查询具有附加属性的 Active Directory 组

Question

我可以使用以下方法查询我的 Active Directory 组：

open System.DirectoryServices.AccountManagement

let specialGroups () =
    let ctx = new PrincipalContext(
                contextType = ContextType.Domain, 
                name = "domain.net", 
                container = "DC=domain,DC=net")
    let allGroups = new GroupPrincipal(ctx, "*")
    let srch = new PrincipalSearcher(allGroups)
    [| for group in srch.FindAll() -> group |]

如何像 PowerShell 那样添加某些属性，例如 Mail？

Get-ADGroup "GROUPNAME.UG" -Properties Mail

Answer 1

您可以通过检索基础 DirectoryEntry 对象，然后访问其 Properties 集合来获取属性。这是一个为 Principal 对象定义 getProperty 函数的示例，然后使用它来过滤 "Mail" 属性:

open System.DirectoryServices
open System.DirectoryServices.AccountManagement

    let getProperty name (group: Principal) =
    let entry = group.GetUnderlyingObject() |> unbox<DirectoryEntry>
    [| for value in entry.Properties.[name] -> value |> string |]

let specialGroups () =
    let ctx = new PrincipalContext(
                contextType = ContextType.Domain, 
                name = "domain.net", 
                container = "DC=domain,DC=net")
    let allGroups = new GroupPrincipal(ctx, "*")
    let srch = new PrincipalSearcher(allGroups)
    [| for group in srch.FindAll() |> Seq.filter (getProperty "Mail" >> Array.isEmpty) -> group |]

查询具有附加属性的 Active Directory 组

Query Active Directory Groups With Additional Properties

.net

c#

f#

ldap

active-directory