启动账户:
DirectoryEntry usr = new DirectoryEntry("LDAP://CN=New User,CN=users,DC=fabrikam,DC=com");
int val = (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val & ~(int)ActiveDs.ADS_USER_FLAG.ADS_UF_ACCOUNTDISABLE; //=544
usr.CommitChanges();
停用账户:
DirectoryEntry usr = new DirectoryEntry("LDAP://CN=Old User,CN=users,DC=fabrikam,DC=com");
int val = (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val | (int)ActiveDs.ADS_USER_FLAG.ADS_UF_ACCOUNTDISABLE; //=546
usr.CommitChanges();
ActiveDs.ADS_USER_FLAG.ADS_UF_ACCOUNTDISABLE值需要引用库才可使用;
引用COM组件:Active DS Type Library
---------------------------------------------------
关于创建用户主要碰到了两个问题:
一、就是上面的启动/停用的问题
二、就是密码设置问题
创建用户,使用usr.Properties["userPassword"].add("m12345.");设置密码,密码一直没有设置成功,原因不详[大概userPassword不是存储密码的吧...]。
之后改为 usr.Invoke("SetPassword","m12345.");就成功了.
修改密码使用usr.Invoke("ChangePassword", new object[] { "old", "new" });
---------------------------------------------------
关于.net3.5之后的版本(应该吧)有一个更简洁的方法创建用户修改密码等。
创建用户:
using (var context = new PrincipalContext(ContextType.Domain, "cninnovation"))
using (var user = new UserPrincipal(context, "Tom", "P@ssw0rd", true)
{
GivenName = "Tom",
EmailAddress = "test@test.com"
})
{
user.Save();
}
重置密码:
using (var context = new PrincipalContext(ContextType.Domain, "cninnovation"))
using (var user = UserPrincipal.FindByIdentity(context, IdentityType.Name,"Tom"))
{
user.SetPassword("Pa$$w0rd");
user.Save();
}
创建组:
using (var ctx = new PrincipalContext(ContextType.Domain, "cninnovation"))
using (var group = new GroupPrincipal(ctx)
{
Description = "Sample group",
DisplayName = "Wrox Authors",
Name = "WroxAuthors"
})
{
group.Save();
}
组中添加用户:
using (var context = new PrincipalContext(ContextType.Domain))
using (var group = GroupPrincipal.FindByIdentity(context, IdentityType.Name, "WroxAuthors"))
using (var user = UserPrincipal.FindByIdentity(context, IdentityType.Name, "Stephanie Nagel"))
{
group.Members.Add(user);
group.Save();
}
查找用户:
using (var context = new PrincipalContext(ContextType.Domain, "explorer"))
using (var users = UserPrincipal.FindByPasswordSetTime(context, DateTime.Today-TimeSpan.FromDays(), MatchType.LessThan))
{
foreach (var user in users)
{
Console.WriteLine("{0}, last logon: {1}, " +
"last password change: {2}", user.Name, user.LastLogon, user.LastPasswordSet);
}
}
var context = new PrincipalContext(ContextType.Domain);
var userFilter = new UserPrincipal(context);
userFilter.Surname = "Nag*";
userFilter.Enabled = true;
using (var searcher = new PrincipalSearcher())
{
searcher.QueryFilter = userFilter;
var searchResult = searcher.FindAll();
foreach (var user in searchResult)
{
Console.WriteLine(user.Name);
}
}
参考资料:http://msdn.microsoft.com/zh-tw/library/ms180913(v=vs.90).aspx