1. Accueil
  2. Question et réponse
  3. comment interroger les modifications dans Active Directory, y compris les objets supprimés?

comment interroger les modifications dans Active Directory, y compris les objets supprimés?

2010-09-29 4 views
4

J'utilise le code ci-dessous pour rechercher les modifications apportées aux utilisateurs/unités d'organisation dans AD. Mais il ne récupère pas les objets supprimés, Toute idée d'inclure des objets supprimés dans ce domaine?comment interroger les modifications dans Active Directory, y compris les objets supprimés?

static void Main(string[] args) 
     { 
BinaryFormatter bFormat = new BinaryFormatter(); 
      byte[] cookie = null; 
      string strFileName = "cookie.bin"; 
      if (File.Exists(strFileName)) 
      { 
       using (FileStream fsStream = new FileStream(strFileName, FileMode.OpenOrCreate)) 
       { 
        cookie = (byte[])bFormat.Deserialize(fsStream); 
       } 
      } 


      string str_dcName = "xxxxx"; 
      System.DirectoryServices.DirectoryEntry rootDSE = new System.DirectoryServices.DirectoryEntry("LDAP://rootDSE"); 
      System.Net.NetworkCredential cr = new System.Net.NetworkCredential(@"xxx", "xxx", "xxx"); 
      LdapConnection connection = new LdapConnection(str_dcName); 
      connection.Credential = cr; 
      connection.Bind(); 

      string[] attribs = new string[3]; 
      attribs[0] = "name"; 
      attribs[1] = "description"; 
      attribs[2] = "objectGUID"; 

      SearchRequest request = new SearchRequest("DC=xxx,DC=xxx,DC=com", "(objectClass=*)", SearchScope.Subtree, attribs); 

      DirSyncRequestControl dirSyncRC = new DirSyncRequestControl(cookie, DirectorySynchronizationOptions.IncrementalValues, Int32.MaxValue); 
      request.Controls.Add(dirSyncRC); 

      bool bMoreData = true; 
      SearchResponse searchResponse = (SearchResponse)connection.SendRequest(request); 

      while (bMoreData) //Initial Search handler - since we're unable to combine with paged search 
      { 
       foreach (SearchResultEntry entry in searchResponse.Entries) 
       { 
        System.Collections.IDictionaryEnumerator attribEnum = entry.Attributes.GetEnumerator(); 
        while (attribEnum.MoveNext())//Iterate through the result attributes 
         { 
         //Attributes have one or more values so we iterate through all the values 
         //for each attribute 
         DirectoryAttribute subAttrib = (DirectoryAttribute)attribEnum.Value; 
         for (int ic = 0; ic < subAttrib.Count; ic++) { 
          //Attribute Name below 
          Console.WriteLine(attribEnum.Key.ToString()); 
          //Attribute Sub Value below 
          Console.WriteLine(subAttrib[ic].ToString()); 
         } 
        } 
       } 

       //Get the cookie from the response to use it in next searches 


       foreach (DirectoryControl control in searchResponse.Controls) 
       { 
        if (control is DirSyncResponseControl) 
        { 
         DirSyncResponseControl dsrc = control as DirSyncResponseControl; 
         cookie = dsrc.Cookie; 
         bMoreData = dsrc.MoreData; 
         break; 
        } 
       } 
       dirSyncRC.Cookie = cookie; 
       searchResponse = (SearchResponse)connection.SendRequest(request); 
      } 


      //Serialize the cookie into a file to use in next searches 
      using (FileStream fsStream = new FileStream(strFileName, FileMode.Create)) 
      { 
       //Serialize the data to the steam. To get the data for 
       //the cookie, call the GetDirectorySynchronizationCookie method. 
       bFormat.Serialize(fsStream, cookie); 
      } 

      Console.WriteLine("Finished search..."); 
      Console.ReadKey(); 

      }

Source

2010-09-29 kakopappa

Répondre

4
solution

est nécessaire d'ajouter isDeleted=TRUE pour demander objet

SearchRequest request = new SearchRequest("DC=xx,DC=xxx,DC=com", 
    "(|(objectClass=organizationalUnit)(isDeleted=TRUE)(objectCategory=Person))", 
    SearchScope.Subtree, attribs);

Source

2010-09-29 08:47:20 kakopappa

0

En ce qui concerne mon expérience avec SearchRequest le filtre ne fonctionnera pas à tout prix, il a sa propre question .. et à votre cas Pour obtenir des modifications sur les objets supprimés, vous devez utiliser le compte privilégié de Domain Admin ou quelque chose comme ça.

Ici, vous devez donner au compte privilégié qui a les droits complets sur le conteneur d'objets supprimés.

System.Net.NetworkCredential cr = new System.Net.NetworkCredential(@"administrator", "xxx", "xxx"); 
     LdapConnection connection = new LdapConnection(str_dcName);

Source

2013-08-06 10:20:46 kombsh

Questions connexes

 Questions connexes