DirectorySearcher 过滤器如何根据最近 30 天进行限制
DirectorySearcher filter how to limit based on last 30 days
我正在 Active Directory 中搜索特定 OU 中的用户。我只获取最近 30 天内登录的用户。
我的搜索过滤器查询是:
string query = "(&(objectCategory=person)(objectClass=user)((lastLogon<=" + new DateTime(DateTime.Now.AddDays(-30).Ticks) + ")(mail=*))";
我得到搜索过滤器无效
我用过:
string query = "(&(objectCategory=person)(objectClass=user)((lastLogon=*)(mail=*))";
没有错误
我修改了上次登录如下:
(lastLogon<=1)
我正在调用执行此操作的方法
public static DataTable GetADusers() {
try {
string ou = "OU";
using(PrincipalContext ctx = new PrincipalContext(ContextType.Domain, Environment.UserDomainName, ou)) {
UserPrincipal user = new UserPrincipal(ctx);
using(PrincipalSearcher ps = new PrincipalSearcher(user)) {
DataTable results = new DataTable();
results.Columns.Add("DisplayName ");
results.Columns.Add("FirstName");
results.Columns.Add("Initial");
results.Columns.Add("LastName");
results.Columns.Add("mail");
results.Columns.Add("SamAccountName");
results.Columns.Add("DistinguishedName");
results.Columns.Add("lastLogon");
int count = 0;
int ctNull = 0;
foreach(Principal p in ps.FindAll()) {
UserPrincipal u = p as UserPrincipal;
if (u != null) {
DirectoryEntry entry = (DirectoryEntry) p.GetUnderlyingObject();
DirectorySearcher search = new DirectorySearcher(entry);
string query = "(&(objectCategory=person)(objectClass=user)((lastLogon<=" + new DateTime(DateTime.Now.AddDays( - 30).Ticks) + ")(mail=*))";
search.Filter = query;
search.PropertiesToLoad.Add("DisplayName");
search.PropertiesToLoad.Add("GivenName");
search.PropertiesToLoad.Add("Initials");
search.PropertiesToLoad.Add("sn");
search.PropertiesToLoad.Add("mail");
search.PropertiesToLoad.Add("SamAccountName");
search.PropertiesToLoad.Add("DistinguishedName");
search.PropertiesToLoad.Add("lastLogon");
SearchResultCollection mySearchResultColl = search.FindAll();
foreach(SearchResult sr in mySearchResultColl) {
DataRow dr = results.NewRow();
DirectoryEntry de = sr.GetDirectoryEntry();
dr["EmployeeID"] = de.Properties["EmployeeID"].Value;
dr["DisplayName "] = de.Properties["DisplayName"].Value;
dr["FirstName"] = de.Properties["GivenName"].Value;
dr["Initial"] = de.Properties["Initials"].Value;
dr["LastName"] = de.Properties["sn"].Value;
dr["mail"] = de.Properties["mail"].Value;
dr["SamAccountName"] = de.Properties["SamAccountName"].Value;
dr["DistinguishedName"] = de.Properties["DistinguishedName"].Value;
//prepare for last logon
if (de.Properties["lastLogon"] != null && de.Properties["lastLogon"].Count > 0) {
Int64 lastLogonThisServer = new Int64();
IADsLargeInteger lgInt = (IADsLargeInteger) de.Properties["lastLogon"].Value;
lastLogonThisServer = ((long) lgInt.HighPart << 32) + lgInt.LowPart;
dr["lastLogon"] = DateTime.FromFileTime(lastLogonThisServer).ToString();
}
else {
dr["lastLogon"] = DateTime.MinValue.ToString();
ctNull++;
}
results.Rows.Add(dr);
count++;
}
}
}
Console.WriteLine(count);
Console.WriteLine("Null");
Console.WriteLine(ctNull);
return results;
}
}
}
catch(NullReferenceException ex) {
Console.WriteLine("data error" + ex);
DataTable dt = new DataTable();
return dt;
}
}
以上功能很好用!
必须有一种方法来检查上次登录是否超过 30 天。我将不胜感激任何帮助。谢谢!
下面的答案是正确的谢谢
我必须添加以下代码才能将数据放入数据库中:
if (de.Properties["LastLogonTimestamp"] != null && de.Properties["LastLogonTimestamp"].Count > 0)
{
Int64 lastLogonDateThisServer = new Int64();
IADsLargeInteger lgInt = (IADsLargeInteger)de.Properties["LastLogonTimestamp"].Value;
lastLogonDateThisServer = ((long)lgInt.HighPart << 32) + lgInt.LowPart;
dr["LastLogonTimestamp"] = DateTime.FromFileTime(lastLogonDateThisServer).ToString();
}
else
{
dr["LastLogonTimestamp"] = DateTime.MinValue.ToString();
ctNull++;
}
我把它放在了lastLogon下面
对于查询过滤器:我必须反转 < 以获取从现在到 30 天标记的数据。
string query = "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!userAccountControl:1.2.840.113556.1.4.803:=65536)(userAccountControl:1.2.840.113556.1.4.803:=262144)(userPrincipalName=1*@mil)(lastlogon>=" + DateTime.Now.AddDays(-90).ToFileTime() + ")(lastLogonTimestamp>=" + DateTime.Now.AddDays(-90).ToFileTime() + ")(mail=*))";
在您的查询中,您在 lastLogon 前面有两个括号,当您不需要它们时:
((lastLogon<=...
这就是您收到 "search filter is invalid" 错误的原因。那应该是:
(lastLogon<=...
但是你也算错了。你有这个:
new DateTime(DateTime.Now.AddDays( - 30).Ticks)
但是lastLogon不使用刻度。
稍后在您的代码中,您将使用 FromFileTime 回读 lastLogon。同样,您可以使用 ToFileTime 将日期转换为您可以在查询中使用的格式。像这样:
DateTime.Now.AddDays(-30).ToFileTime()
但请记住,lastLogon 不会复制 - 它仅在用户验证的最后一个域控制器上准确。因此,如果您的域有多个域控制器,您将无法获得大多数帐户的准确值。
正是出于这个原因创建了 lastLogonTimestamp 属性。它至少每 2 周复制一次,因此您知道该值在 2 周内是准确的。您可以为此使用相同的格式:
string query = "(&(objectCategory=person)(objectClass=user)(lastLogonTimestamp<="
+ DateTime.Now.AddDays(-30).ToFileTime() + ")(mail=*))";
您可以在此处阅读有关 lastLogonTimestamp 属性的更多信息:https://blogs.technet.microsoft.com/askds/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works/
我正在 Active Directory 中搜索特定 OU 中的用户。我只获取最近 30 天内登录的用户。
我的搜索过滤器查询是:
string query = "(&(objectCategory=person)(objectClass=user)((lastLogon<=" + new DateTime(DateTime.Now.AddDays(-30).Ticks) + ")(mail=*))";
我得到搜索过滤器无效 我用过:
string query = "(&(objectCategory=person)(objectClass=user)((lastLogon=*)(mail=*))";
没有错误
我修改了上次登录如下:
(lastLogon<=1)
我正在调用执行此操作的方法
public static DataTable GetADusers() {
try {
string ou = "OU";
using(PrincipalContext ctx = new PrincipalContext(ContextType.Domain, Environment.UserDomainName, ou)) {
UserPrincipal user = new UserPrincipal(ctx);
using(PrincipalSearcher ps = new PrincipalSearcher(user)) {
DataTable results = new DataTable();
results.Columns.Add("DisplayName ");
results.Columns.Add("FirstName");
results.Columns.Add("Initial");
results.Columns.Add("LastName");
results.Columns.Add("mail");
results.Columns.Add("SamAccountName");
results.Columns.Add("DistinguishedName");
results.Columns.Add("lastLogon");
int count = 0;
int ctNull = 0;
foreach(Principal p in ps.FindAll()) {
UserPrincipal u = p as UserPrincipal;
if (u != null) {
DirectoryEntry entry = (DirectoryEntry) p.GetUnderlyingObject();
DirectorySearcher search = new DirectorySearcher(entry);
string query = "(&(objectCategory=person)(objectClass=user)((lastLogon<=" + new DateTime(DateTime.Now.AddDays( - 30).Ticks) + ")(mail=*))";
search.Filter = query;
search.PropertiesToLoad.Add("DisplayName");
search.PropertiesToLoad.Add("GivenName");
search.PropertiesToLoad.Add("Initials");
search.PropertiesToLoad.Add("sn");
search.PropertiesToLoad.Add("mail");
search.PropertiesToLoad.Add("SamAccountName");
search.PropertiesToLoad.Add("DistinguishedName");
search.PropertiesToLoad.Add("lastLogon");
SearchResultCollection mySearchResultColl = search.FindAll();
foreach(SearchResult sr in mySearchResultColl) {
DataRow dr = results.NewRow();
DirectoryEntry de = sr.GetDirectoryEntry();
dr["EmployeeID"] = de.Properties["EmployeeID"].Value;
dr["DisplayName "] = de.Properties["DisplayName"].Value;
dr["FirstName"] = de.Properties["GivenName"].Value;
dr["Initial"] = de.Properties["Initials"].Value;
dr["LastName"] = de.Properties["sn"].Value;
dr["mail"] = de.Properties["mail"].Value;
dr["SamAccountName"] = de.Properties["SamAccountName"].Value;
dr["DistinguishedName"] = de.Properties["DistinguishedName"].Value;
//prepare for last logon
if (de.Properties["lastLogon"] != null && de.Properties["lastLogon"].Count > 0) {
Int64 lastLogonThisServer = new Int64();
IADsLargeInteger lgInt = (IADsLargeInteger) de.Properties["lastLogon"].Value;
lastLogonThisServer = ((long) lgInt.HighPart << 32) + lgInt.LowPart;
dr["lastLogon"] = DateTime.FromFileTime(lastLogonThisServer).ToString();
}
else {
dr["lastLogon"] = DateTime.MinValue.ToString();
ctNull++;
}
results.Rows.Add(dr);
count++;
}
}
}
Console.WriteLine(count);
Console.WriteLine("Null");
Console.WriteLine(ctNull);
return results;
}
}
}
catch(NullReferenceException ex) {
Console.WriteLine("data error" + ex);
DataTable dt = new DataTable();
return dt;
}
}
以上功能很好用! 必须有一种方法来检查上次登录是否超过 30 天。我将不胜感激任何帮助。谢谢!
下面的答案是正确的谢谢
我必须添加以下代码才能将数据放入数据库中:
if (de.Properties["LastLogonTimestamp"] != null && de.Properties["LastLogonTimestamp"].Count > 0)
{
Int64 lastLogonDateThisServer = new Int64();
IADsLargeInteger lgInt = (IADsLargeInteger)de.Properties["LastLogonTimestamp"].Value;
lastLogonDateThisServer = ((long)lgInt.HighPart << 32) + lgInt.LowPart;
dr["LastLogonTimestamp"] = DateTime.FromFileTime(lastLogonDateThisServer).ToString();
}
else
{
dr["LastLogonTimestamp"] = DateTime.MinValue.ToString();
ctNull++;
}
我把它放在了lastLogon下面 对于查询过滤器:我必须反转 < 以获取从现在到 30 天标记的数据。
string query = "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(!userAccountControl:1.2.840.113556.1.4.803:=65536)(userAccountControl:1.2.840.113556.1.4.803:=262144)(userPrincipalName=1*@mil)(lastlogon>=" + DateTime.Now.AddDays(-90).ToFileTime() + ")(lastLogonTimestamp>=" + DateTime.Now.AddDays(-90).ToFileTime() + ")(mail=*))";
在您的查询中,您在 lastLogon 前面有两个括号,当您不需要它们时:
((lastLogon<=...
这就是您收到 "search filter is invalid" 错误的原因。那应该是:
(lastLogon<=...
但是你也算错了。你有这个:
new DateTime(DateTime.Now.AddDays( - 30).Ticks)
但是lastLogon不使用刻度。
稍后在您的代码中,您将使用 FromFileTime 回读 lastLogon。同样,您可以使用 ToFileTime 将日期转换为您可以在查询中使用的格式。像这样:
DateTime.Now.AddDays(-30).ToFileTime()
但请记住,lastLogon 不会复制 - 它仅在用户验证的最后一个域控制器上准确。因此,如果您的域有多个域控制器,您将无法获得大多数帐户的准确值。
正是出于这个原因创建了 lastLogonTimestamp 属性。它至少每 2 周复制一次,因此您知道该值在 2 周内是准确的。您可以为此使用相同的格式:
string query = "(&(objectCategory=person)(objectClass=user)(lastLogonTimestamp<="
+ DateTime.Now.AddDays(-30).ToFileTime() + ")(mail=*))";
您可以在此处阅读有关 lastLogonTimestamp 属性的更多信息:https://blogs.technet.microsoft.com/askds/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works/