ObjectClass and ObjectCategory:
When we are looking for an AD object, and trying to form a query, we should NEVER use ObjectClass and always use ObjectCategory. While AD objects are organized, these two attributes are used to define the object. ObjectCategory is a Single valued and is Indexed hence the queries go faster when this is used.
Example:
Computer object has a multi-valued objectClass of "top;person;organizationalPerson;user;computer" and its objectCategory is "computer".
Always use ObjectCategory in the query to begin with:
string filter = string.Format("(&(objectCategory={0})(sAMAccountName={1})(memberof={2}))", "person", userSAM, groupDNName);
private static bool IsUserMemberOfGroup3(string userSAM, string groupDNName)
{
DirectoryEntry adRoot = new DirectoryEntry("LDAP://" + "some.come");
DirectorySearcher searcher = new DirectorySearcher(adRoot);
searcher.SearchScope = SearchScope.Subtree;
searcher.ReferralChasing = ReferralChasingOption.All;
string filter = string.Format("(&(objectCategory={0})(sAMAccountName={1})(memberof={2}))", "person", userSAM, groupDNName);
searcher.Filter = filter;
SearchResultCollection result = searcher.FindAll();
return (result != null && result.Count > 0);
}
| Anil Bobba Architect 1 |
QRTP - Berrington / 5147F + 1 713-624-0825 (m) | |
********************** IMPORTANT--PLEASE READ ************************
This electronic message, including its attachments, is COMPANY CONFIDENTIAL
and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are
not the intended recipient, you are hereby notified that any use, disclosure,
copying, or distribution of this message or any of the information included
in it is unauthorized and strictly prohibited. If you have received this
message in error, please immediately notify the sender by reply e-mail and
permanently delete this message and its attachments, along with any copies
thereof. Thank you.
************************************************************************
No comments:
Post a Comment