All geek questions in one place

How to find the global Active Directory?

I want to search for users in an Active Directory environment with a format GC://DC=xxx,DC=yyy,DC=zzz. But how can I programmatically find global directories in an arbitrary Active Directory environment? Does the domain name always match the global catalog? Any alternative ways I can try?

Note. Forest.FindAllGlobalCatalogs()returns a list of server names, but in fact I cannot use them.

Edit1: Here is what I want to do: suppose my activated directory has a domain called domain1.root.com, then I will use GC: // DC = domain1, DC = root, DC = com to search for the user. But is it always a global catalog? Should each domain have a global catalog?

Edit2: now I can search for users using the following code:

            var currentForest = Forest.GetCurrentForest();
            var globalCatalog = currentForest.FindGlobalCatalog();
            Console.WriteLine(globalCatalog.Name);
            //DirectorySearcher searcher = new DirectorySearcher("GC://"+y.Name);
            DirectorySearcher searcher = globalCatalog.GetDirectorySearcher();
            searcher.Filter = @"samaccountname=skaranth";
            Console.WriteLine(searcher.SearchRoot.Path);
            var result = searcher.FindOne();
            if(result!=null)
                Console.WriteLine(result.Properties["distinguishedname"][0]);
            searcher.Dispose();
            globalCatalog.Dispose();
            currentForest.Dispose();
+3
source share
2 answers

What exactly do you want to achieve with this?

A global catalog is a special subset of attributes that is stored on specific domain controllers. Although each domain controller has a complete set of attributes and objects for this single domain, the global catalog contains data from all domains in the AD forest.

So GC really only comes into play when you need to find things in multiple domains. If you have only one domain, GC will not help you at all.

Forest.FindAllGlobalCatalogs() , . ? , ?

- . , ... .

, : , ? ?

+4

Active Directory GC- . AD, GC .

Edit:

GC:// , , , , , . LDAP://, . , AD .

, -, userPrincipalName, cn differizedName ( ), , :

GC://domain1.root.com;(&(objectClass=user)(objectCategory=Person)(userPrincipalName=myuser));userPrincipalName,cn,distinguishedName;subtree

, LDAP://, , , , GC.

0

Source: https://habr.com/ru/post/1754017/

More articles:


All Articles