C#访问AD一般使用LDAP地址进行访问,可以查询对应域下方的用户信息;
基本代码如下:
string[] ldapSearchUserArr = new string[] { "userprincipalname", "userAccountControl", "sAMAccountName", "mail" }; using (DirectoryEntry adminEntry = new DirectoryEntry(ldapUrl, andminusername, adminpassword, AuthenticationTypes.Secure)) { DirectorySearcher userSearch = new DirectorySearcher(adminEntry); userSearch.SearchScope = SearchScope.Subtree; userSearch.Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" + username + "))"; userSearch.PropertiesToLoad.AddRange(ldapSearchUserArr); SearchResult searchResult = userSearch.FindOne(); if (searchResult != null) { //dosomething... } }
但是如果想要访问整个域以及子域下的用户信息就LDAP不可以了;
我们可以把ldapUrl地址改为:GC://DC=mail,DC=com 关键信息自行修改;
这样就可以访问域以及子域下方的用户信息了;
