Why have you had an active directory, what is an active directory, what is used: The activity directory is mainly used in a distributed environment. In a distributed environment, there are various information that can be easily accessed by various applications. Active directory is officially providing an access path to information in a distributed environment. It provides a common area to save various information in a distributed environment and position them. From the perspective of the developer, you can understand that the Active Directory is a "database" that stores specific resource information required by the application. The activity directory also optimizes the read and queries of these resource information. • Containers and non-containers: Resource information in the active directory is organized into a hierarchy. Each entity in this hierarchy is referred to as an object. In other words, when you create an object in an active directory, you create them in a hierarchy. This structure consists of two types of objects: Container and non-Container. The container can accommodate the container of the non-container or the next level. The non-container no longer contains other objects, and is therefore often become a leaf or leaf object. After installing the active directory, the operating system has automatically created a lot of Container by default, such as Users, Builtin, etc. ADSPATH, DN, RDN: The path to the hierarchical structure in the active directory is called AdsPath, which can be used to uniquely marking an object (the other unique logo object is to use the GUID). ADSPATH is commonly used as: ldap: // DC = Microsoft, DC = COM. For example, a domain is named mydomain.local, then its adspath is represented as: ldap: // DC = Mydomain, DC = LOCAL. Where DC is an abbreviation of Domain Component, it is only used to represent the root of the domain. DN is an abbreviation of Distinguished Name, RDN is an abbreviation of the Relative Distinguished Name (relatively uniquely identified). The DN is used to uniquely represent the name of an object in a complete directory information tree, and the RDN refers to the only name that represents it in the parent container of the object. Let's take an example: Adspath in the user container in the Mydomain.local domain: ldap: // cn = administrator, cn = users, dc = mydomain, dc = local, its DN is (notice that there is no LDAP) : // This prefix): cn = administrator, cn = users, DC = Mydomain, DC = LOCAL, its RDN is (ie, name in the UserS container): cn = administrator. Where CN is an abbreviation for Common Name. OU: OU is an abbreviation of Organizational Unit. OU is a container object that is mainly managed and organizes an active directory domain from a logical perspective. For example, when your company is interested in providing the sales manager to manage his entire sales department resource information, a method is to create an OU called Sales alone, and then let the sales manager realize it under the limited conditions. "Autonomous" of departmental resource information. More basic concepts, can you refer to here? About LDAP and its grammar, you can refer to "Understanding LDAP" (upper, down). Naming Context: Active directory is divided into many parts, called partition or Naming Context, referred to as NC. There are three main parts: Domain NC, Configuration NC, Schema NC. This is also the three active directory partitions that you first saw when you open Adsiedit.msc. Domain NC is used to save information about the user, group, and organizational units.
Configuration NC is used to save configuration data information in the entire domain forest. The Schema NC is responsible for saving all objects and property sets that can be created in the active directory. For example, in the Mydomain.local field, the ADSPATH of Domain NC is: ldap: // DC = Mydomain, DC = LOCAL. The adspath of Configuration NC is: ldap: // cn = Configuration, DC = Mydomain, DC = local. Schema NC's Adspath is: ldap: // cn = schema, cn = configuration, DC = mydomain, DC = local. AD program access interface Distant: System.directoryServices: System.direcotryServices Namespaces There are two main classes: DirectoryEntry and DirectorySearcher. The DirectoryEntry class is used to represent any of the objects in the active directory. You can modify its properties, move, rename, enumerate its internal sub-objects, create sub-objects, delete sub-objects, and get starters, etc. For example:? Using System.DirectoryServices; DirectoryEntry entry = new DirectoryEntry (ADsPath); Console.WriteLine (entry.Path); Console.WriteLine (entry.Name); Console.WriteLine (entry.GUID); tied for Active Directory objects The fixed path Adspath, you can use ldap: // servername / dn to bind the specified server and DN activity directory objects. In addition, DirectoryEntry can further specify usernames and passwords, or usernames and password external security verification methods for object binding. DirectoryEntry Attributes Schematic: The properties of the Active Directory object are divided into single-value attributes and multi-value properties. For example, in the above figure, CN is a single value attribute, while Memberof is a multi-value attribute. For multi-value attributes, you can use a loop statement for or foreach. DirectorySearcher directory query: DirectorySearcher instance has two main methods: FindAll () and FindOne (). FindAll () is a collection of all child objects for this object; and FindOne () gets the first sub-object query. For DirectorySearcher instances, there are three main properties of SearchRoot, SearchScope, Filter. Among them, SearchRoot represents nodes to start searching in the AD hierarchical structure; SearchScope represents search scope; while Filter represents the filter command string of the LDAP query statement, for example (& (ObjectCategory = Person) indicates that all The person object in the user object. For SearchScope, SearchScope is divided into Base, OneElevel, Subtree. Among them, base indicates the root node to which the search is to be searched; OnElegel searches in the same level; Subtree is represented in all nodes including the root node. The schematic is as follows: Using the SQLServer query analyzer query activity directory implementation method: Create a link server for AD (you can see this item in "Security" in the specific SQL Server server in the Enterprise Manager).