列出所有Active Directory组

Question

以下代码列出了一些（但不是全部）Active Directory组。为什么？

我想列出所有安全组，通讯组，计算机组等。我指定了错误的objectClass？

private static void ListGroups() 
{ 
    DirectoryEntry objADAM = default(DirectoryEntry); 
    DirectoryEntry objGroupEntry = default(DirectoryEntry); 
    DirectorySearcher objSearchADAM = default(DirectorySearcher); 
    SearchResultCollection objSearchResults = default(SearchResultCollection); 
    SearchResult myResult=null; 

    objADAM = new DirectoryEntry(LDAP); 
    objADAM.RefreshCache(); 
    objSearchADAM = new DirectorySearcher(objADAM); 
    objSearchADAM.Filter = "(&(objectClass=group))"; 
    objSearchADAM.SearchScope = SearchScope.Subtree; 
    objSearchResults = objSearchADAM.FindAll(); 

    // Enumerate groups 
    try 
    { 
     fileGroups.AutoFlush = true; 
     if (objSearchResults.Count != 0) 
     { 
      foreach (SearchResult objResult in objSearchResults) 
      { 
       myResult = objResult; 
       objGroupEntry = objResult.GetDirectoryEntry(); 
       Console.WriteLine(objGroupEntry.Name); 
       fileGroups.WriteLine(objGroupEntry.Name.Substring(3)); 
      } 
     } 
     else 
     { 
      throw new Exception("No groups found"); 
     } 
    } 
    catch (PrincipalException e) 
    { 
     fileErrorLog.AutoFlush = true; 
     fileErrorLog.WriteLine(e.Message + " " + myResult.Path); 
    } 
    catch (Exception e) 
    { 
     throw new Exception(e.Message); 
    } 
} 

Answer 1

如果你在.NET 3.5或更新的，则可以使用一个PrincipalSearcher和一个“查询通过例如”主做你的搜索：

// create your domain context 
PrincipalContext ctx = new PrincipalContext(ContextType.Domain); 

// define a "query-by-example" principal - here, we search for a GroupPrincipal 
GroupPrincipal qbeGroup = new GroupPrincipal(ctx); 

// create your principal searcher passing in the QBE principal  
PrincipalSearcher srch = new PrincipalSearcher(qbeGroup); 

// find all matches 
foreach(var found in srch.FindAll()) 
{ 
    // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....   
} 

如果您尚未 - 绝对看MSDN文章Managing Directory Security Principals in the .NET Framework 3.5这很好地说明如何使新功能的最佳使用System.DirectoryServices.AccountManagement

Answer 2

尝试过滤器“（objectcategory =基团）” 实测溶液here

Answer 3

DirectoryEntry entry = new DirectoryEntry("ldap://ldap.gaurangjadia.com", "scott", "tiger"); 

DirectorySearcher dSearch = new DirectorySearcher(entry); 
dSearch.Filter = "(&(objectClass=group))"; 
dSearch.SearchScope = SearchScope.Subtree; 

SearchResultCollection results = dSearch.FindAll(); 

for (int i = 0; i < results.Count; i++) { 
    DirectoryEntry de = results[i].GetDirectoryEntry(); 

    //TODO with "de" 
} 

Answer 4

我想这和它的工作

public ArrayList GetAllGroupNames(string ipAddress, string ouPath) 
    { 
     DirectorySearcher deSearch = new DirectorySearcher(); 
     deSearch.SearchRoot = GetRootDirectoryEntry(ipAddress, ouPath); 
     deSearch.Filter = "(&(objectClass=group))"; 
     SearchResultCollection results = deSearch.FindAll(); 
     if (results.Count > 0) 
     { 
      ArrayList groupNames = new ArrayList(); 

      foreach (SearchResult group in results) 
      { 
       var entry = new DirectoryEntry(group.Path, UserName, Password); 
       string shortName = entry.Name.Substring(3, entry.Name.Length - 3); 
       groupNames.Add(shortName); 
      } 

      return groupNames; 
     } 
     else 
     { 
      return new ArrayList(); 
     } 
    } 

    private DirectoryEntry GetRootDirectoryEntry(string ipAddress, string domainPath, string username, string password) 
    { 
     var ldapPath = "LDAP://" + ipAddress + "/" + domainPath; 
     return new DirectoryEntry(ldapPath, username, password, AuthenticationTypes.Secure); 
    }