启动账户:
DirectoryEntry usr = new DirectoryEntry("LDAP://CN=New User,CN=users,DC=fabrikam,DC=com"); int val = (int) usr.Properties["userAccountControl"].Value; usr.Properties["userAccountControl"].Value = val & ~(int)ActiveDs.ADS_USER_FLAG.ADS_UF_ACCOUNTDISABLE; //=544 usr.CommitChanges();
停用账户:
DirectoryEntry usr = new DirectoryEntry("LDAP://CN=Old User,CN=users,DC=fabrikam,DC=com"); int val = (int) usr.Properties["userAccountControl"].Value; usr.Properties["userAccountControl"].Value = val | (int)ActiveDs.ADS_USER_FLAG.ADS_UF_ACCOUNTDISABLE; //=546 usr.CommitChanges();
ActiveDs.ADS_USER_FLAG.ADS_UF_ACCOUNTDISABLE值需要引用库才可使用;
引用COM组件:Active DS Type Library
---------------------------------------------------
关于创建用户主要碰到了两个问题:
一、就是上面的启动/停用的问题
二、就是密码设置问题
创建用户,使用usr.Properties["userPassword"].add("m12345.");设置密码,密码一直没有设置成功,原因不详[大概userPassword不是存储密码的吧...]。
之后改为 usr.Invoke("SetPassword","m12345.");就成功了.
修改密码使用usr.Invoke("ChangePassword", new object[] { "old", "new" });
---------------------------------------------------
关于.net3.5之后的版本(应该吧)有一个更简洁的方法创建用户修改密码等。
创建用户:
using (var context = new PrincipalContext(ContextType.Domain, "cninnovation")) using (var user = new UserPrincipal(context, "Tom", "P@ssw0rd", true) { GivenName = "Tom", EmailAddress = "test@test.com" }) { user.Save(); }
重置密码:
using (var context = new PrincipalContext(ContextType.Domain, "cninnovation")) using (var user = UserPrincipal.FindByIdentity(context, IdentityType.Name,"Tom")) { user.SetPassword("Pa$$w0rd"); user.Save(); }
创建组:
using (var ctx = new PrincipalContext(ContextType.Domain, "cninnovation")) using (var group = new GroupPrincipal(ctx) { Description = "Sample group", DisplayName = "Wrox Authors", Name = "WroxAuthors" }) { group.Save(); }
组中添加用户:
using (var context = new PrincipalContext(ContextType.Domain)) using (var group = GroupPrincipal.FindByIdentity(context, IdentityType.Name, "WroxAuthors")) using (var user = UserPrincipal.FindByIdentity(context, IdentityType.Name, "Stephanie Nagel")) { group.Members.Add(user); group.Save(); }
查找用户:
using (var context = new PrincipalContext(ContextType.Domain, "explorer")) using (var users = UserPrincipal.FindByPasswordSetTime(context, DateTime.Today-TimeSpan.FromDays(30), MatchType.LessThan)) { foreach (var user in users) { Console.WriteLine("{0}, last logon: {1}, " + "last password change: {2}", user.Name, user.LastLogon, user.LastPasswordSet); } }
var context = new PrincipalContext(ContextType.Domain); var userFilter = new UserPrincipal(context); userFilter.Surname = "Nag*"; userFilter.Enabled = true; using (var searcher = new PrincipalSearcher()) { searcher.QueryFilter = userFilter; var searchResult = searcher.FindAll(); foreach (var user in searchResult) { Console.WriteLine(user.Name); } }
参考资料:http://msdn.microsoft.com/zh-tw/library/ms180913(v=vs.90).aspx