我期待能拉动当前OU的从Active Directory的名单我一直在寻找一些例如code网上的某个时候，但Ø似乎并没有能够得到这个工作。

I am looking to be able to pull a list of current OU's from Active Directory I have been looking at some example code online for sometime, but O don't seem to be able to get this to work.

        string defaultNamingContext;

        DirectoryEntry rootDSE = new DirectoryEntry("LDAP://RootDSE");
        defaultNamingContext = rootDSE.Properties["defaultNamingContext"].Value.ToString();
        DirectorySearcher ouSearch = new DirectorySearcher(rootDSE, "(objectClass=organizationalUnit)", 
            null, SearchScope.Subtree);

        MessageBox.Show(rootDSE.ToString());
        try
        {
            SearchResultCollection collectedResult = ouSearch.FindAll();
            foreach (SearchResult temp in collectedResult)
            {
                comboBox1.Items.Add(temp.Properties["name"][0]);
                DirectoryEntry ou = temp.GetDirectoryEntry();
            }

我得到的错误是有供应商不支持搜索，不能搜索LDAP：// RootDSE的任何想法？ 每个这些返回的搜索结果我想将它们添加到组合框。 （不要太用力）

The error I get is There provider does not support searching and cannot search LDAP://RootDSE Any Ideas? for each of those returned search results I want to add them to a combo box. (shouldn't be too hard)

推荐答案

您不能搜索的 LDAP：// RootDSE的的水平 - 这只是一个信息的地址与一些东西。它并没有真正重新present任何位置在目录中。您需要绑定到默认命名上下文第一：

You cannot search on the LDAP://RootDSE level - that's just an "informational" address with some stuff. It doesn't really represent any location in your directory. You need to bind to the default naming context first:

string defaultNamingContext;

DirectoryEntry rootDSE = new DirectoryEntry("LDAP://RootDSE");
defaultNamingContext = rootDSE.Properties["defaultNamingContext"].Value.ToString();

DirectoryEntry default = new DirectoryEntry("LDAP://" + defaultNamingContext);

DirectorySearcher ouSearch = new DirectorySearcher(default, 
                                     "(objectClass=organizationalUnit)", 
                                     null, SearchScope.Subtree);

一旦你这样做，你应该确定找到的所有OU在你的域名。

Once you do that, you should be OK to find all OU's in your domain.

另外，为了加快速度，我会建议不使用搜索对象类 - 该属性是的没有的索引中的AD。使用 objectCategory属性代替，这是索引：

And in order to speed things up, I would recommend not searching using objectClass - that property is not indexed in AD. Use objectCategory instead, which is indexed:

DirectorySearcher ouSearch = new DirectorySearcher(default, 
                                     "(objectCategory=Organizational-Unit)", 
                                     null, SearchScope.Subtree);

更新： 我发现这个过滤器是错误的 - 尽管 objectCategory属性显示为 CN =组织单位，..... 在 ADSI的浏览器，你需要指定 objectCategory属性=组织单位中寻找它的成功：

UPDATE: I discovered this filter is wrong - even though the objectCategory is shown as CN=Organizational-Unit,..... in the ADSI browser, you need to specify objectCategory=organizationalUnit in the search for it to succeed:

DirectorySearcher ouSearch = new DirectorySearcher(default, 
                                     "(objectCategory=organizationalUnit)", 
                                     null, SearchScope.Subtree);