System.DirectoryServices 命名空間

System.DirectoryServices 命名空間提供從 Managed 程式碼對 Active Directory 網域服務的簡易存取。 The System.DirectoryServices namespace provides easy access to Active Directory Domain Services from managed code. 命名空間包含兩個元件類別:DirectoryEntryDirectorySearcher,它們使用 Active Directory Services Interface (ADSI) 技術。 The namespace contains two component classes, DirectoryEntry and DirectorySearcher, which use the Active Directory Services Interfaces (ADSI) technology. ADSI 是一組 Microsoft 提供的介面,做為與多種網路提供者一起使用的彈性工具。 ADSI is the set of interfaces that Microsoft provides as a flexible tool for working with a variety of network providers. 不管網路的大小為何,ADSI 都可以讓系統管理員在網路上輕鬆地尋找並管理資源。 ADSI gives the administrator the ability to locate and manage resources on a network with relative ease, regardless of the size of the network.



ActiveDirectoryAccessRule 類別 (Class) 用於表示 Active Directory 網域服務物件之 Discretionary 存取控制清單 (DACL) 中的存取控制項目 (ACE)。The ActiveDirectoryAccessRule class is used to represent an access control entry (ACE) in the discretionary access control list (DACL) of an Active Directory Domain Services object.


ActiveDirectoryAuditRule 用於在系統存取控制清單 (SACL) 上設定存取控制項目 (ACE)。The ActiveDirectoryAuditRule is used to set an access control entry (ACE) on a system access control list (SACL). ActiveDirectoryAccessRule 包含信任項,其表示為 IdentityReference 物件。The ActiveDirectoryAccessRule contains the trustee, which is represented as an IdentityReference object. 它還包含存取控制型別、存取遮罩和其他屬性 (如繼承旗標) 的相關資訊。It also contains information about the access control type, access mask, and other properties such as inheritance flags. 這個規則在 ActiveDirectorySecurity 物件上設定。This rule is set on an ActiveDirectorySecurity object. 當目錄存放區認可 ActiveDirectorySecurity 之後,其將根據在 ActiveDirectoryAuditRule 上設定的規則修改安全性描述元物件。After the ActiveDirectorySecurity is committed to the directory store, it will modify the security descriptor object according to the rules that are set on ActiveDirectoryAuditRule.


使用 Managed ACL 程式庫的物件安全性階層以包裝目錄物件的存取控制功能。Uses the object security layer of the managed ACL library to wrap access control functionality for directory objects.


CreateChildAccessRule 類別 (Class) 表示特定型別的存取規則,用於允許或拒絕 Active Directory 網域服務物件建立子物件的權限。The CreateChildAccessRule class represents a specific type of access rule that is used to allow or deny an Active Directory Domain Services object the right to create child objects.


DeleteChildAccessRule 類別 (Class) 表示特定型別的存取規則,用於允許或拒絕 Active Directory 網域服務物件刪除子物件的權限。The DeleteChildAccessRule class represents a specific type of access rule that is used to allow or deny an Active Directory Domain Services object the right to delete child objects.


DeleteTreeAccessRule 類別 (Class) 表示特定型別的存取規則,用於允許或拒絕 Active Directory 網域服務物件刪除所有子物件的權限 (不論子物件具有何種使用權限)。The DeleteTreeAccessRule class represents a specific type of access rule that is used to allow or deny an Active Directory Domain Services object the right to delete all child objects, regardless of the permissions that the child objects have.


包含 DirectoryEntry 物件的集合。Contains a collection of DirectoryEntry objects.


DirectoryEntry 類別會封裝 Active Directory 網域服務階層架構中的節點或物件。The DirectoryEntry class encapsulates a node or object in the Active Directory Domain Services hierarchy.


DirectoryEntryConfiguration 類別提供一種直接的方式,以指定和取得用於管理目錄物件的提供者特定選項。The DirectoryEntryConfiguration class provides a direct way to specify and obtain provider-specific options for manipulating a directory object. 通常,選項會套用至基礎目錄存放區的搜尋選項。Typically, the options apply to search operations of the underlying directory store. 支援的選項是提供者特定的。The supported options are provider-specific.


對 Active Directory 執行查詢。Performs queries against Active Directory Domain Services.


包含呼叫 Invoke(String, Object[]) 方法時發生之錯誤的延伸錯誤資訊。Contains extended error information about an error that occurred when the Invoke(String, Object[]) method is called.


DirectoryServicesPermission 類別可讓您控制 System.DirectoryServices 的程式碼存取安全性使用權限。The DirectoryServicesPermission class allows you to control code access security permissions for System.DirectoryServices.


允許宣告式 System.DirectoryServices 使用權限檢查。Allows declarative System.DirectoryServices permission checks.


DirectoryServicesPermissionEntry 類別 (Class) 為 System.DirectoryServices 定義程式碼存取安全性使用權限集的最小單位。The DirectoryServicesPermissionEntry class defines the smallest unit of a code access security permission set for System.DirectoryServices.


包含 DirectoryServicesPermissionEntry 物件的強類型集合。Contains a strongly-typed collection of DirectoryServicesPermissionEntry objects.


指定如何同步網域內的目錄。Specifies how to synchronize a directory within a domain.


DirectoryVirtualListView 類別 (Class) 指定如何進行虛擬清單檢視搜尋。The DirectoryVirtualListView class specifies how to conduct a virtual list view search. 虛擬清單檢視搜尋可讓使用者以通訊錄樣式的虛擬清單檢視來檢視搜尋結果。A virtual list view search enables users to view search results as address-book style virtual list views. 它是特別為大型結果集設計的。It is specifically designed for very large result sets. 在排序目錄搜尋的連續子集中擷取搜尋資料。Search data is retrieved in contiguous subsets of a sorted directory search.


指定如何建構目錄虛擬清單檢視回應。Specifies how to construct directory virtual list view response.


支援 .NET Framework 基礎結構,但不能直接從程式碼使用。Supports the .NET Framework infrastructure and is not intended to be used directly from code.


表示特定類型的存取規則,用來允許或拒絕 Active Directory 物件的延伸權限。Represents a specific type of access rule that is used to allow or deny an Active Directory object an extended right. 延伸權限是特殊的作業,不在標準存取權限集合的範圍內。Extended rights are special operations that are not covered by the standard set of access rights. 延伸權限的範例像是 Send-As,此權限可讓使用者為另一位使用者傳送電子郵件。An example of an extended right is Send-As, which gives a user the right to send email for another user. 如需可能的延伸權限清單,請參閱延伸權限一文。For a list of possible extended rights, see the Extended Rights article. 如需延伸權限的詳細資訊,請參閱控制存取權限For more information about extended rights, see the Control Access Rights.


ListChildrenAccessRule 類別 (Class) 表示特定型別的存取規則,用於允許或拒絕 Active Directory 網域服務物件列出子物件的權限。The ListChildrenAccessRule class represents a specific type of access rule that is used to allow or deny an Active Directory Domain Services object the right to list child objects.


PropertyAccessRule 類別表示特定型別的存取規則,用於允許或拒絕對 Active Directory 網域服務屬性的存取。The PropertyAccessRule class represents a specific type of access rule that is used to allow or deny access to an Active Directory Domain Services property.


PropertyCollection 類別包含 DirectoryEntry 的屬性。The PropertyCollection class contains the properties of a DirectoryEntry.


PropertySetAccessRule 類別代表特定類型的存取規則,用於允許或拒絕對 Active Directory 網域服務屬性集的存取。The PropertySetAccessRule class represents a specific type of access rule that is used to allow or deny access to an Active Directory Domain Services property set. 如需針對 Active Directory 網域服務所定義的屬性集清單,請參閱屬性集一文。For a list of property sets that are defined for Active Directory Domain Services, see the Property Sets article.


包含 DirectoryEntry 屬性的值。Contains the values of a DirectoryEntry property.


包含 SearchResult 執行個體的屬性。Contains the properties of a SearchResult instance.


包含 SearchResult 屬性的值。Contains the values of a SearchResult property.


包含 SchemaFilter 物件的 DirectoryEntries 屬性可以使用的結構描述名稱清單。Contains a list of the schema names that the SchemaFilter property of a DirectoryEntries object can use.


SearchResult 類別會封裝 Active Directory 網域服務階層架構中的節點,它是透過 DirectorySearcher 在搜尋期間所傳回的。The SearchResult class encapsulates a node in the Active Directory Domain Services hierarchy that is returned during a search through DirectorySearcher.


SearchResultCollection 類別包含 SearchResult 查詢期間,Active Directory 階層所傳回的 DirectorySearcher 執行個體。The SearchResultCollection class contains the SearchResult instances that the Active Directory hierarchy returned during a DirectorySearcher query.


處理搜尋等候處理的類別。A class that deals with search wait handling.


指定排序搜尋結果的方法。Specifies how to sort the results of a search.



ActiveDirectoryRights 列舉型別會指定指派給 Active Directory 網域服務物件的存取權限。The ActiveDirectoryRights enumeration specifies the access rights that are assigned to an Active Directory Domain Services object.


ActiveDirectorySecurityInheritance 列舉型別 (Enumeration) 指定是否將 ACE 資訊套用至物件及其子物件,以及套用的方式。The ActiveDirectorySecurityInheritance enumeration specifies if, and how, ACE information is applied to an object and its descendents.


AuthenticationTypes 列舉型別會指定用於 System.DirectoryServices 的驗證 (Authentication) 型別。The AuthenticationTypes enumeration specifies the types of authentication used in System.DirectoryServices. 這個列舉型別的 FlagsAttribute 屬性允許將其成員值以位元組合的方式來使用。This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.


DereferenceAlias 列舉型別 (Enumeration) 指定如何解析別名。 這個列舉型別提供 DerefAlias 屬性的值。This enumeration provides values for the DerefAlias property.


DirectoryServicesPermissionAccess 列舉型別 (Enumeration) 定義 System.DirectoryServices 使用權限類別使用的存取層級。 這個列舉型別的 FlagsAttribute 屬性允許成員值的位元組合。This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.


包含決定如何同步 (Synchronize) 網域內目錄的旗標。Contains flags that determine how directories within a domain will be synchronized. 可為 Option 屬性設定這些選項。These options can be set for the Option property.


ExtendedDN 列舉指定傳回延伸辨別名稱的格式。 這個列舉可與 ExtendedDN 屬性搭配使用。This enumeration is used with the ExtendedDN property.


指定設定或變更密碼時是否使用 SSL。 這個列舉可與 PasswordEncoding 屬性搭配使用。This enumeration is used with the PasswordEncoding property.


PropertyAccess 列舉型別 (Enumeration) 與 PropertyAccessRulePropertySetAccessRule 類別 (Class) 搭配使用,以指出套用至 Active Directory 屬性或屬性集 (Property Set) 的存取類型。The PropertyAccess enumeration is used with the PropertyAccessRule and PropertySetAccessRule classes to indicate the type of access that is applied to an Active Directory property or property set.


ReferralChasingOption 列舉型別 (Enumeration) 指定轉介追趕是否進行和如何進行。The ReferralChasingOption enumeration specifies if and how referral chasing is pursued.


指定使用 DirectorySearcher 物件執行之目錄搜尋的可能範圍。Specifies the possible scopes for a directory search that is performed using the DirectorySearcher object.


指定用於檢查目錄物件之安全性資訊的可用選項。Specifies the available options for examining security information of a directory object. 這個列舉型別 (Enumeration) 要與 SecurityMasksSecurityMasks 屬性搭配使用。This enumeration is used with the SecurityMasks and SecurityMasks properties.


SortDirection 列舉型別 (Enumeration) 指定如何排序 Active Directory 網域服務查詢的結果。The SortDirection enumeration specifies how to sort the results of an Active Directory Domain Services query.


這個命名空間中的類別可以搭配任何 Active Directory Domain Services 服務提供者使用。The classes in this namespace can be used with any of the Active Directory Domain Services service providers. 目前的提供者包括: Internet Information Services (IIS)、輕量型目錄存取協定(LDAP)、Novell NetWare 目錄服務(NDS)和 WinNT。The current providers are: Internet Information Services (IIS), Lightweight Directory Access Protocol (LDAP), Novell NetWare Directory Service (NDS), and WinNT.

ADSI 是 Microsoft Active Directory Domain Services 的程式設計介面,可讓您的應用程式使用單一介面與網路上的各種目錄互動。ADSI is a programmatic interface for Microsoft Active Directory Domain Services that enables your applications to interact with diverse directories on a network using a single interface. 使用 ADSI 時,您可以建立應用程式來執行一般工作,例如備份資料庫、存取印表機,以及管理使用者帳戶。Using ADSI, you can create applications that perform common tasks, such as backing up databases, accessing printers, and administering user accounts.

假設您在使用這些類別之前,先對 Active Directory Domain Services 有大致的瞭解。It is assumed that you have a general understanding of Active Directory Domain Services before using these classes. 如需有關 Active Directory Domain Services 的詳細資訊,請參閱Active Directory 物件Active Directory 技術 Backgrounder簡介主題,以及下列主題:For more information on Active Directory Domain Services, see the topics Introduction to Active Directory Objects and Active Directory Technology Backgrounder, as well as the following topics:

Active Directory Domain Services 使用樹狀結構。Active Directory Domain Services use a tree structure. 樹狀結構中的每個節點都包含一組屬性。Each node in the tree contains a set of properties. 使用此命名空間來進行流覽、搜尋和修改樹狀結構,以及讀取和寫入節點的屬性。Use this namespace to traverse, search, and modify the tree, and read and write to the properties of a node.

DirectoryEntry 類別會封裝 Active Directory 網域服務階層架構中的節點或物件。The DirectoryEntry class encapsulates a node or object in the Active Directory Domain Services hierarchy. 使用這個類別來系結至物件、讀取屬性和更新屬性。Use this class for binding to objects, reading properties, and updating attributes. 與協助程式類別搭配使用,DirectoryEntry 可支援生命週期管理和流覽方法,包括建立、刪除、重新命名、移動子節點,以及列舉子系。Together with helper classes, DirectoryEntry provides support for life-cycle management and navigation methods, including creating, deleting, renaming, moving a child node, and enumerating children.

使用 DirectorySearcher 類別,針對 Active Directory Domain Services 階層執行查詢。Use the DirectorySearcher class to perform queries against the Active Directory Domain Services hierarchy. LDAP 是唯一支援搜尋的系統提供 Active Directory 服務介面(ADSI)提供者。LDAP is the only system-supplied Active Directory Service Interfaces (ADSI) provider that supports searching.

透過 DirectorySearcher 的 Active Directory Domain Services 階層的搜尋會傳回 SearchResult的實例,這些實例包含在 SearchResultCollection 類別的實例中。A search of the Active Directory Domain Services hierarchy through DirectorySearcher returns instances of SearchResult, which are contained in an instance of the SearchResultCollection class.

注意: System.DirectoryServices 命名空間中的許多類別、方法和屬性都會使用 LinkDemand 代碼啟用安全性選項。Note: Many of the classes, methods, and properties in the System.DirectoryServices namespace use the LinkDemand code access security option. 這表示只有在進行一次性編譯時,才會發生代碼啟用安全性需求,而且只會在呼叫元件上執行要求,而不是在整個呼叫堆疊上執行。This means that the code access security demand only occurs during just-in-time compilation and that the demand is performed only on the calling assembly and not up the entire call stack. 因此,呼叫端不應將在執行時間建立的物件傳遞至不受信任的程式碼。Because of this, callers should not pass objects that are created from this namespace at runtime to code that is not trusted.