从 AD 获取用户详细信息很慢

问题描述

我正在使用以下代码从特定部门获取有关员工的大量信息，并从 AD 返回列表...

Im using the following code to get a bunch of information about employees from specific departments and returning a list from AD...

虽然它有效，但似乎很慢，是否有更有效的方法从 AD 获取各种用户详细信息?

Whilst it works, it appears to be quite slow, is a there more efficient way of getting various user details from AD?

public static List<Employee> GetEmployeeListForDepartment(string departpment)
        {
            using (HostingEnvironment.Impersonate())
            {

                PrincipalContext ctx = new PrincipalContext(ContextType.Domain, domain);
                GroupPrincipal gp = GroupPrincipal.FindByIdentity(ctx, departpment);
                PrincipalSearchResult<Principal> members = gp.GetMembers();
                List<Employee> employees = new List<Employee>();
                foreach (var member in members)
                {
                    var emp = CreateEmployee(member);
                    employees.Add(emp);
                }
                return employees.OrderBy(x => x.FirstName).ToList();
            }
        }

        private static Employee CreateEmployee(Principal member)
        {
            if (member != null)
            {
                DirectoryEntry de = (member.GetUnderlyingObject() as DirectoryEntry);
                if (de != null)
                {

                    string mobile = de.Properties.Contains("mobile") ? de.Properties["mobile"][0].ToString() : "";
                    string title = de.Properties.Contains("description") ? de.Properties["description"][0].ToString() : "";

//ETC ETC...
                    return new Employee { etc.. };

                }

            }
            return new Employee();
        }

推荐答案

您的问题是您正在使用 System.DirectoryServices.AccountManagement...虽然我讨厌这样说，但可悲的是事实.AccountManagement 在后台工作的方式是它运行一个单独的 LDAP 查询来单独检索每个项目.因此，当您遍历成员时，它会通过 LDAP 为每个成员进行单独的回调.您想要做的是使用 System.DirectoryServices.DirectorySearcher 运行 LDAP 查询.

Your problem is that you are using System.DirectoryServices.AccountManagement... While I hate saying it, it's sadly the truth. The way AccountManagement works under the hood is that it runs a seperate LDAP query to retrieve each item seperately. So when you iterate through members it's making a seperate call back through LDAP for each member. What you want to do instead is run an LDAP query using System.DirectoryServices.DirectorySearcher.

我的假设是，部门是一个组，这取决于你如何使用它.这是我将如何做到的.(我的代码在 VB.Net 中......对不起).确保为您的组获取完全限定的 DN，或者提前查找并将其插入查询中.

My assumption is that department is a group, based on how you are using it. Here is how I would do it. (my code is in VB.Net... sorry). Make sure to get the fully qualified DN for your group, or look it up in advance and plug it into the query.

Dim results = LDAPQuery("(memberOf=CN=Fully,OU=Qualified,DC=Group,DC=Distinguished,DC=Name)", New String() {"mobile", "description"})

Dim emps = (from c as System.DirectoryServices.SearchResult in results _
             Select New Employee() {.Name = c.Properties("description"), .Mobile = c.Properties("mobile")}).ToList()

Public Function LDAPQuery(ByVal query As String, ByVal attributes As String()) As SearchResultCollection
    'create directory searcher from CurrentADContext (no special security available)
    Dim ds As New DirectorySearcher(System.DirectoryServices.ActiveDirectory.Domain.GetCurrentDomain().GetDirectoryEntry())
    ds.PageSize = 1000

    'set filter string
    ds.Filter = query

    'specify properties to retrieve
    ds.PropertiesToLoad.AddRange(attributes)

    'get results
    Dim results As SearchResultCollection = ds.FindAll()

    Return results
End Function

这篇关于从 AD 获取用户详细信息很慢的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！