vb.net - .Net DirectorySearcher 未检索用户对象中的所有值

问题描述

作为我正在编写的程序的一部分，我必须从当前用户的 AD 对象中检索所有用户数据。

这是我正在使用的代码...

Try
    Dim RootEntry As New DirectoryEntry("LDAP://**USER OU**")
    RootEntry.AuthenticationType = AuthenticationTypes.Secure

    Dim ds As New DirectorySearcher(RootEntry)

    ds.SizeLimit = System.Int32.MaxValue
    ds.PageSize = System.Int32.MaxValue

    ds.PropertiesToLoad.Add("cn") ' Common Name

    ' Personal
    ds.PropertiesToLoad.Add("givenName") ' Given Name
    ds.PropertiesToLoad.Add("sn") ' Surname
    ds.PropertiesToLoad.Add("fullname") ' Full Name (GN + SN)

    ' Comms
    ds.PropertiesToLoad.Add("telephoneNumber") ' Tel # (from general)
    ds.PropertiesToLoad.Add("mail") ' Email (from general)
    ds.PropertiesToLoad.Add("mobile") ' Mobile Phone (from Telephone)

    ' Job Role
    ds.PropertiesToLoad.Add("title") ' Job Title (Organisation)
    ds.PropertiesToLoad.Add("company") ' Company (Organisation)
    ds.PropertiesToLoad.Add("department") ' Department (Organisation)

    ' Address
    ds.PropertiesToLoad.Add("streetAddress")
    ds.PropertiesToLoad.Add("l") ' City
    ds.PropertiesToLoad.Add("st") ' State
    ds.PropertiesToLoad.Add("postalCode") ' Post Code
    ds.PropertiesToLoad.Add("co") ' Country

    ds.ServerTimeLimit = New TimeSpan(0, 0, 60)
    ds.SearchScope = SearchScope.Subtree

    ds.Filter = "(&(anr=" & username(1) & ")(objectCategory=person))"

    Dim searchresults As SearchResultCollection
    searchresults = ds.FindAll()

    Debug.Print("Search Results - " & searchresults.Count())

    For Each result In searchresults
        If Not result.Properties("givenName")(0) Is Nothing Then
            strForename = result.Properties("givenName")(0)
                Label1.Text = "Hello " & strForename & "!"
        End If
        If Not result.Properties("sn")(0) Is Nothing Then
                strSurname = result.Properties("sn")(0)
        End If
        If Not strSurname Is Nothing And Not strForename Is Nothing Then
                strName = result.Properties("givenName")(0) & " " & result.Properties("sn")(0)
        End If
        If Not result.Properties("title")(0) Is Nothing Then
                strTitle = result.Properties("title")(0)
        End If
        If Not result.Properties("company")(0) Is Nothing Then
                strCompany = result.Properties("company")(0)
        End If
        If Not result.Properties("department")(0) Is Nothing Then
                strDepartment = result.Properties("department")(0)
        End If

        If Not result.Properties("telephoneNumber")(0) Is Nothing Then
                strPhone = result.Properties("telephoneNumber")(0)
        End If
        If Not result.Properties("mobile")(0) Is Nothing Then
                strMobile = result.Properties("mobile")(0)
        End If
        If Not result.Properties("mail")(0) Is Nothing Then
                strEmail = result.Properties("mail")(0)
        End If

        If Not result.Properties("streetAddress")(0) Is Nothing Then
                strStreet = result.Properties("streetAddress")(0)
        End If
        If Not result.Properties("l")(0) Is Nothing Then
                strLocation = result.Properties("l")(0)
        End If
        If Not result.Properties("st")(0) Is Nothing Then
                strCounty = result.Properties("st")(0)
        End If
        If Not result.Properties("postalCode")(0) Is Nothing Then
                strPostCode = result.Properties("postalCode")(0)
        End If
        If Not result.Properties("co")(0) Is Nothing Then
                strCountry = result.Properties("co")(0)
        End If
        strAddress = strStreet
    Next

Catch ex As System.Exception
    Debug.Print(ex.Message)
End Try

如果我运行该程序，系统会返回我所有的 AD 设置，并在框中填充每个设置。

如果另一个用户运行该程序，系统只返回部分结果集，尽管项目已在他的 ADUC 属性对话框中完成。

Searcher 仅返回每个用户 1 个条目（假设它发送 SAMAccountName），但我已设置PageSize和SizeLimit值以避免 1000 项问题。

我也尝试了一个更简单的过滤器samaccountname= & username(1)，但无济于事。

我是否遇到了一些未记录/未报告的 AD 安全问题？我的帐户曾经是域管理员，但经过安全审查后不再是。

问题与计算机无关，因为如果我通过模拟在他的计算机上运行程序，我的详细信息将全部返回，反之亦然（他不是）。

标签： vb.netactive-directorydirectorysearcher