System.DirectoryServices Namespace

利用 System.DirectoryServices 命名空间,可以方便地从托管代码中访问 Active Directory 域服务。 The System.DirectoryServices namespace provides easy access to Active Directory Domain Services from managed code. 该命名空间包含两个组件类,即 DirectoryEntryDirectorySearcher,它们使用 Active Directory 服务接口 (ADSI) 技术。 The namespace contains two component classes, DirectoryEntry and DirectorySearcher, which use the Active Directory Services Interfaces (ADSI) technology. ADSI 是 Microsoft 提供的一组接口,作为使用各种网络提供程序的灵活的工具。 ADSI is the set of interfaces that Microsoft provides as a flexible tool for working with a variety of network providers. 无论网络有多大,ADSI 都可以使管理员能够相对容易地定位和管理网络上的资源。 ADSI gives the administrator the ability to locate and manage resources on a network with relative ease, regardless of the size of the network.


ActiveDirectoryAccessRule 类用于表示 Active Directory 域服务对象的自由访问控制列表 (DACL) 中的访问控制项 (ACE)。 The ActiveDirectoryAccessRule class is used to represent an access control entry (ACE) in the discretionary access control list (DACL) of an Active Directory Domain Services object.


ActiveDirectoryAuditRule 用于在系统访问控制列表 (SACL) 中设置访问控制项 (ACE)。 The ActiveDirectoryAuditRule is used to set an access control entry (ACE) on a system access control list (SACL). ActiveDirectoryAccessRule 包含受信者,表示为 IdentityReference 对象。 The ActiveDirectoryAccessRule contains the trustee, which is represented as an IdentityReference object. 它还包含关于访问控制类型、访问掩码及其他属性(如继承标志)的信息。 It also contains information about the access control type, access mask, and other properties such as inheritance flags. 此规则在 ActiveDirectorySecurity 对象上设置。 This rule is set on an ActiveDirectorySecurity object. ActiveDirectorySecurity 提交至目录存储区之后,它将根据在 ActiveDirectoryAuditRule 上设置的规则修改安全说明符对象。 After the ActiveDirectorySecurity is committed to the directory store, it will modify the security descriptor object according to the rules that are set on ActiveDirectoryAuditRule.


使用托管 ACL 库的对象安全层来包装目录对象的访问控制功能。 Uses the object security layer of the managed ACL library to wrap access control functionality for directory objects.


CreateChildAccessRule 类表示一种特定类型的访问规则,该规则用于允许或拒绝某个 Active Directory 域服务对象创建子对象的权限。 The CreateChildAccessRule class represents a specific type of access rule that is used to allow or deny an Active Directory Domain Services object the right to create child objects.


DeleteChildAccessRule 类表示一种特定类型的访问规则,该规则用于允许或拒绝某个 Active Directory 域服务对象删除子对象的权限。 The DeleteChildAccessRule class represents a specific type of access rule that is used to allow or deny an Active Directory Domain Services object the right to delete child objects.


DeleteTreeAccessRule 类表示一种特定类型的访问规则,该规则用于允许或拒绝某个 Active Directory 域服务对象删除所有子对象的权限,而不管子对象拥有的权限。 The DeleteTreeAccessRule class represents a specific type of access rule that is used to allow or deny an Active Directory Domain Services object the right to delete all child objects, regardless of the permissions that the child objects have.


包含 DirectoryEntry 对象的集合。 Contains a collection of DirectoryEntry objects.


DirectoryEntry 类可封装 Active Directory 域服务层次结构中的节点或对象。 The DirectoryEntry class encapsulates a node or object in the Active Directory Domain Services hierarchy.


DirectoryEntryConfiguration 类提供指定和获取提供程序特定选项以用于操作目录对象的直接方法。 The DirectoryEntryConfiguration class provides a direct way to specify and obtain provider-specific options for manipulating a directory object. 通常,这些选项应用于基础目录存储的搜索操作。 Typically, the options apply to search operations of the underlying directory store. 受支持选项均特定于提供程序。 The supported options are provider-specific.


对 Active Directory 域服务执行查询。 Performs queries against Active Directory Domain Services.


包含扩展错误信息,指明调用 Invoke(String, Object[]) 方法时发生错误。 Contains extended error information about an error that occurred when the Invoke(String, Object[]) method is called.


DirectoryServicesPermission 类允许您控制 System.DirectoryServices 的代码访问安全权限。 The DirectoryServicesPermission class allows you to control code access security permissions for System.DirectoryServices.


允许进行声明 System.DirectoryServices 权限检查。 Allows declarative System.DirectoryServices permission checks.


DirectoryServicesPermissionEntry 类定义 System.DirectoryServices 的代码访问安全权限集的最小单位。 The DirectoryServicesPermissionEntry class defines the smallest unit of a code access security permission set for System.DirectoryServices.


包含 DirectoryServicesPermissionEntry 对象的强类型集合。 Contains a strongly-typed collection of DirectoryServicesPermissionEntry objects.


指定如何在域中同步目录。 Specifies how to synchronize a directory within a domain.


DirectoryVirtualListView 类指定如何进行虚拟列表视图搜索。 The DirectoryVirtualListView class specifies how to conduct a virtual list view search. 虚拟列表视图搜索允许用户以通讯簿样式的虚拟列表视图效果查看搜索结果。 A virtual list view search enables users to view search results as address-book style virtual list views. 它是专门针对特别大的结果集而设计的。 It is specifically designed for very large result sets. 在排序目录搜索的连续子集中检索搜索数据。 Search data is retrieved in contiguous subsets of a sorted directory search.


指定如何构造目录虚拟列表视图响应。 Specifies how to construct directory virtual list view response.


支持 .NET Framework 基础结构,并且不打算从代码中直接使用。 Supports the .NET Framework infrastructure and is not intended to be used directly from code.


表示一种特定类型的访问规则,它用于允许或拒绝 Active Directory 对象具有扩展权限。 Represents a specific type of access rule that is used to allow or deny an Active Directory object an extended right. 扩展权限是标准访问权限集未包括的特殊操作。 Extended rights are special operations that are not covered by the standard set of access rights. 扩展权限的一个示例是 Send-As,它为用户授予向其他用户发送电子邮件的权限。 An example of an extended right is Send-As, which gives a user the right to send email for another user. 有关可能的扩展权限的列表,请参阅 上 MSDN Library 中的主题扩展权限 For a list of possible extended rights, see the topic Extended Rights in the MSDN Library at 有关扩展权限的详细信息,请参阅同样位于 MSDN Library 中的主题控制访问权限 For more information about extended rights, see the topic Control Access Rights, also in the MSDN Library.


ListChildrenAccessRule 类表示一种特定类型的访问规则,该规则用于允许或拒绝某个 Active Directory 域服务对象列出子对象的权限。 The ListChildrenAccessRule class represents a specific type of access rule that is used to allow or deny an Active Directory Domain Services object the right to list child objects.


PropertyAccessRule 类表示一种特定类型的访问规则,该规则用于允许或拒绝对 Active Directory 域服务属性的访问。 The PropertyAccessRule class represents a specific type of access rule that is used to allow or deny access to an Active Directory Domain Services property.


PropertyCollection 类包含 DirectoryEntry 的属性。 The PropertyCollection class contains the properties of a DirectoryEntry.


PropertySetAccessRule 类表示特定类型的访问规则,该规则用于允许或拒绝对 Active Directory 域服务属性集的访问。 The PropertySetAccessRule class represents a specific type of access rule that is used to allow or deny access to an Active Directory Domain Services property set. 有关为 Active Directory 域服务定义的属性集的列表,请参阅 上 MSDN Library 中的主题属性集 For a list of property sets that are defined for Active Directory Domain Services, see the topic Property Sets in the MSDN Library at


包含 DirectoryEntry 属性的值。 Contains the values of a DirectoryEntry property.


包含 SearchResult 实例的属性。 Contains the properties of a SearchResult instance.


包含 SearchResult 属性的值。 Contains the values of a SearchResult property.


包含可以由 SchemaFilter 对象的 DirectoryEntries 属性使用的架构名列表。 Contains a list of the schema names that the SchemaFilter property of a DirectoryEntries object can use.


SearchResult 类可封装在通过 DirectorySearcher 进行搜索期间返回的、Active Directory 域服务层次结构中的节点。 The SearchResult class encapsulates a node in the Active Directory Domain Services hierarchy that is returned during a search through DirectorySearcher.


SearchResultCollection 类包含在 DirectorySearcher 查询过程中由 Active Directory 层次结构返回的 SearchResult 实例。 The SearchResultCollection class contains the SearchResult instances that the Active Directory hierarchy returned during a DirectorySearcher query.


指定如何对搜索结果进行排序。 Specifies how to sort the results of a search.



ActiveDirectoryRights 枚举指定分配给 Active Directory 域服务对象的访问权限。 The ActiveDirectoryRights enumeration specifies the access rights that are assigned to an Active Directory Domain Services object.


ActiveDirectorySecurityInheritance 枚举指定 ACE 信息是否以及如何应用到对象及其子代。 The ActiveDirectorySecurityInheritance enumeration specifies if, and how, ACE information is applied to an object and its descendents.


AuthenticationTypes 枚举指定在 System.DirectoryServices 中使用的身份验证类型。 The AuthenticationTypes enumeration specifies the types of authentication used in System.DirectoryServices. 此枚举有一个允许其成员值按位组合的 FlagsAttribute 属性。 This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.


DereferenceAlias 枚举指定如何解析别名。 该枚举提供 DerefAlias 属性的值。This enumeration provides values for the DerefAlias property.


DirectoryServicesPermissionAccess 枚举定义 System.DirectoryServices 权限类使用的访问级别。 The DirectoryServicesPermissionAccess enumeration defines access levels that are used by System.DirectoryServices permission classes. 此枚举有一个允许其成员值按位组合的 FlagsAttribute 属性。 This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.


包含确定域内的目录的同步方式的标志。 Contains flags that determine how directories within a domain will be synchronized. 可以为 Option 属性设置这些选项。 These options can be set for the Option property.


ExtendedDN 枚举指定返回扩展识别名的格式。 此枚举与 ExtendedDN 属性一起使用。This enumeration is used with the ExtendedDN property.


指定设置或更改密码时是否使用 SSL。 此枚举与 PasswordEncoding 属性一起使用。This enumeration is used with the PasswordEncoding property.


PropertyAccess 枚举与 PropertyAccessRulePropertySetAccessRule 类一起使用,以指示应用于 Active Directory 属性或属性集的访问类型。 The PropertyAccess enumeration is used with the PropertyAccessRule and PropertySetAccessRule classes to indicate the type of access that is applied to an Active Directory property or property set.


ReferralChasingOption 枚举指定是否以及如何追踪检索跟踪。 The ReferralChasingOption enumeration specifies if and how referral chasing is pursued.


指定使用 DirectorySearcher 对象执行的目录搜索的可能范围。 Specifies the possible scopes for a directory search that is performed using the DirectorySearcher object.


指定检查目录对象的安全信息时的可用选项。 Specifies the available options for examining security information of a directory object. 此枚举与 SecurityMasksSecurityMasks 属性一起使用。 This enumeration is used with the SecurityMasks and SecurityMasks properties.


SortDirection 枚举指定如何对 Active Directory 域服务查询的结果进行排序。 The SortDirection enumeration specifies how to sort the results of an Active Directory Domain Services query.


此命名空间中的类可以用于任何 Active Directory 域服务服务提供商。The classes in this namespace can be used with any of the Active Directory Domain Services service providers. 当前提供程序是: Internet 信息服务 (IIS)、 轻型目录访问协议 (LDAP)、 Novell NetWare 目录服务 (NDS) 和 WinNT。The current providers are: Internet Information Services (IIS), Lightweight Directory Access Protocol (LDAP), Novell NetWare Directory Service (NDS), and WinNT.

ADSI 是 Microsoft Active Directory 域服务,使您的应用程序与使用单个接口在网络上的各种目录进行交互的编程接口。ADSI is a programmatic interface for Microsoft Active Directory Domain Services that enables your applications to interact with diverse directories on a network using a single interface. 使用 ADSI,可以创建执行常见任务,如备份数据库、 访问打印机,以及管理用户帐户的应用程序。Using ADSI, you can create applications that perform common tasks, such as backing up databases, accessing printers, and administering user accounts.

假定您具有的 Active Directory 域服务之前使用这些类有一个大致了解。It is assumed that you have a general understanding of Active Directory Domain Services before using these classes. Active Directory 域服务的详细信息,请参阅主题Active Directory 对象简介Active Directory 技术背景知识中的以下主题以及上的 MSDN library :For more information on Active Directory Domain Services, see the topics Introduction to Active Directory Objects and Active Directory Technology Backgrounder, as well as the following topics in the MSDN library at

Active Directory 域服务使用树状结构。Active Directory Domain Services use a tree structure. 在树中的每个节点包含一组属性。Each node in the tree contains a set of properties. 使用此命名空间来遍历、 搜索和修改树,并读取和写入到的节点的属性。Use this namespace to traverse, search, and modify the tree, and read and write to the properties of a node.

DirectoryEntry 类可封装 Active Directory 域服务层次结构中的节点或对象。The DirectoryEntry class encapsulates a node or object in the Active Directory Domain Services hierarchy. 使用此类用于绑定到对象、 读取属性和更新属性。Use this class for binding to objects, reading properties, and updating attributes. 帮助器类,以及DirectoryEntry生命周期管理和导航的方法,包括创建、 删除、 重命名、 移动子节点,和枚举子级提供支持。Together with helper classes, DirectoryEntry provides support for life-cycle management and navigation methods, including creating, deleting, renaming, moving a child node, and enumerating children.

使用DirectorySearcher类执行针对 Active Directory 域服务层次结构的查询。Use the DirectorySearcher class to perform queries against the Active Directory Domain Services hierarchy. LDAP 是唯一系统提供 Active Directory 服务接口 (ADSI) 提供程序支持搜索。LDAP is the only system-supplied Active Directory Service Interfaces (ADSI) provider that supports searching.

通过在 Active Directory 域服务层次结构中的搜索DirectorySearcher返回的实例SearchResult,其中包含的实例中SearchResultCollection类。A search of the Active Directory Domain Services hierarchy through DirectorySearcher returns instances of SearchResult, which are contained in an instance of the SearchResultCollection class.

注意: 类、 方法和属性中的许多System.DirectoryServices命名空间使用LinkDemand代码访问安全选项。Note: Many of the classes, methods, and properties in the System.DirectoryServices namespace use the LinkDemand code access security option. 这意味着代码访问安全性要求仅发生在实时编译期间,仅在调用程序集和不在整个调用堆栈中向上执行该要求。This means that the code access security demand only occurs during just-in-time compilation and that the demand is performed only on the calling assembly and not up the entire call stack. 正因为如此,调用方不应传递到不受信任的代码创建在运行时此命名空间中的对象。Because of this, callers should not pass objects that are created from this namespace at runtime to code that is not trusted.