Geek Answers Handbook

.NET 3.5 - System.DirectoryServices.AccountManagement - AdvancedSearchFilter in a group?

I use the System.DirectoryServices.AccountManagement API to list the groups from AD. All of these groups begin with the same prefix, so they can be easily found using the prefix and wildcard. What I would also like to do is just get the groups that have changed since the last time I checked. I have subclassed GroupPrincipal to include the whenChanged attribute, and now I use it after I pulled out the entire list of groups to filter the list. I would like to know if it is possible to do AdvancedFilterSearch on GroupPrincipal ? I understand that GroupPrincipal does not have the AdvancedFilterSearch property. I am wondering if you will add its use to the subclass of the PrincipalSearcher class. If so, the example will be enjoyable.

Thanks,

Chris McKinnon

+4
source share
1 answer

The short answer to getting only groups that have changed since the last check is that this is impossible (easy).

Each object in AD has an update sequence number attribute associated with it. When a group changes its USN changes. But not always. If you add / remove members to a group, USN will not change. It changes only when the group name or other simple properties change. In addition, the USN is unique on one domain controller. Therefore, you must be sure to always connect to the same server.

You can subscribe to changes in AD objects and receive notifications when they change, but it does not scale.

In my project, every time I paid attention to all the groups. This is not as bad as it seems that the API is really good at paginating a result set and it is not very intensive when searching for resources.

0
source

More articles:


All Articles