C#将用户添加到活动目录
[英]C# Adding Users to Active directory
问题描述
I'm trying to add users to Active Directory and my code so far is
我正在尝试将用户添加到 Active Directory,到目前为止我的代码是
using (DirectoryEntry dirEntry = new DirectoryEntry(ldapPath))
if (dirEntry.SchemaEntry.Name == "container")
{
using (DirectoryEntry newUser = dirEntry.Children.Add("CN= " + username, "User"))
{
fullname = fname + " " + lname;
newUser.Properties["sAMAccountName"].Value = username;
newUser.Properties["First name"].Value = fname;
newUser.Properties["Last name"].Value = lname;
newUser.Properties["Full name"].Value = fullname;
newUser.Properties["password"].Value = password;
newUser.CommitChanges();
}
}
When I run the program I get the error当我运行程序时出现错误
The specified directory service attribute or value does not exist.
Any suggestions on how I can make this work?关于如何完成这项工作的任何建议? And yes I'm new to Active Directory related stuff.是的,我是 Active Directory 相关内容的新手。
1 个解决方案
解决方案1
0 2015-06-21 20:29:08
The Active Directory attributes need to be addressed by their LDAP names - not what you see in the GUI.... Active Directory 属性需要通过它们的LDAP 名称来寻址 - 而不是您在 GUI 中看到的......
So try this:所以试试这个:
using (DirectoryEntry dirEntry = new DirectoryEntry(ldapPath))
{
if (dirEntry.SchemaEntry.Name == "container")
{
using (DirectoryEntry newUser = dirEntry.Children.Add("CN=" + username, "User"))
{
fullname = fname + " " + lname;
newUser.Properties["sAMAccountName"].Value = username;
newUser.Properties["givenName"].Value = fname; // first name
newUser.Properties["sn"].Value = lname; // surname = last name
newUser.Properties["displayName"].Value = fullname;
newUser.Properties["password"].Value = password;
newUser.CommitChanges();
}
}
}
You can find a great Excel spreadsheet showing the names used in the interactive GUI, and what LDAP names they map to, on Richard Mueller's web site here (check out the "Spreadsheet of all Active Directory attributes" and "Spreadsheet of User Properties in Active Directory Users & Computers MMC.")您可以在 Richard Mueller 的网站上找到一个很棒的 Excel 电子表格,其中显示了交互式 GUI 中使用的名称以及它们映射到的 LDAP 名称(查看“所有 Active Directory 属性的电子表格”和“Active 中的用户属性电子表格”目录用户和计算机 MMC。”)
Or if you're using .NET 3.5 or newer, you could also investigate the new System.DirectoryServices.AccountManagement namespace, which allows you to use nicely shaped objects to handle common tasks.或者,如果您使用的是 .NET 3.5 或更高版本,您还可以研究新的System.DirectoryServices.AccountManagement命名空间,它允许您使用形状优美的对象来处理常见任务。
Your code would look something like this:您的代码将如下所示:
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, NULL, ldapPath)
{
// create a user principal object
UserPrincipal user = new UserPrincipal(ctx, username, password, true);
// assign some properties to the user principal
user.GivenName = fname;
user.Surname = lname;
user.DisplayName = fullname;
// save the user to the directory
user.Save();
}
Note : the ldapPath should be the container's LDAP path - without any prefixes, eg something like CN=Users,DC=YourCompany,DC=com - no LDAP:// or other prefixes.注意: ldapPath应该是容器的 LDAP 路径 - 没有任何前缀,例如CN=Users,DC=YourCompany,DC=com - 没有LDAP://或其他前缀。
The plus side is: the UserPrincipal object class already contains nice, strongly-typed and more intuitive properties to handle many of the basic tasks, like creating a new user and setting some of its properties.好处是: UserPrincipal对象类已经包含了很好的、强类型和更直观的属性来处理许多基本任务,比如创建一个新用户并设置它的一些属性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.