2011年9月26日 星期一

using C# to access active directory and pull "active" users...

Try using the DirectorySearcher class:
try 
{ 
    string path = "LDAP://xxxx/CN=Users,DC=firm,DC=xxxx,DC=com"; 
    string filter = "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"; 
    string[] propertiesToLoad = new string[1] { "name" }; 
     
    using (DirectoryEntry root = new DirectoryEntry(path, "xx\\xxxx", "xxxx")) 
    using (DirectorySearcher searcher = new DirectorySearcher(root, filter, propertiesToLoad)) 
    using (SearchResultCollection results = searcher.FindAll()) 
    { 
        foreach (SearchResult result in results) 
        { 
            string name = (string)result.Properties["name"][0]; 
            ADUsersList.Items.Add(name); 
        } 
    } 
} 
catch 
{ 
}

The search filter syntax looks a bit complicated, but basically it filters the search results to only include users - "objectCategory=person" and "objectClass=user" - and excludes disabled user accounts by performing a bitwise AND of the userAccountControl flags and the "account disabled" flag, and negating the results.
The NT user name is stored in the sAMAccountName property.
You can find the list of attributes in the MSDN documentation for the User class. You'll need to load the topic for each attribute to find the property name, which is the Ldap-Display-Name.

 found it at http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm

程式碼工作室
ERP/EIP/CMS/CHART/REPORT/SPC/EDA/雲端 系統開發整合
ASP/PHP/JSP/ASP.NET 網頁設計
技術指導顧問
信箱:paulwu0114@gmail.com
http://www.coding.com.tw

沒有留言:

張貼留言