我要和从Active Directory用户和组同步我的用户数据库。 我的应用程序读取AD对象并将其复制到数据库，但被过时，因为AD的变化。

I want to synchronize my user database with the users and groups from active directory. My application reads the objects from AD and copies them to the database but gets outdated as AD changes.

有没有一种方法可以让我得到Active Directory来通知我，当一个对象被改变了吗？ C＃示例code将是巨大的。

Is there a way I can get active directory to notify me when a object is changed ? C# sample code would be great.

法比奥·

P.S。 I'm usung Oracle数据库

P.S. I´m usung an Oracle Database

推荐答案

ActiveDirectory的用户帐户的有'whenCreated'和'whenChanged属性。如果您正在同步大量的用户帐号和性能是一个问题，那么你就可以查询的ActiveDirectory并筛选出只是那些已经改变了自上次成功同步记录。

ActiveDirectory user account's have 'whenCreated' and 'whenChanged' attributes. If you are synchronizing a lot of user accounts and performance is a concern, then you can query ActiveDirectory and filter out just those records which have changed since you last successfully synchronized.

这些属性的语法是（资本ž在到底是强制性的，表示祖鲁时间，这是一样的格林尼治标准​​时间）：

The syntax of these attributes is (The capital Z at the end is mandatory and denotes Zulu time, which is the same as GMT):

YYYY MM DD HH mm ss.s Z
2009 06 30 00 00 00.0 Z

要搜索或6月30日之后创建的所有用户，2009年，你可以使用这个LDAP查询：

To search for all users created on or after June 30th, 2009 you could use this LDAP query:

(&(objectClass=User)(whenChanged>=20090630000000.0Z))

在code做同步将需要负责记录最后synchornization时间虽然。

The code doing the synchronization will need to be responsible for logging the last synchornization time though.