从Active Directory中获取用户信息 [转载]

原文地址：http://www.cnblogs.com/rickie/archive/2005/07/01/184289.html

1. 从AD中检索用户信息

/// <summary>

/// This will return a DirectoryEntry object if the user does exist

/// </summary>

/// <param name="UserName"></param>

/// <returns></returns>

public static DirectoryEntry GetUser(string UserName)

{

      //create an instance of the DirectoryEntry

      DirectoryEntry de = GetDirectoryObject();

 

      //create instance of the direcory searcher

      DirectorySearcher deSearch = new DirectorySearcher();

     

      deSearch.SearchRoot =de;

      //set the search filter

      deSearch.Filter = "(&(objectClass=user)(objectCategory=person)(sAMAccountName=" + UserName + "))";

      deSearch.SearchScope = SearchScope.Subtree;

    

      //find the first instance

      SearchResult results= deSearch.FindOne();

 

      //if found then return, otherwise return Null

      if(results !=null)

      {

            de= new DirectoryEntry(results.Path,ADUser,ADPassword,AuthenticationTypes.Secure);

            //if so then return the DirectoryEntry object

            return de;

      }

      else

      {

            return null;

      }

}

 

创建DirectoryEntry对象实例，注意这里的ADUser/ADPassword不是普通用户帐户，而是具有Account Operator或Administrator的权限。 ADPath可以为空，因为轻量目录访问协议 (LDAP) 提供程序依靠 Windows定位器服务来查找客户端的最佳域控制器 (DC)。但是，要利用无服务器绑定功能，客户端必须在 Active Directory 域控制器上具有帐户，而且无服务器绑定所使用的域控制器将始终位于默认域（与执行绑定的线程的当前安全上下文关联的域）中。（From MSDN）

 

/// <summary>

/// This is an internal method for retreiving a new directoryentry object

/// </summary>

/// <returns></returns>

private static DirectoryEntry GetDirectoryObject()

{

      DirectoryEntry oDE;

     

      oDE = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthenticationTypes.Secure);

 

      return oDE;

}

 

2. 示例－简单显示AD中帐户属性及属性值

这里简单以string的形式输出:

public string GetUserInfo(string UserName)

{

      DirectoryEntry objDirEnt= ADHelper.GetUser(UserName);

      StringBuilder sbUserInfo = new StringBuilder();

 

      sbUserInfo.Append("Name = " + objDirEnt.Name + Environment.NewLine);

      sbUserInfo.Append("Path = " + objDirEnt.Path + Environment.NewLine + Environment.NewLine);

      sbUserInfo.Append("SchemaClassName = " + objDirEnt.SchemaClassName + Environment.NewLine);

      sbUserInfo.Append("***" + Environment.NewLine);

      sbUserInfo.Append("Properties:" + Environment.NewLine);

 

      foreach(String Key in objDirEnt.Properties.PropertyNames)

      {

            sbUserInfo.AppendFormat("\t{0} = ", Key);

            sbUserInfo.Append("");

            foreach(Object objValue in objDirEnt.Properties[Key])

            {

                  sbUserInfo.AppendFormat("\t\t{0}" + Environment.NewLine, objValue);

           }

      }

 

      return sbUserInfo.ToString();

}

 

也可以直接访问需要的属性：

string strFirstName = =GetProperty(userSearchResult,"givenName");

 

/// <summary>

/// This is an override that will allow a property to be extracted directly from

/// a searchresult object

/// </summary>

/// <param name="searchResult"></param>

/// <param name="PropertyName"></param>

/// <returns></returns>

public static string GetProperty(SearchResult searchResult, string PropertyName)

{

      if(searchResult.Properties.Contains(PropertyName))

      {

            return searchResult.Properties[PropertyName][0].ToString() ;

      }

      else

      {

            return string.Empty;

      }

}

 

 

具体用户界面User Interface，请参考如下Reference 1.

 

References:

1. Rickie, 更新Active Directory/Exchange Address Book的小工具

2. Craig Aroa, ADHelper - An Active Directory Class, http://www.c-sharpcorner.com/Code/2002/Sept/ADClass.asp

3. Rickie, 基于Active Directory的用户验证