我正在使用以下代码查询 AD 中用户/OU 的更改.但它不会检索任何已删除的对象,知道如何在其中包含已删除的对象吗?
I am using below code to query changes to users/OUs in AD. But it doesn't retrive any deleted objects, Any idea how to include deleted objects in this ?
static void Main(string[] args)
{
BinaryFormatter bFormat = new BinaryFormatter();
byte[] cookie = null;
string strFileName = "cookie.bin";
if (File.Exists(strFileName))
{
using (FileStream fsStream = new FileStream(strFileName, FileMode.OpenOrCreate))
{
cookie = (byte[])bFormat.Deserialize(fsStream);
}
}
string str_dcName = "xxxxx";
System.DirectoryServices.DirectoryEntry rootDSE = new System.DirectoryServices.DirectoryEntry("LDAP://rootDSE");
System.Net.NetworkCredential cr = new System.Net.NetworkCredential(@"xxx", "xxx", "xxx");
LdapConnection connection = new LdapConnection(str_dcName);
connection.Credential = cr;
connection.Bind();
string[] attribs = new string[3];
attribs[0] = "name";
attribs[1] = "description";
attribs[2] = "objectGUID";
SearchRequest request = new SearchRequest("DC=xxx,DC=xxx,DC=com", "(objectClass=*)", SearchScope.Subtree, attribs);
DirSyncRequestControl dirSyncRC = new DirSyncRequestControl(cookie, DirectorySynchronizationOptions.IncrementalValues, Int32.MaxValue);
request.Controls.Add(dirSyncRC);
bool bMoreData = true;
SearchResponse searchResponse = (SearchResponse)connection.SendRequest(request);
while (bMoreData) //Initial Search handler - since we're unable to combine with paged search
{
foreach (SearchResultEntry entry in searchResponse.Entries)
{
System.Collections.IDictionaryEnumerator attribEnum = entry.Attributes.GetEnumerator();
while (attribEnum.MoveNext())//Iterate through the result attributes
{
//Attributes have one or more values so we iterate through all the values
//for each attribute
DirectoryAttribute subAttrib = (DirectoryAttribute)attribEnum.Value;
for (int ic = 0; ic < subAttrib.Count; ic++) {
//Attribute Name below
Console.WriteLine(attribEnum.Key.ToString());
//Attribute Sub Value below
Console.WriteLine(subAttrib[ic].ToString());
}
}
}
//Get the cookie from the response to use it in next searches
foreach (DirectoryControl control in searchResponse.Controls)
{
if (control is DirSyncResponseControl)
{
DirSyncResponseControl dsrc = control as DirSyncResponseControl;
cookie = dsrc.Cookie;
bMoreData = dsrc.MoreData;
break;
}
}
dirSyncRC.Cookie = cookie;
searchResponse = (SearchResponse)connection.SendRequest(request);
}
//Serialize the cookie into a file to use in next searches
using (FileStream fsStream = new FileStream(strFileName, FileMode.Create))
{
//Serialize the data to the steam. To get the data for
//the cookie, call the GetDirectorySynchronizationCookie method.
bFormat.Serialize(fsStream, cookie);
}
Console.WriteLine("Finished search...");
Console.ReadKey();
}
解决方案是需要在请求对象中添加isDeleted=TRUE
solution is need to add isDeleted=TRUE
to request object
SearchRequest request = new SearchRequest("DC=xx,DC=xxx,DC=com",
"(|(objectClass=organizationalUnit)(isDeleted=TRUE)(objectCategory=Person))",
SearchScope.Subtree, attribs);
这篇关于如何查询 Active Directory 中的更改,包括已删除的对象?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!