开发者

List all computers in active directory

开发者 https://www.devze.com 2022-12-09 17:24 出处:网络
Im wondering how to get a lis开发者_运维技巧t of all computers / machines / pc from active directory?

Im wondering how to get a lis开发者_运维技巧t of all computers / machines / pc from active directory?

(Trying to make this page a search engine bait, will reply myself. If someone has a better reply il accept that )


If you have a very big domain, or your domain has limits configured on how how many items can be returned per search, you might have to use paging.

using System.DirectoryServices;  //add to references

public static List<string> GetComputers()
{
    List<string> ComputerNames = new List<string>();

    DirectoryEntry entry = new DirectoryEntry("LDAP://YourActiveDirectoryDomain.no");
    DirectorySearcher mySearcher = new DirectorySearcher(entry);
    mySearcher.Filter = ("(objectClass=computer)");
    mySearcher.SizeLimit = int.MaxValue;
    mySearcher.PageSize = int.MaxValue;

    foreach(SearchResult resEnt in mySearcher.FindAll())
    {
        //"CN=SGSVG007DC"
        string ComputerName = resEnt.GetDirectoryEntry().Name;
        if (ComputerName.StartsWith("CN="))
            ComputerName = ComputerName.Remove(0,"CN=".Length);
        ComputerNames.Add(ComputerName);
    }

    mySearcher.Dispose();
    entry.Dispose();

    return ComputerNames;
}


What EKS suggested is correct, but is performing a little bit slow.

The reason for that is the call to GetDirectoryEntry() on each result. This creates a DirectoryEntry object, which is only needed if you need to modify the active directory (AD) object. It's OK if your query would return a single object, but when listing all object in AD, this greatly degrades performance.

If you only need to query AD, its better to just use the Properties collection of the result object. This will improve performance of the code several times.

This is explained in documentation for SearchResult class:

Instances of the SearchResult class are very similar to instances of DirectoryEntry class. The crucial difference is that the DirectoryEntry class retrieves its information from the Active Directory Domain Services hierarchy each time a new object is accessed, whereas the data for SearchResult is already available in the SearchResultCollection, where it gets returned from a query that is performed with the DirectorySearcher class.

Here is an example on how to use the Properties collection:

public static List<string> GetComputers()
{
    List<string> computerNames = new List<string>();

    using (DirectoryEntry entry = new DirectoryEntry("LDAP://YourActiveDirectoryDomain.no")) {
        using (DirectorySearcher mySearcher = new DirectorySearcher(entry)) {
            mySearcher.Filter = ("(objectClass=computer)");

            // No size limit, reads all objects
            mySearcher.SizeLimit = 0;

            // Read data in pages of 250 objects. Make sure this value is below the limit configured in your AD domain (if there is a limit)
            mySearcher.PageSize = 250; 

            // Let searcher know which properties are going to be used, and only load those
            mySearcher.PropertiesToLoad.Add("name");

            foreach(SearchResult resEnt in mySearcher.FindAll())
            {
                // Note: Properties can contain multiple values.
                if (resEnt.Properties["name"].Count > 0)
                {
                    string computerName = (string)resEnt.Properties["name"][0];
                    computerNames.Add(computerName);
                }
            }
        }
    }

    return computerNames;
}

Documentation for SearchResult.Properties

Note that properties can have multiple values, that is why we use Properties["name"].Count to check the number of values.

To improve things even further, use the PropertiesToLoad collection to let the searcher know what properties you are going to use in advance. This allows the searcher to only read the data that is actually going to be used.

Note that the DirectoryEntry and DirectorySearcher objects should be properly disposed in order to release all resources used. Its best done with a using clause.


An LDAP query like: (objectCategory=computer) should do the trick.


if you only want to get the enabled computers:

(&(objectclass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
0

精彩评论

暂无评论...
验证码 换一张
取 消