In addition, don't forget to dispose these objects when done:

    • DirectoryEntry dEntry
    • DirectorySearcher dSearcher
    0 讨论(0)
  • 谎友^
    2020-12-13 05:01

    I'm not sure how much of your "slowness" will be due to the loop you're doing to find entries with particular attribute values, but you can remove this loop by being more specific with your filter. Try this page for some guidance ... Search Filter Syntax

    0 讨论(0)
  • 慢半拍i
    2020-12-13 05:03

    You can simplify this code to:

            DirectorySearcher searcher = new DirectorySearcher();
        searcher.Filter = "(&(objectCategory=user)(cn=steve.evans))";

        SearchResultCollection results = searcher.FindAll();

        if (results.Count == 1)
        {
            //do what you want to do
        }
        else if (results.Count == 0)
        {
            //user does not exist
        }
        else
        {
            //found more than one user
            //something is wrong
        }

    If you can narrow down where the user is you can set searcher.SearchRoot to a specific OU that you know the user is under.

    You should also use objectCategory instead of objectClass since objectCategory is indexed by default.

    You should also consider searching on an attribute other than CN. For example it might make more sense to search on the username (sAMAccountName) since it's guaranteed to be unique.

    0 讨论(0)
  • 迷失自我
    2020-12-13 05:17

    You can call UserPrincipal.FindByIdentity inside System.DirectoryServices.AccountManagement:

    using System.DirectoryServices.AccountManagement;

using (var pc = new PrincipalContext(ContextType.Domain, "MyDomainName"))
{
    var user = UserPrincipal.FindByIdentity(pc, IdentityType.SamAccountName, "MyDomainName\\" + userName);
}
    0 讨论(0)
 看不清?
提交回复
热议问题