我正在使用此搜索:
SearchRequest request = new SearchRequest("CN=Users,DC=xx,DC=xxx", "(objectclass=*)", SearchScope.OneLevel, new string[] {"isDeleted", "objectGUID", "uSNChanged"});
request.Controls.Add(new DirectoryNotificationControl());
IAsyncResult result = Connection.BeginSendRequest(
request,
PartialResultProcessing.ReturnPartialResultsAndNotifyCallback,
RunAsyncSearch, // Callback that processes responses
null
);
并且当用户被删除时它不会通知。我也尝试添加
request.Controls.Add(new ShowDeletedControl());
但这并没有帮助。我检查了
中的 tombstoneLifeTime (设置为 180)CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=xxx,DC=xxx
奇怪的是,从本教程进行的搜索仅返回一个结果:
ldap_search_ext_s(ld, "<WKGUID=18E2EA80684F11D2B9AA00C04F79F805,DC=xxx,DC=xxx>", 2, "(objectclass=*)"), attrList, 0, svrCtrls, ClntCtrls, 6000, 10000 ,&msg) Getting 1 entries: Dn: CN=Deleted Objects,DC=xxx,DC=xxx
(18E2EA80684F11D2B9AA00C04F79F805 是 CN=已删除对象的众所周知的 AD 对象 GUID)
我已向上面示例中的 LdapConnection 提供了用户的凭据,该用户是服务器上安装了所需域控制器的管理员组的成员,但这还不够。代码必须在提升的权限下运行,因此运行 Visual Studio 或“以管理员身份”代码解决了我的问题。我还可以通过以提升的权限运行 ldp.exe 查看已删除的对象。
您可以监控“已删除对象”OU 以获取已删除对象通知或整个域(dc=domain、dc=tld)。除了 DirectoryNotificationControl 之外,您还必须添加“ShowDeletedObjects”控件。
//register our search
request.Controls.Add(new DirectoryNotificationControl());//DirSyncRequestControl
request.Controls.Add(new ShowDeletedControl());//DirSyncRequestControl
//we will send this async and register our callback
//note how we would like to have partial results
IAsyncResult Result = _connection.BeginSendRequest(
request,
TimeSpan.FromSeconds(TimeOutInSeconds), //set timeout to a day...
PartialResultProcessing.ReturnPartialResultsAndNotifyCallback,
Notify,
request);
//store the hash for disposal later
//_results.Add(result);
}
希望这有帮助。 谢谢