如何通过 C# 创建 GMSA 帐户
[英]How to create GMSA account via C#
问题描述
I have tried to look for the c# code example to see how the AD service account is created but not much luck.
我试图寻找 c# 代码示例来查看 AD 服务帐户是如何创建的,但运气不佳。 Anyone can provide an example code for creating AD service account please?任何人都可以提供创建AD服务帐户的示例代码吗?
I have tried UserPrincipal with $ at the end of the name but not much luck.我尝试过在名称末尾使用 $ 的 UserPrincipal,但运气不佳。 Errors with Access Denied (Cant create under root MyDomain or under a CN)拒绝访问的错误(无法在根 MyDomain 或 CN 下创建)
// Domain Context to use specific LDAP path.
domainContext = new PrincipalContext(ContextType.Domain, domainContext.ConnectedServer, "CN=Managed Service Accounts,dc=mydomain");
UserPrincipal userAccount = new UserPrincipal(domainContext)
{
DisplayName = userName,
SamAccountName = $"{userName}$",
Description = description
};
userAccount.Save();
1 个解决方案
解决方案1
0 2020-02-21 13:34:55
Little late, but I think I can answer it.有点晚,但我想我可以回答。 You need to use the NetAddServiceAccount function through logoncli.dll.您需要通过logoncli.dll 使用NetAddServiceAccount 函数。 I hadn't been able to get it to work in PowerShell, even with adding what I thought was an appropriate type shim, but I just came across a module that seems to work.我无法让它在 PowerShell 中工作,即使添加了我认为合适的类型垫片,但我刚刚遇到了一个似乎可以工作的模块。
https://github.com/beatcracker/Powershell-Misc/blob/master/Use-ServiceAccount.ps1 https://github.com/beatcracker/Powershell-Misc/blob/master/Use-ServiceAccount.ps1
The C# code for the type definition in that script should have everything you need to implement it for yourself.该脚本中类型定义的 C# 代码应该包含您自己实现它所需的一切。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.