[英]How to set userAccountControl attribute in AD user account
I'm creating AD user account using java.我正在使用 java 创建 AD 用户帐户。 I could successfully create the user account and the account did created in the "AD Users and Computers" GUI but I couldn't access the created AD user account.我可以成功创建用户帐户,并且该帐户确实在“AD 用户和计算机”GUI 中创建,但我无法访问创建的 AD 用户帐户。
The problem I encountered is I cannot set the "userAccountControl"
attribute to "512"
which stands for NORMAL_ACCOUNT
or "66048"
for NORMAL_ACCOUNT, ACCOUNT_NEVER_EXPIRES
.我遇到的问题是我无法将"userAccountControl"
属性设置为"512"
,它代表NORMAL_ACCOUNT
或"66048"
代表NORMAL_ACCOUNT, ACCOUNT_NEVER_EXPIRES
。
The following exception is displayed whenever I set the above values:每当我设置上述值时,都会显示以下异常:
javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00000524: UpdErr: DSID-031A122A, problem 6005 (ENTRY_EXISTS), data 0
]; remaining name 'cn=User Four,ou=DAT,DC=dat,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(Unknown Source)
at javax.naming.directory.InitialDirContext.createSubcontext(Unknown Source)
at NewUser.addUser(NewUser.java:94)
at MainClass.main(MainClass.java:7)
When I create user account directly from AD GUI, the account successfully created with "userAccountControl"
attribute "512"
or "66048"
.当我直接从 AD GUI 创建用户帐户时,该帐户使用"userAccountControl"
属性"512"
或"66048"
成功创建。 And I can access those accounts.我可以访问这些帐户。
Can anyone tell me how to solve this problem.谁能告诉我如何解决这个问题。
Here's my addUser() method.这是我的 addUser() 方法。
public boolean addUser() throws NamingException {
Attributes container = new BasicAttributes();
Attribute objClasses = new BasicAttribute("objectClass");
objClasses.add("top");
objClasses.add("person");
objClasses.add("organizationalPerson");
objClasses.add("user");
String cnValue = new StringBuffer(firstName).append(" ").append(lastName).toString();
Attribute cn = new BasicAttribute("cn", cnValue);
Attribute sAMAccountName = new BasicAttribute("sAMAccountName", userName);
Attribute principalName = new BasicAttribute("userPrincipalName", userName
+ "@" + DOMAIN_NAME);
Attribute givenName = new BasicAttribute("givenName", firstName);
Attribute sn = new BasicAttribute("sn", lastName);
Attribute uid = new BasicAttribute("uid", userName);
Attribute userPassword = new BasicAttribute("userpassword", password);
Attribute userAccountControl = new BasicAttribute("userAccountControl", "512");
container.put(objClasses);
container.put(sAMAccountName);
container.put(principalName);
container.put(cn);
container.put(sn);
container.put(givenName);
container.put(uid);
container.put(userPassword);
container.put(userAccountControl);
try {
context.createSubcontext(getUserDN(cnValue, organisationUnit), container);
return true;
} catch (Exception e) {
return false;
}
}
Actually "userAccountControl"
attribute cannot be set to 512
or 66048
because my above code creates AD account with no password in the AD server.实际上, "userAccountControl"
属性不能设置为512
或66048
因为我上面的代码在 AD 服务器中创建了没有密码的 AD 帐户。 I used command line AD account creation method dsadd user "cn=User name,ou=org unit,ou=org unit,dc=domain,dc=domain" -upn "userName@dat.com" -email "userName@dat.com" -fn firstName -ln lastName -display "Display user name" -mustchpwd no -pwd password -disabled no
我使用命令行 AD 帐户创建方法dsadd user "cn=User name,ou=org unit,ou=org unit,dc=domain,dc=domain" -upn "userName@dat.com" -email "userName@dat.com" -fn firstName -ln lastName -display "Display user name" -mustchpwd no -pwd password -disabled no
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.