获取 Active Directory 组的成员并检查它们是启用还

时间:2023-02-19
本文介绍了获取 Active Directory 组的成员并检查它们是启用还是禁用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

What is the fastest way to get a list of all members/users in a given AD group and determine whether or not a user is enabled (or disabled)?

We are potentially talking about 20K users, so I would like to avoid hitting the AD for each individual user.

解决方案

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

  • Managing Directory Security Principals in the .NET Framework 3.5
  • MSDN docs on System.DirectoryServices.AccountManagement

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find the group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");

// if found....
if (group != null)
{
   // iterate over members
   foreach (Principal p in group.GetMembers())
   {
      Console.WriteLine("{0}: {1}", p.StructuralObjectClass, p.DisplayName);

      // do whatever you need to do to those members
      UserPrincipal theUser = p as UserPrincipal;

      if(theUser != null)
      {
          if(theUser.IsAccountLockedOut()) 
          {
               ...
          }
          else
          {
               ...
          }
      }
   }
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!

这篇关于获取 Active Directory 组的成员并检查它们是启用还是禁用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!

上一篇:如何在 C# 中将图像文件上传到 Active Directory 用户 下一篇:如何从 Active Directory 获取用户的电子邮件地址?

相关文章

最新文章