如何查询 Active Directory 中的更改,包括已删除的

时间:2023-02-18
本文介绍了如何查询 Active Directory 中的更改,包括已删除的对象?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用以下代码查询 AD 中用户/OU 的更改.但它不会检索任何已删除的对象,知道如何在其中包含已删除的对象吗?

I am using below code to query changes to users/OUs in AD. But it doesn't retrive any deleted objects, Any idea how to include deleted objects in this ?

static void Main(string[] args)
        {
 BinaryFormatter bFormat = new BinaryFormatter();
            byte[] cookie = null;
            string strFileName = "cookie.bin";
            if (File.Exists(strFileName))
            {
                using (FileStream fsStream = new FileStream(strFileName, FileMode.OpenOrCreate))
                {
                    cookie = (byte[])bFormat.Deserialize(fsStream);
                }
            }


            string str_dcName = "xxxxx"; 
            System.DirectoryServices.DirectoryEntry rootDSE = new System.DirectoryServices.DirectoryEntry("LDAP://rootDSE");
            System.Net.NetworkCredential cr = new System.Net.NetworkCredential(@"xxx", "xxx", "xxx");
            LdapConnection connection = new LdapConnection(str_dcName);
            connection.Credential = cr;
            connection.Bind();

            string[] attribs = new string[3];
            attribs[0] = "name";
            attribs[1] = "description";
            attribs[2] = "objectGUID";

            SearchRequest request = new SearchRequest("DC=xxx,DC=xxx,DC=com", "(objectClass=*)", SearchScope.Subtree, attribs);

            DirSyncRequestControl dirSyncRC = new DirSyncRequestControl(cookie, DirectorySynchronizationOptions.IncrementalValues, Int32.MaxValue);
            request.Controls.Add(dirSyncRC);

            bool bMoreData = true;
            SearchResponse searchResponse = (SearchResponse)connection.SendRequest(request);

            while (bMoreData) //Initial Search handler - since we're unable to combine with paged search
            {
                foreach (SearchResultEntry entry in searchResponse.Entries)
                {
                    System.Collections.IDictionaryEnumerator attribEnum = entry.Attributes.GetEnumerator();
                    while (attribEnum.MoveNext())//Iterate through the result attributes
                        {
                        //Attributes have one or more values so we iterate through all the values 
                        //for each attribute
                        DirectoryAttribute subAttrib = (DirectoryAttribute)attribEnum.Value;
                        for (int ic = 0; ic < subAttrib.Count; ic++) {
                            //Attribute Name below
                            Console.WriteLine(attribEnum.Key.ToString());
                            //Attribute Sub Value below
                            Console.WriteLine(subAttrib[ic].ToString());
                        }
                    }
                }

                //Get the cookie from the response to use it in next searches


                foreach (DirectoryControl control in searchResponse.Controls)
                {
                    if (control is DirSyncResponseControl)
                    {
                        DirSyncResponseControl dsrc = control as DirSyncResponseControl;
                        cookie = dsrc.Cookie;
                        bMoreData = dsrc.MoreData;
                        break;
                    }
                }
                dirSyncRC.Cookie = cookie;
                searchResponse = (SearchResponse)connection.SendRequest(request);
            }


            //Serialize the cookie into a file to use in next searches
            using (FileStream fsStream = new FileStream(strFileName, FileMode.Create))
            {
                //Serialize the data to the steam. To get the data for 
                //the cookie, call the GetDirectorySynchronizationCookie method.
               bFormat.Serialize(fsStream, cookie);
            }

            Console.WriteLine("Finished search...");
            Console.ReadKey(); 

           }

推荐答案

解决方案是需要在请求对象中添加isDeleted=TRUE

solution is need to add isDeleted=TRUE to request object

SearchRequest request = new SearchRequest("DC=xx,DC=xxx,DC=com", 
  "(|(objectClass=organizationalUnit)(isDeleted=TRUE)(objectCategory=Person))",
  SearchScope.Subtree, attribs);

这篇关于如何查询 Active Directory 中的更改,包括已删除的对象?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!

上一篇:.NET LDAP 路径实用程序 (C#) 下一篇:DirectoryServices UserPrincipal.SetPassword 忽略密码策略

相关文章

最新文章