我有一个函数，获取基于用户名和域用户的全名。在ASP.NET中的线程该函数运行下模拟的用户。 当我使用目录搜索上的远程AD分支，我相信我得到的，而不是财产的SID号（无法验证它发生在不同的盒子）。

 公共字符串GetUserFullName（用户名字符串，字符串域名）
{
    的DirectoryEntry rootEntry =新的DirectoryEntry（GC：// DC =公司，DC =净）;
    字符串过滤器= string.Format("(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(userPrincipalName={0}@{1}.company.net))",用户名，域名）;
    DirectorySearcher从搜索=新DirectorySearcher从（rootEntry，过滤器，新的String [] {显示名}）;
    rootEntry.AuthenticationType = AuthenticationTypes.Secure;
    sea​​rcher.PageSize = 1000;
    sea​​rcher.ServerTimeLimit =新时间跨度（0，10，0）;
    sea​​rcher.ReferralChasing = ReferralChasingOption.All;
    sea​​rcher.Asynchronous = FALSE;

    信息搜索结果的结果= searcher.FindOne（）;
    如果（结果！= NULL）
    {
        返程（串）result.Properties [显示名] [0];
    }
    其他
    {
        抛出新的异常（Active Directory无法解决您的用户名）;
    }

}
 

解决方案

什么版本的.NET Framework，你对工作的？这则广告的东西已经更新相当广泛的.NET 3.5，并提供强类型结构为用户和组之类的东西了。

检查出优秀的文章管理目录安全主体在.NET Framework 3.5 通过我的朋友乔·卡普兰和伊桑Wilansky MSDN上。优秀的东西确实如此。

首先，你会得到一类称为UserPrincipal这是强类型的，如所有的基本属性是你的对象的属性。非常有帮助确实如此。

其次，你使用PrincipalSearcher得到一个不错的查询通过例如方​​法 - 看看乔和Ethan的文章该示例：

  //创建一个主要目的是重新presentation描述
//什么都会被搜索
UserPrincipal用户=新UserPrincipal（adPrincipalContext）;

//定义搜索的属性（可以使用通配符）
user.Enabled = FALSE;
user.Name =用户*;

//创建一个主搜索运行搜索操作
PrincipalSearcher PS =新PrincipalSearcher（）;

//指定查询筛选器属性的主要对象
//创建
//你也可以通过在用户主体
// PrincipalSearcher构造
pS.QueryFilter =用户;

//运行查询
PrincipalSearchResult＆LT;主＆GT;结果= pS.FindAll（）;

Console.WriteLine（禁用帐户以'用户'的名字：）;
的foreach（主要导致的结果）
{
    Console.WriteLine（名称：{0}，result.Name）;
}
 

如果有任何机会了，试着去.NET 3.5让您的广告东西！

马克·

I have a function that retrieves the fullname of a user based on user name and domain. This function runs in ASP.NET thread under an impersonated user. When I use Directory searcher on a remote AD branch, I believe I'm getting the SID number instead of the property (cannot verify it occurs on a different box).

public string GetUserFullName(string userName, string domainName)
{  
    DirectoryEntry rootEntry = new DirectoryEntry("GC://dc=company,dc=net");
    string filter = string.Format("(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(userPrincipalName={0}@{1}.company.net))", userName, domainName);
    DirectorySearcher searcher = new DirectorySearcher(rootEntry, filter, new string[] { "displayName" });
    rootEntry.AuthenticationType = AuthenticationTypes.Secure;
    searcher.PageSize = 1000;
    searcher.ServerTimeLimit = new TimeSpan(0, 10, 0);
    searcher.ReferralChasing = ReferralChasingOption.All;
    searcher.Asynchronous = false;

    SearchResult result = searcher.FindOne();
    if (result != null)
    {
        return (string) result.Properties["displayName"][0];
    }
    else
    {
        throw new Exception("Active Directory could not resolve your user name");
    }

}

What version of the .NET framework are you working against? The AD stuff has been revamped quite extensively in .NET 3.5, and offers strongly typed constructs for User and groups and stuff like that now.

Check out the excellent article "Managing Directory Security Principals in the .NET Framework 3.5" by my buddies Joe Kaplan and Ethan Wilansky on MSDN. Excellent stuff indeed.

First of all, you get a class called UserPrincipal which is strongly typed, e.g. all the basic properties are properties on your object. Very helpful indeed.

Secondly, you get a nice "query-by-example" method using PrincipalSearcher - check out this sample from Joe and Ethan's article:

// create a principal object representation to describe
// what will be searched 
UserPrincipal user = new UserPrincipal(adPrincipalContext);

// define the properties of the search (this can use wildcards)
user.Enabled = false;
user.Name = "user*";

// create a principal searcher for running a search operation
PrincipalSearcher pS = new PrincipalSearcher();

// assign the query filter property for the principal object 
// you created
// you can also pass the user principal in the 
// PrincipalSearcher constructor
pS.QueryFilter = user;

// run the query
PrincipalSearchResult<Principal> results = pS.FindAll();

Console.WriteLine("Disabled accounts starting with a name of 'user':");
foreach (Principal result in results)
{
    Console.WriteLine("name: {0}", result.Name);
}

If there's any chance at all, try to get to .NET 3.5 for your AD stuff !

Marc