Get job title using System.DirectoryServices.Accou

2019-01-14 07:12发布

问题:

I've successfully used the AccountManagement code to retrieve basic AD information but it's only returning a very limited set of information about the returned object. How can I get extended information from AD using the AccountManagement functionality. Specifically the Job Title or title as it seems to be called in my instance of AD.

I know how to do it using the older DirectoryServices but I'd like to know how to do it using the new namespace.

回答1:

Yes, the default set of properties on UserPrincipal is quite limited - but the great part is: there's a neat extensibility story in place!

You need to define a class descending from UserPrincipal and then you can very easily get access to a lot more properties, if needed.

The skeleton would look something like this:

namespace ADExtended
{
    [DirectoryRdnPrefix("CN")]
    [DirectoryObjectClass("User")]
    public class UserPrincipalEx : UserPrincipal
    {
        // Inplement the constructor using the base class constructor. 
        public UserPrincipalEx(PrincipalContext context) : base(context)
        { }

        // Implement the constructor with initialization parameters.    
        public UserPrincipalEx(PrincipalContext context,
                             string samAccountName,
                             string password,
                             bool enabled) : base(context, samAccountName, password, enabled)
        {} 

        UserPrincipalExSearchFilter searchFilter;

        new public UserPrincipalExSearchFilter AdvancedSearchFilter
        {
            get
            {
                if (null == searchFilter)
                    searchFilter = new UserPrincipalExSearchFilter(this);

                return searchFilter;
            }
        }

        // Create the "Title" property.    
        [DirectoryProperty("title")]
        public string Title
        {
            get
            {
                if (ExtensionGet("title").Length != 1)
                    return string.Empty;

                return (string)ExtensionGet("title")[0];
            }
            set { ExtensionSet("title", value); }
        }

        // Implement the overloaded search method FindByIdentity.
        public static new UserPrincipalEx FindByIdentity(PrincipalContext context, string identityValue)
        {
            return (UserPrincipalEx)FindByIdentityWithType(context, typeof(UserPrincipalEx), identityValue);
        }

        // Implement the overloaded search method FindByIdentity. 
        public static new UserPrincipalEx FindByIdentity(PrincipalContext context, IdentityType identityType, string identityValue)
        {
            return (UserPrincipalEx)FindByIdentityWithType(context, typeof(UserPrincipalEx), identityType, identityValue);
        }
    }
}

And that's really almost all there is! The ExtensionGet and ExtensionSet methods allow you to "reach down" into the underlying directory entry and grab out all the attributes you might be interested in....

Now, in your code, use your new UserPrincipalEx class instead of UserPrincipal:

using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
    // Search the directory for the new object. 
    UserPrincipalEx myUser = UserPrincipalEx.FindByIdentity(ctx, "someUserName");

    if(myUser != null)
    { 
        // get the title which is now available on your "myUser" object!
        string title = myUser.Title;
    }
}

Read all about the System.DirectoryServices.AccountManagement namespace and its extensibility story here:

  • Managing Directory Security Principals in the .NET Framework 3.5

Update: sorry - here's the UserPrincipalExSearchFilter class - missed that one in the original post. It just shows the ability to also extend the search filters, if need be:

public class UserPrincipalExSearchFilter : AdvancedFilters
{
    public UserPrincipalExSearchFilter(Principal p) : base(p) { }

    public void LogonCount(int value, MatchType mt)
    {
        this.AdvancedFilterSet("LogonCount", value, typeof(int), mt);
    }
}


回答2:

To Augment the above I have knocked up an extension method to call ExtensionGet. It uses reflection to get hold of the protected method you would otherwise have to inherit. You might need to use this if you are returning UserPrincipalObjects from Groups.Members, for example

public static class AccountManagmentExtensions
{
    public static string ExtensionGet(this UserPrincipal up, string key)
    {
        string value = null;
        MethodInfo mi = up.GetType()
            .GetMethod("ExtensionGet", BindingFlags.NonPublic | BindingFlags.Instance);

        Func<UserPrincipal, string, object[]> extensionGet = (k,v) => 
            ((object[])mi.Invoke(k, new object[] { v }));

        if (extensionGet(up,key).Length > 0)
        {
            value = (string)extensionGet(up, key)[0]; 
        }

        return value;
    }
}