我正在尝试使用 LDAP 查询返回过去 24 小时内创建的所有计算机对象。我的代码目前如下所示:
//Declare new DirectoryEntry and DirectorySearcher
DirectoryEntry domainRoot = new DirectoryEntry("LDAP://rootDSE");
string rootOfDomain = domainRoot.Properties["rootDomainNamingContext"].Value.ToString();
DirectorySearcher dsSearch = new DirectorySearcher(rootOfDomain);
//Set the properties of the DirectorySearcher
dsSearch.Filter = "(&(objectClass=Computer)(whenCreated>" + dateFilter.ToString() + "))";
dsSearch.PageSize = 2000;
dsSearch.PropertiesToLoad.Add("distinguishedName");
dsSearch.PropertiesToLoad.Add("whenCreated");
dsSearch.PropertiesToLoad.Add("description");
dsSearch.PropertiesToLoad.Add("operatingSystem");
dsSearch.PropertiesToLoad.Add("name");
//Execute the search
SearchResultCollection computersFound = dsSearch.FindAll();
此代码不返回任何对象,并且我确定在过去 24 小时内创建了帐户。
EDIT:我用以下代码修复了这个问题:
GetCompList(DateTime.Now.AddDays(-1)); //This sets the filter to one day previous
//Declare new DirectoryEntry and DirectorySearcher
DirectoryEntry domainRoot = new DirectoryEntry("LDAP://rootDSE");
string rootOfDomain = domainRoot.Properties["rootDomainNamingContext"].Value.ToString();
DirectorySearcher dsSearch = new DirectorySearcher(rootOfDomain);
//Set the properties of the DirectorySearcher
dsSearch.Filter = "(&(objectClass=Computer)(whenCreated>=" + dateFilter.ToString("yyyyMMddHHmmss.sZ") + "))";
dsSearch.PageSize = 2000;
dsSearch.PropertiesToLoad.Add("distinguishedName");
dsSearch.PropertiesToLoad.Add("whenCreated");
dsSearch.PropertiesToLoad.Add("description");
dsSearch.PropertiesToLoad.Add("operatingSystem");
dsSearch.PropertiesToLoad.Add("name");
//Execute the search
SearchResultCollection computersFound = dsSearch.FindAll();
秘密就在于这行:
dsSearch.Filter = "(&(objectClass=Computer)(whenCreated>=" + dateFilter.ToString("yyyyMMddHHmmss.sZ") + "))";
事实证明,答案在于 whenCreated 过滤器的格式。根据这篇博文 http://blog.scottlowe.org/2006/10/11/finding-recently-created-active-directory-accounts/,whenCreated 的过滤器格式必须类似于“yyyyMMddHHmmss.sZ”,其中 Z 是相对于 UTC 的偏移量。我所做的是创建了一个名为
private void GetCompList(DateTime dateFilter) //This overloaded version of GetCompList takes a parameter of type DateTime, and only returns computers that were built after dateFilter
{
try
{
//Convert the dateFilter to a format appropriate for an LDAP query
int offset = -8;
//string strDateFilter = convertToCrazyFormat(dateFilter, offset);
//string strDateFilter = dateFilter.ToString("yyyyMMddhhmmss");
//Declare new DirectoryEntry and DirectorySearcher
DirectoryEntry domainRoot = new DirectoryEntry("LDAP://rootDSE");
string rootOfDomain = domainRoot.Properties["rootDomainNamingContext"].Value.ToString();
DirectorySearcher dsSearch = new DirectorySearcher(rootOfDomain);
//Set the properties of the DirectorySearcher
dsSearch.Filter = "(&(objectClass=Computer)(whenCreated>=" + dateFilter.ToString("yyyyMMddHHmmss.s" + offset.ToString()) + "))";
dsSearch.PageSize = 2000;
dsSearch.PropertiesToLoad.Add("distinguishedName");
dsSearch.PropertiesToLoad.Add("whenCreated");
dsSearch.PropertiesToLoad.Add("description");
dsSearch.PropertiesToLoad.Add("operatingSystem");
dsSearch.PropertiesToLoad.Add("name");
然后我这样调用该方法:
GetCompList(DateTime.Now.AddDays(-1));//Pass in a negative value that represents the time period you want objects from, in this case the last day
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)