System.DirectoryServices Namespace

System.DirectoryServices 命名空間提供從 Managed 程式碼對 Active Directory 網域服務的簡易存取。 The System.DirectoryServices namespace provides easy access to Active Directory Domain Services from managed code. 命名空間包含兩個元件類別:DirectoryEntryDirectorySearcher,它們使用 Active Directory Services Interface (ADSI) 技術。 The namespace contains two component classes, DirectoryEntry and DirectorySearcher, which use the Active Directory Services Interfaces (ADSI) technology. ADSI 是一組 Microsoft 提供的介面,做為與多種網路提供者一起使用的彈性工具。 ADSI is the set of interfaces that Microsoft provides as a flexible tool for working with a variety of network providers. 不管網路的大小為何,ADSI 都可以讓系統管理員在網路上輕鬆地尋找並管理資源。 ADSI gives the administrator the ability to locate and manage resources on a network with relative ease, regardless of the size of the network.

類別

ActiveDirectoryAccessRule

ActiveDirectoryAccessRule 類別 (Class) 用於表示 Active Directory 網域服務物件之 Discretionary 存取控制清單 (DACL) 中的存取控制項目 (ACE)。The ActiveDirectoryAccessRule class is used to represent an access control entry (ACE) in the discretionary access control list (DACL) of an Active Directory Domain Services object.

ActiveDirectoryAuditRule

ActiveDirectoryAuditRule 用於在系統存取控制清單 (SACL) 上設定存取控制項目 (ACE)。The ActiveDirectoryAuditRule is used to set an access control entry (ACE) on a system access control list (SACL). ActiveDirectoryAccessRule 包含信任項,其表示為 IdentityReference 物件。The ActiveDirectoryAccessRule contains the trustee, which is represented as an IdentityReference object. 它還包含存取控制型別、存取遮罩和其他屬性 (如繼承旗標) 的相關資訊。It also contains information about the access control type, access mask, and other properties such as inheritance flags. 這個規則在 ActiveDirectorySecurity 物件上設定。This rule is set on an ActiveDirectorySecurity object. 當目錄存放區認可 ActiveDirectorySecurity 之後,其將根據在 ActiveDirectoryAuditRule 上設定的規則修改安全性描述元物件。After the ActiveDirectorySecurity is committed to the directory store, it will modify the security descriptor object according to the rules that are set on ActiveDirectoryAuditRule.

ActiveDirectorySecurity

使用 Managed ACL 程式庫的物件安全性階層以包裝目錄物件的存取控制功能。Uses the object security layer of the managed ACL library to wrap access control functionality for directory objects.

CreateChildAccessRule

CreateChildAccessRule 類別 (Class) 表示特定型別的存取規則,用於允許或拒絕 Active Directory 網域服務物件建立子物件的權限。The CreateChildAccessRule class represents a specific type of access rule that is used to allow or deny an Active Directory Domain Services object the right to create child objects.

DeleteChildAccessRule

DeleteChildAccessRule 類別 (Class) 表示特定型別的存取規則,用於允許或拒絕 Active Directory 網域服務物件刪除子物件的權限。The DeleteChildAccessRule class represents a specific type of access rule that is used to allow or deny an Active Directory Domain Services object the right to delete child objects.

DeleteTreeAccessRule

DeleteTreeAccessRule 類別 (Class) 表示特定型別的存取規則,用於允許或拒絕 Active Directory 網域服務物件刪除所有子物件的權限 (不論子物件具有何種使用權限)。The DeleteTreeAccessRule class represents a specific type of access rule that is used to allow or deny an Active Directory Domain Services object the right to delete all child objects, regardless of the permissions that the child objects have.

DirectoryEntries

包含 DirectoryEntry 物件的集合。Contains a collection of DirectoryEntry objects.

DirectoryEntry

DirectoryEntry 類別會封裝 Active Directory 網域服務階層架構中的節點或物件。The DirectoryEntry class encapsulates a node or object in the Active Directory Domain Services hierarchy.

DirectoryEntryConfiguration

DirectoryEntryConfiguration 類別提供一種直接的方式,以指定和取得用於管理目錄物件的提供者特定選項。The DirectoryEntryConfiguration class provides a direct way to specify and obtain provider-specific options for manipulating a directory object. 通常,選項會套用至基礎目錄存放區的搜尋選項。Typically, the options apply to search operations of the underlying directory store. 支援的選項是提供者特定的。The supported options are provider-specific.

DirectorySearcher

對 Active Directory 執行查詢。Performs queries against Active Directory Domain Services.

DirectoryServicesCOMException

包含呼叫 Invoke(String, Object[]) 方法時發生之錯誤的延伸錯誤資訊。Contains extended error information about an error that occurred when the Invoke(String, Object[]) method is called.

DirectoryServicesPermission

DirectoryServicesPermission 類別可讓您控制 System.DirectoryServices 的程式碼存取安全性使用權限。The DirectoryServicesPermission class allows you to control code access security permissions for System.DirectoryServices.

DirectoryServicesPermissionAttribute

允許宣告式 System.DirectoryServices 使用權限檢查。Allows declarative System.DirectoryServices permission checks.

DirectoryServicesPermissionEntry

DirectoryServicesPermissionEntry 類別 (Class) 為 System.DirectoryServices 定義程式碼存取安全性使用權限集的最小單位。The DirectoryServicesPermissionEntry class defines the smallest unit of a code access security permission set for System.DirectoryServices.

DirectoryServicesPermissionEntryCollection

包含 DirectoryServicesPermissionEntry 物件的強型別集合。Contains a strongly-typed collection of DirectoryServicesPermissionEntry objects.

DirectorySynchronization

指定如何同步網域內的目錄。Specifies how to synchronize a directory within a domain.

DirectoryVirtualListView

DirectoryVirtualListView 類別 (Class) 指定如何進行虛擬清單檢視搜尋。The DirectoryVirtualListView class specifies how to conduct a virtual list view search. 虛擬清單檢視搜尋可讓使用者以通訊錄樣式的虛擬清單檢視來檢視搜尋結果。A virtual list view search enables users to view search results as address-book style virtual list views. 它是特別為大型結果集設計的。It is specifically designed for very large result sets. 在排序目錄搜尋的連續子集中擷取搜尋資料。Search data is retrieved in contiguous subsets of a sorted directory search.

DirectoryVirtualListViewContext

指定如何建構目錄虛擬清單檢視回應。Specifies how to construct directory virtual list view response.

DSDescriptionAttribute

支援 .NET Framework 基礎結構,但不能直接從程式碼使用。Supports the .NET Framework infrastructure and is not intended to be used directly from code.

ExtendedRightAccessRule

表示特定類型的存取規則,用來允許或拒絕 Active Directory 物件的延伸權限。Represents a specific type of access rule that is used to allow or deny an Active Directory object an extended right. 延伸權限是特殊的作業,不在標準存取權限集合的範圍內。Extended rights are special operations that are not covered by the standard set of access rights. 延伸權限的範例像是 Send-As,此權限可讓使用者為另一位使用者傳送電子郵件。An example of an extended right is Send-As, which gives a user the right to send email for another user. 如需可能的延伸權限清單,請參閱延伸權限一文。For a list of possible extended rights, see the Extended Rights article. 如需延伸權限的詳細資訊,請參閱控制存取權限For more information about extended rights, see the Control Access Rights.

ListChildrenAccessRule

ListChildrenAccessRule 類別 (Class) 表示特定型別的存取規則,用於允許或拒絕 Active Directory 網域服務物件列出子物件的權限。The ListChildrenAccessRule class represents a specific type of access rule that is used to allow or deny an Active Directory Domain Services object the right to list child objects.

PropertyAccessRule

PropertyAccessRule 類別表示特定型別的存取規則,用於允許或拒絕對 Active Directory 網域服務屬性的存取。The PropertyAccessRule class represents a specific type of access rule that is used to allow or deny access to an Active Directory Domain Services property.

PropertyCollection

PropertyCollection 類別包含 DirectoryEntry 的屬性。The PropertyCollection class contains the properties of a DirectoryEntry.

PropertySetAccessRule

PropertySetAccessRule 類別代表特定類型的存取規則,用於允許或拒絕對 Active Directory 網域服務屬性集的存取。The PropertySetAccessRule class represents a specific type of access rule that is used to allow or deny access to an Active Directory Domain Services property set. 如需針對 Active Directory 網域服務所定義的屬性集清單,請參閱屬性集一文。For a list of property sets that are defined for Active Directory Domain Services, see the Property Sets article.

PropertyValueCollection

包含 DirectoryEntry 屬性的值。Contains the values of a DirectoryEntry property.

ResultPropertyCollection

包含 SearchResult 執行個體的屬性。Contains the properties of a SearchResult instance.

ResultPropertyValueCollection

包含 SearchResult 屬性的值。Contains the values of a SearchResult property.

SchemaNameCollection

包含 SchemaFilter 物件之 DirectoryEntries 屬性可以使用的結構描述名稱清單。Contains a list of the schema names that the SchemaFilter property of a DirectoryEntries object can use.

SearchResult

SearchResult 類別會封裝 Active Directory 網域服務階層架構中的節點,它是透過 DirectorySearcher 在搜尋期間所傳回的。The SearchResult class encapsulates a node in the Active Directory Domain Services hierarchy that is returned during a search through DirectorySearcher.

SearchResultCollection

SearchResultCollection 類別包含 SearchResult 查詢期間,Active Directory 階層所傳回的 DirectorySearcher 執行個體。The SearchResultCollection class contains the SearchResult instances that the Active Directory hierarchy returned during a DirectorySearcher query.

SearchWaitHandler
SortOption

指定排序搜尋結果的方法。Specifies how to sort the results of a search.

列舉

ActiveDirectoryRights

ActiveDirectoryRights 列舉型別會指定指派給 Active Directory 網域服務物件的存取權限。The ActiveDirectoryRights enumeration specifies the access rights that are assigned to an Active Directory Domain Services object.

ActiveDirectorySecurityInheritance

ActiveDirectorySecurityInheritance 列舉型別 (Enumeration) 指定是否將 ACE 資訊套用至物件及其子物件,以及套用的方式。The ActiveDirectorySecurityInheritance enumeration specifies if, and how, ACE information is applied to an object and its descendents.

AuthenticationTypes

AuthenticationTypes 列舉型別會指定用於 System.DirectoryServices 的驗證 (Authentication) 型別。The AuthenticationTypes enumeration specifies the types of authentication used in System.DirectoryServices. 這個列舉型別的 FlagsAttribute 屬性允許成員值的位元組合。This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

DereferenceAlias

DereferenceAlias 列舉型別 (Enumeration) 指定如何解析別名。 這個列舉型別提供 DerefAlias 屬性的值。This enumeration provides values for the DerefAlias property.

DirectoryServicesPermissionAccess

DirectoryServicesPermissionAccess 列舉型別 (Enumeration) 定義 System.DirectoryServices 使用權限類別使用的存取層級。 這個列舉型別的 FlagsAttribute 屬性允許成員值的位元組合。This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

DirectorySynchronizationOptions

包含決定如何同步 (Synchronize) 網域內目錄的旗標。Contains flags that determine how directories within a domain will be synchronized. 可為 Option 屬性設定這些選項。These options can be set for the Option property.

ExtendedDN

ExtendedDN 列舉指定傳回延伸辨別名稱的格式。 這個列舉可與 ExtendedDN 屬性搭配使用。This enumeration is used with the ExtendedDN property.

PasswordEncodingMethod

指定設定或變更密碼時是否使用 SSL。 這個列舉可與 PasswordEncoding 屬性搭配使用。This enumeration is used with the PasswordEncoding property.

PropertyAccess

PropertyAccess 列舉型別 (Enumeration) 與 PropertyAccessRulePropertySetAccessRule 類別 (Class) 搭配使用,以指出套用至 Active Directory 屬性或屬性集 (Property Set) 的存取類型。The PropertyAccess enumeration is used with the PropertyAccessRule and PropertySetAccessRule classes to indicate the type of access that is applied to an Active Directory property or property set.

ReferralChasingOption

ReferralChasingOption 列舉型別 (Enumeration) 指定轉介追趕是否進行和如何進行。The ReferralChasingOption enumeration specifies if and how referral chasing is pursued.

SearchScope

指定使用 DirectorySearcher 物件執行之目錄搜尋的可能範圍。Specifies the possible scopes for a directory search that is performed using the DirectorySearcher object.

SecurityMasks

指定用於檢查目錄物件之安全性資訊的可用選項。Specifies the available options for examining security information of a directory object. 這個列舉型別 (Enumeration) 要與 SecurityMasksSecurityMasks 屬性搭配使用。This enumeration is used with the SecurityMasks and SecurityMasks properties.

SortDirection

SortDirection 列舉型別 (Enumeration) 指定如何排序 Active Directory 網域服務查詢的結果。The SortDirection enumeration specifies how to sort the results of an Active Directory Domain Services query.

備註

此命名空間中的類別後可以搭配任何 Active Directory 網域服務的服務提供者。The classes in this namespace can be used with any of the Active Directory Domain Services service providers. 目前的提供者為:Internet Information Services (IIS)、 輕量型目錄存取通訊協定 (LDAP)、 Novell NetWare 目錄服務 (NDS) 和 WinNT。The current providers are: Internet Information Services (IIS), Lightweight Directory Access Protocol (LDAP), Novell NetWare Directory Service (NDS), and WinNT.

ADSI 是可讓您的應用程式互動不同的目錄,使用單一介面在網路上的 Microsoft Active Directory 網域服務的程式設計介面。ADSI is a programmatic interface for Microsoft Active Directory Domain Services that enables your applications to interact with diverse directories on a network using a single interface. 您可以使用 ADSI,來建立執行常見工作,例如備份資料庫,存取印表機,以及管理使用者帳戶的應用程式。Using ADSI, you can create applications that perform common tasks, such as backing up databases, accessing printers, and administering user accounts.

這被假設您有大致的了解 Active Directory 網域服務之前使用這些類別。It is assumed that you have a general understanding of Active Directory Domain Services before using these classes. 如需有關 Active Directory 網域服務的詳細資訊,請參閱主題Introduction to Active Directory 物件Active Directory 技術背景資料,以及下列主題:For more information on Active Directory Domain Services, see the topics Introduction to Active Directory Objects and Active Directory Technology Backgrounder, as well as the following topics:

Active Directory 網域服務使用的樹狀結構。Active Directory Domain Services use a tree structure. 在樹狀目錄中的每個節點包含一組屬性。Each node in the tree contains a set of properties. 您可以使用此命名空間來周遊、 搜尋和修改樹狀目錄中,和讀取及寫入節點的屬性。Use this namespace to traverse, search, and modify the tree, and read and write to the properties of a node.

DirectoryEntry 類別會封裝 Active Directory 網域服務階層架構中的節點或物件。The DirectoryEntry class encapsulates a node or object in the Active Directory Domain Services hierarchy. 使用這個類別的繫結至物件、 讀取屬性,及更新屬性。Use this class for binding to objects, reading properties, and updating attributes. Helper 類別,連同DirectoryEntry支援生命週期管理和瀏覽的方法,包括建立、 刪除、 重新命名、 移動一個子節點,以及列舉子系。Together with helper classes, DirectoryEntry provides support for life-cycle management and navigation methods, including creating, deleting, renaming, moving a child node, and enumerating children.

使用DirectorySearcher對 Active Directory 網域服務階層執行查詢的類別。Use the DirectorySearcher class to perform queries against the Active Directory Domain Services hierarchy. LDAP 是唯一系統提供 Active Directory 服務介面 (ADSI) 提供者支援搜尋。LDAP is the only system-supplied Active Directory Service Interfaces (ADSI) provider that supports searching.

透過 Active Directory 網域服務階層的搜尋DirectorySearcher傳回的執行個體SearchResult,其中包含執行個體中SearchResultCollection類別。A search of the Active Directory Domain Services hierarchy through DirectorySearcher returns instances of SearchResult, which are contained in an instance of the SearchResultCollection class.

注意:類別、 方法和屬性中的許多System.DirectoryServices命名空間使用LinkDemand程式碼存取安全性選項。Note: Many of the classes, methods, and properties in the System.DirectoryServices namespace use the LinkDemand code access security option. 這表示程式碼存取安全性要求只在 just-in-time 編譯期間發生,而且只能在呼叫組件上而不是整個呼叫堆疊,執行此要求。This means that the code access security demand only occurs during just-in-time compilation and that the demand is performed only on the calling assembly and not up the entire call stack. 因為這個緣故,呼叫端不應該傳遞至不受信任的程式碼會建立在執行階段的這個命名空間中的物件。Because of this, callers should not pass objects that are created from this namespace at runtime to code that is not trusted.