c# - 使用 C# 在 Active Directory 中获取用户的父 OU

Question

我想检查用户是否在特定的父 OU 中。

我怎样才能做到这一点？

检查下面的代码，以清楚地了解我在寻找什么。

using System.DirectoryServices.AccountManagement;

public bool IsUserInOU(string samAccountName, string OUName){

    using (var context = new PrincipalContext(ContextType.Domain))
        {
            using (var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, samAccountName))
            {                    
                //Check if the user is in the OU specified in OUName
                //Something like:
                //return user.IsInOU(OUName);
            }
         }
}

public void TestIt_1(){
  //The parent OU of this user is "AwesomeOU"
  string samAccountName = "Joe";
  string OUName = "AwesomeOU";
  bool expected = true;
  bool actual = IsUserInOU(samAccountName, OUName);
  Assert.AreEqual(expected, actual);
}

public void TestIt_2(){
  //The parent OU of this user is "WhateverOU"
  string samAccountName = "Mike";
  string OUName = "AwesomeOU";
  bool expected = false;
  bool actual = IsUserInOU(samAccountName, OUName);
  Assert.AreEqual(expected, actual);
}

域名：

• 国家OU
  • 厉害了欧
    • 乔
  • 不管你
    • 麦克风

empi回答后的解决方案1

根据 empi 提供的信息，我编写了以下方法来提取 DistinguishedName 中的第一个 OU。完成之后，剩下的就是轻而易举了。

public static string GetOUForUser(string samAccountName)
    {
        using (var context = new PrincipalContext(ContextType.Domain))
        {
            using (var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, samAccountName))
            {
                //System.Console.WriteLine(user.DistinguishedName);
                int startIndex = user.DistinguishedName.IndexOf("OU=", 1) + 3; //+3 for  length of "OU="
                int endIndex = user.DistinguishedName.IndexOf(",", startIndex);
                var group = user.DistinguishedName.Substring((startIndex), (endIndex - startIndex));
                return group;
            }
        }
    }

JPBlanc回答后的解决方案2

public static string GetOUForUser(string samAccountName)
    {
        using (var context = new PrincipalContext(ContextType.Domain))
        {
            using (var user = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, samAccountName))
            {
                using (DirectoryEntry deUser = user.GetUnderlyingObject() as DirectoryEntry)
                {
                    using (DirectoryEntry deUserContainer = deUser.Parent)
                    {
                        return deUserContainer.Properties["Name"].Value.ToString();
                    }
                }
            }
        }
    }

Answer 1

好的@Empi 解决方案正在工作，但UserPrincipal它是建立在DirectoryEntry提供一个parent或container属性的对象上的，这些属性只为您提供您正在寻找的对象，而不使用字符串方式。

/* Retreiving a principal context
 */
PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "dom\\jpb", "MyPwd");

/* Retreive a user
 */
UserPrincipal user = UserPrincipal.FindByIdentity(domainContext, "user1");

/* Retreive the container
 */
DirectoryEntry deUser = user.GetUnderlyingObject() as DirectoryEntry;
DirectoryEntry deUserContainer = deUser.Parent;
Console.WriteLine (deUserContainer.Properties["distinguishedName"].Value);

Answer 2

此信息位于UserPrincipal.DistinguishedName中。您应该检查 DistinguishedName 是否以 "," + ou 专有名称结尾（不区分大小写）。但是，您必须知道您正在检查的 ou 的专有名称。

例如，如果 dn 为: CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM，则表示用户在OU=Sales,DC=Fabrikam,DC=COMou 中。

Answer 3

这就是我如何获得特定 AD 用户的专有名称，希望它有所帮助:-)

private static string GetDNOfUser(string user)
{
    var ctx = new PrincipalContext(ContextType.Domain, Environmentals.Domain, Environmentals.OUPath);

    //Creating object for search filter
    UserPrincipal userPrin = new UserPrincipal(ctx)
    {
        //Only getting users with the same name as the input
        Name = user
    };

    var searcher = new PrincipalSearcher
    {
        //Applying filter to query
        QueryFilter = userPrin
    };

    //Finding the user
    var results = searcher.FindOne();
    searcher.Dispose();

    //Return the distinguishedname
    return results.DistinguishedName;
}