ADSI (Active Directory Services Interface)是Microsoft新推出的一项技术,它统一了许多底层服务的编程接口,程序员可以使用一致的对象技术来访问这些底层服务。 ADSI把这些服务的公共部分提取出来,同时隔离出相异的部分,程序员可以用统一的接口访问底层服务的公共部分,并延伸到底层服务的专有部分。
管理用户组
获取用户组的用户列表
Dim oGrp Dim oUser Dim sDomain dim sMsg sDomain = "localhost" On Error Resume Next Set oGrp = GetObject("WinNT://"&sDomain&"/Administrators,group") For Each oUser In oGrp.Members sMsg = sMsg & oUser.Name & "(" & oUser.Class & ") " & oUser.ADsPath & vbnewline Next msgbox sMsg If (Err.Number<>0) Then MsgBox("An error has occurred. " &vbnewline& Err.Description) End If Set oGrp = Nothing Set oUser = Nothing
另一种方法:
Dim oDomain Dim oGrp Dim oUser Dim sDomain dim sMsg sDomain = "localhost" On Error Resume Next Set oDomain = GetObject("WinNT://"&sDomain) Set oGrp = oDomain.GetObject("group", "Administrators") For Each oUser In oGrp.Members sMsg = sMsg & oUser.Name & "(" & oUser.Class & ") " & oUser.ADsPath & vbnewline Next msgbox sMsg If (Err.Number<>0) Then MsgBox("An error has occurred. " &vbnewline& Err.Description) End If Set oGrp = Nothing Set oUser = Nothing
查询用户是否属于该用户组
Dim oGrp On Error Resume Next Set oGrp = GetObject("WinNT://localhost/Administrators") MsgBox oGrp.IsMember("WinNT://DESKTOP-K3O4FGP/Administrator") If (Err.Number<>0) Then MsgBox("An error has occurred. " &vbnewline& Err.Description) End If Set oGrp = Nothing
添加用户到用户组
该操作要求当前登录用户为Administrator。
Dim oGrp dim sDomain sDomain = "DESKTOP-K3O4FGP" Set oGrp = GetObject("WinNT://"&sDomain&"/Administrators") oGrp.Add ("WinNT://"&sDomain&"/Admin") if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if Set oGrp = Nothing
从用户组中移除用户
该操作要求当前登录用户为Administrator。
Dim oGrp dim sDomain sDomain = "DESKTOP-K3O4FGP" On Error Resume Next Set oGrp = GetObject("WinNT://"&sDomain&"/Administrators") oGrp.Remove ("WinNT://"&sDomain&"/jeffsmith") If (Err.Number<>0) Then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" End If Set oGrp = Nothing
创建用户组
该操作要求当前登录用户为Administrator。
Dim oDomain Dim oGroup Dim sDomain sDomain = "localhost" On Error Resume Next Set oDomain = GetObject("WinNT://"&sDomain) Set oGroup = oDomain.Create("group","MyGroup") oGroup.SetInfo if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if Set oGroup = Nothing Set oDomain = Nothing
删除用户组
该操作要求当前登录用户为Administrator。
Dim oDomain Dim sDomain sDomain = "localhost" On Error Resume Next Set oDomain = GetObject("WinNT://"&sDomain) oDomain.Delete "group","MyGroup" if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if Set oDomain = Nothing
管理用户
添加用户
该操作要求当前登录用户为Administrator。
Dim oDomain Dim oUser Dim sDomain sDomain = "localhost" On Error Resume Next Set oDomain = GetObject("WinNT://"&sDomain) Set oUser = oDomain.Create("user","jeffsmith") 'oUser.FullName = "FullName" '用户全名 'oUser.Description = "Description" '描述 'oUser.SetPassword "password" '设置密码 'oUser.PasswordExpired = 1 '下次登录需要更改密码 'oUser.UserFlags = oUser.UserFlags Or &H10000 '&H20000(下次登录须更改密码) '&H0040(用户不能更改密码) '&H10000(密码永不过期) '&H0002(账户已禁用) oUser.SetInfo if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if
如果未设置用户属性,则 新建的用户的默认属性如下:
Property | Value |
---|---|
Full Name | SAM Account Name (such as jeffsmith) |
Password | Empty |
User Must Change Password | TRUE |
User Cannot Change Password | FALSE |
Password Never Expires | FALSE |
Account Disabled | FALSE |
Group | Domain User |
Profile | Empty |
Account Never Expires | TRUE |
修改用户属性
该操作要求当前登录用户为Administrator。
Dim oUser Dim sDomain sDomain = "localhost" On Error Resume Next Set oUser = GetObject("WinNT://"&sDomain&"/jeffsmith") oUser.FullName = "jeffsmith" oUser.Description = "Description" oUser.AccountDisabled = False oUser.IsAccountLocked = False oUser.SetInfo if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if
用户属性详见:https://docs.microsoft.com/zh-cn/windows/win32/adsi/iadsuser-property-methods
设置用户密码
该操作要求当前登录用户为Administrator。
Dim oUser Dim sDomain sDomain = "localhost" On Error Resume Next Set oUser = GetObject("WinNT://"&sDomain&"/jeffsmith") oUser.SetPassword "pa55w0rd!" if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if
更改用户密码
该操作要求当前登录用户为Administrator。
Dim oUser Dim sOldPass Dim sNewPass Dim sDomain sDomain = "localhost" On Error Resume Next Set oUser = GetObject("WinNT://"&sDomain&"/JeffSmith,user") ' Add code to securely retrieve the old and new password. oUser.ChangePassword sOldPass, sNewPass if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if Set oUser = Nothing
删除用户
该操作要求当前登录用户为Administrator。
Dim oDomain Dim sDomain sDomain = "localhost" On Error Resume Next Set oDomain = GetObject("WinNT://"&sDomain) oDomain.Delete "user", "jeffsmith" if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if
查询用户隶属的组
Dim oUser Dim oGroup Dim sDomain Dim sMsg sDomain = "localhost" On Error Resume Next Set oUser = GetObject("WinNT://"&sDomain&"/Administrator") For Each oGroup In oUser.Groups sMsg = sMsg & oGroup.Name & vbnewline Next if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox sMsg end if
引用:https://docs.microsoft.com/zh-cn/windows/win32/adsi/adsi-objects-of-winnt