使用 C# 检索 Active Directory 组中的所有用户

Question

如何检索给定 AD 组中的用户？

我是否首先使用域、用户名和密码来实例化 PrincipalContext？

Answer 1

首先，找到组。然后使用 GetMembers() 枚举其用户。

using (var context = new PrincipalContext( ContextType.Domain ))
{
     using (var group = GroupPrincipal.FindByIdentity( context, "groupname" ))
     {
           var users = group.GetMembers( true ); // recursively enumerate
           ...
     }
}

请注意，在 .NET 4.0 中修复了一个错误，该错误将无法枚举超过 1500 个组的成员。如果您有一个大型组，则需要使用 alternative method 以利用 System.DirectoryServices 中的旧方法。

Answer 2

查看这篇文章 Managing Directory Security Principals in the .NET Framework 3.5，详细了解您可以在 .NET 3.5 中使用 System.DirectoryServices.AccountManagement 做什么。

至于检索组的成员，您可以这样做：

// build the principal context - use the NetBIOS domain name
PrincipalContext ctx = new PrincipalContext(ContextType.Domain, "DOMAIN");

// get the group you're interested in
GroupPrincipal group = GroupPrincipal.FindByIdentity("cn=YourGroupname");

// iterate over its members
foreach(Principal p in group.Members)
{
    // do whatever you need to do to its members here            
}

希望这会有所帮助！

Answer 3

    using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.DirectoryServices.AccountManagement;

namespace ExportActiveDirectoryGroupsUsers
{
    class Program
    {
        static void Main(string[] args)
        {
            if (args == null)
            {
                Console.WriteLine("args is null, useage: ExportActiveDirectoryGroupsUsers OutputPath"); // Check for null array
            }
            else
            {
                Console.Write("args length is ");
                Console.WriteLine(args.Length); // Write array length
                for (int i = 0; i < args.Length; i++) // Loop through array
                {
                    string argument = args[i];
                    Console.Write("args index ");
                    Console.Write(i); // Write index
                    Console.Write(" is [");
                    Console.Write(argument); // Write string
                    Console.WriteLine("]");
                }
                try
                {
                    using (var ServerContext = new PrincipalContext(ContextType.Domain, ServerAddress, Username, Password))
                    {
                        /// define a "query-by-example" principal - here, we search for a GroupPrincipal 
                        GroupPrincipal qbeGroup = new GroupPrincipal(ServerContext, args[0]);

                        // create your principal searcher passing in the QBE principal    
                        PrincipalSearcher srch = new PrincipalSearcher(qbeGroup);

                        // find all matches
                        foreach (var found in srch.FindAll())
                        {
                            GroupPrincipal foundGroup = found as GroupPrincipal;

                            if (foundGroup != null)
                            {
                                // iterate over members
                                foreach (Principal p in foundGroup.GetMembers())
                                {
                                    Console.WriteLine("{0}|{1}", foundGroup.Name, p.DisplayName);
                                    // do whatever you need to do to those members
                                }
                            }

                        }
                    }
                    //Console.WriteLine("end");
                }
                catch (Exception ex)
                {
                    Console.WriteLine("Something wrong happened in the AD Query module: " + ex.ToString());
                }
                Console.ReadLine();
            }
        }
    }
}