Active Directory:System.DirectoryServices命名空间。 得到“传递了无效的目录路径名”
[英]Active Directory: System.DirectoryServices namespace. Getting “An invalid directory pathname was passed”
问题描述
Following the Howto: (Almost) Everything In Active Directory via C# tutorial I'm attempting write a piece to add users to Active Directory using the System.DirectoryServices namespace but I'm getting the error mentioned in the title with each attempt. 
按照Howto :(几乎)通过C#教程在Active Directory中进行所有操作我试图编写一段内容,以便使用System.DirectoryServices命名空间将用户添加到Active Directory中,但是每次尝试都出现标题中提到的错误。
As the error suggests, I took a look at how my path-name was structured but I have my doubts still yet. 正如错误所暗示的,我看了我的路径名是如何构造的,但我仍然有疑问。
My goal is to add a new user and place the user in an AD group. 我的目标是添加一个新用户并将该用户放入AD组。 Technically, our "Groups" are really just Organizational Units under the parent DC. 从技术上讲,我们的“组”实际上只是父DC下的组织单位。
Our AD hierarchy is normally formatted as such... 我们的广告层次结构通常采用以下格式:
OU(Department Name) > OU (Users) > CN(User) OU(部门名称)> OU(用户)> CN(用户)
I would also assume that I can set certain properties to the user as I add their new account, although I'm not sure what the limitations are to this. 我还假定我可以在添加新帐户时为用户设置某些属性,尽管我不确定对此有什么限制。
Below is the code I've written. 以下是我编写的代码。 I've been over a few articles asside from the one on Code Project but I'm not sure if this is just my lack of understanding or what. 除了Code Project上的文章外,我已经阅读了几篇文章,但是我不确定这是否只是我缺乏理解或什么。 Surely it's not as difficult as what I'm making it out to be. 当然,这并不像我要说的那么困难。 I may not understand enough about AD just yet. 我可能还不太了解AD。
public static string CreateUserAccount()
{
try
{
DirectoryEntryData newUserADdata = new DirectoryEntryData();
string oGUID = string.Empty;
string connectionPrefix = "LDAP://" + "DOMAIN";
DirectoryEntry dirEntry = new DirectoryEntry(connectionPrefix);
DirectoryEntry newUser = dirEntry.Children.Add
// Define directory entry based on Organizational Units and Common Names
("CN=" + newUserADdata.NewUserFirstName + newUserADdata.NewUserLastName + ", OU = " + newUserADdata.NewUserOrganizationDepartment + ", DC = domain, DC = local", "user");
// Prepair Data for New Entry
// Initial Login Information
newUser.Properties["samAccountName"].Value = newUserADdata.NewUserLoginUserName; // Set Initial Username
newUser.Invoke("SetPassword", new object[] { newUserADdata.NewUserLoginPassword }); // Set Initial Password
newUser.Properties["userPrincipalName"].Value = newUserADdata.NewUserLoginUserName + "@domain.local"; // Principal Name
newUser.Properties["pwdLastSet"].Value = "0"; // Set "Password Last Set" property to 0 to invoke a password change upon first login
// General
newUser.Properties["givenName"].Value = newUserADdata.NewUserFirstName; // First name
newUser.Properties["sn"].Value = newUserADdata.NewUserLastName; // Last Name
newUser.Properties["displayName"].Value = newUserADdata.NewUserDisplayName; // Display Name
newUser.Properties["description"].Value = newUserADdata.NewUserDescription; // Description
newUser.Properties["physicalDeliveryOfficeName"].Value = newUserADdata.NewUserOffice; // Office
newUser.Properties["telephoneNumber"].Value = newUserADdata.NewUserTelephone; // Telephone Number
newUser.Properties["homeDrive"].Value = newUserADdata.NewUserHomeDriveLetter; // Home Drive Letter (H:)
newUser.Properties["homeDirectory"].Value = newUserADdata.NewUserHomeDrivePath; // Home Drive Path
// Telephones
newUser.Properties["homePhone"].Value = newUserADdata.NewUserTelephoneHome; // Home Phone Number
newUser.Properties["pager"].Value = newUserADdata.NewUserTelephonePager; // Pager Number
newUser.Properties["mobile"].Value = newUserADdata.NewUserTelephoneMobile; // Mobile Phone Number
newUser.Properties["facsimileTelephoneNumber"].Value = newUserADdata.NewUserTelephoneFax; // Fax Number
newUser.Properties["ipPhone"].Value = newUserADdata.NewUserTelephoneIP; // IP Phone Number
// Address
newUser.Properties["streetAddress"].Value = newUserADdata.NewUserAddressStreet; // Street
newUser.Properties["postOfficeBox"].Value = newUserADdata.NewUserAddressPObox; // P.O. Box
newUser.Properties["l"].Value = newUserADdata.NewUserAddressCity; // City
newUser.Properties["st"].Value = newUserADdata.NewUserAddressState; // State/Province
newUser.Properties["postalCode"].Value = newUserADdata.NewUserAddressZipCode; // Zip/Postal Code
newUser.Properties["c"].Value = newUserADdata.NewUserAddressCountry; // Country/Region Name
// Organization
newUser.Properties["title"].Value = newUserADdata.NewUserOrganizationJobTitle; // Job Title
newUser.Properties["department"].Value = newUserADdata.NewUserOrganizationDepartment; // Deparment
newUser.Properties["company"].Value = newUserADdata.NewUserOrganizationCompany; // Company
newUser.Properties["manager"].Value = newUserADdata.NewUserOrganizationManagerName; // Manager Name
newUser.CommitChanges();
oGUID = newUser.Guid.ToString();
int val = (int)newUser.Properties["userAccountControl"].Value;
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
/// Account Control Flags :: syntax :: val | hex | hex | and so on... http://support.microsoft.com/kb/305144
//////////////////////////////////////////////////////////////////////////////////////////////////////////////
newUser.Properties["userAccountControl"].Value = val | 512; // Normal User Settings
newUser.CommitChanges();
dirEntry.Close();
newUser.Close();
}
catch (System.DirectoryServices.DirectoryServicesCOMException e)
{
return "<br /><br /><div class='alert alert-danger'><b><i class='fa fa-exclamation-triangle'></i> An Error has occured:</b> <br /><br />" + e.ToString() + "</div>";
}
return "<br /><br /><div class='alert alert-success'><b>Success:<b> <br /><br />The User has been successfully added to Active Directory.</div>";
}
Any idea how I might get this to work? 知道如何使它起作用吗? I really appreciate it. 我真的很感激。
Update: 更新:
For those of you lead to this post by your search for AD solutions.. 对于您中的那些人,通过搜索AD解决方案可以引出这篇文章。
I've gone with the solution proposed by marc_s. 我已经接受了marc_s提出的解决方案。 This makes things much easier and speed development along. 这使事情变得更加容易并加快了开发速度。 One item worth mentioning is that the UserPrincipal class properties are a bit limiting. 值得一提的是UserPrincipal类的属性有一些限制。 The solution i found for that is to use Principal Extensions . 我为此找到的解决方案是使用Principal Extensions 。 This will allow you to add additional properties to the class that are not included such as physicalDeliveryOfficeName or maybe facsimileTelephoneNumber for example. 这将允许您将不包含的其他属性添加到类中,例如physicalDeliveryOfficeName或facsimileTelephoneNumber 。
1 个解决方案
解决方案1
1 已采纳 2014-07-03 15:03:49
If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. 如果您使用的是.NET 3.5及更高版本,则应签出System.DirectoryServices.AccountManagement (S.DS.AM)命名空间。 Read all about it here: 在这里阅读所有内容:
- Managing Directory Security Principals in the .NET Framework 3.5 在.NET Framework 3.5中管理目录安全主体
- MSDN docs on System.DirectoryServices.AccountManagement System.DirectoryServices.AccountManagement上的MSDN文档
Basically, you can define a domain context and easily find users and/or groups in AD: 基本上,您可以定义域上下文并轻松找到AD中的用户和/或组:
// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
// do something here....
}
// add a new user
UserPrincipal newUser = new UserPrincipal(ctx);
// set properties
newUser.givenName = "....";
newUser.surname = "....";
.....
// save new user
newUser.Save();
}
The new S.DS.AM makes it really easy to play around with users and groups in AD! 新的S.DS.AM使得与AD中的用户和组玩起来非常容易!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.