在 C# 中创建密码为 Active Directory 的用户
[英]Creating Active Directory user with password in C#
问题描述
I'm looking for a way to create Active Directory users and set their password, preferably without giving my application/service Domain Admin privileges.
我正在寻找一种方法来创建 Active Directory 用户并设置他们的密码,最好不要给我的应用程序/服务域管理员权限。
I've tried the following:我试过以下方法:
DirectoryEntry newUser = _directoryEntry.Children.Add("CN=" + fullname, USER);
newUser.Properties["samAccountName"].Value = username;
newUser.Properties["userPassword"].Value = password;
newUser.Properties["mail"].Value = email;
newUser.CommitChanges();
The user is created, but it seems the password is never set on the user.用户已创建,但似乎从未为用户设置密码。
Does anyone have an idea on how to set the user's password initially when creating the user?有没有人知道在创建用户时最初如何设置用户密码? I know about我知道
.Invoke("SetPassword", new object[] { password })
But that requires my code to be run with Domain Admin privileges.但这需要我的代码以域管理员权限运行。 As I don't really see the point to grant my code Domain Admin privileges, just to set the initial password (I also allow user password resets, but those run in the context of that particular user), I am hoping someone has a clever solution that doesn't require me to do so.因为我真的不明白授予我的代码域管理员权限的意义,只是为了设置初始密码(我也允许用户密码重置,但那些在该特定用户的上下文中运行),我希望有人有一个聪明的不需要我这样做的解决方案。
Thanks in advance!提前致谢!
4 个解决方案
解决方案1
34 已采纳 2010-02-21 12:38:30
You can do this whole process much easier now with System.DirectoryServices.AccountManagement (long as you're on .Net 3.5): 现在使用System.DirectoryServices.AccountManagement可以更轻松地完成整个过程(只要你在.Net 3.5上):
See here for a full rundown 请参阅此处了解完整的纲要
Here's a quick example of your specific case: 以下是您具体案例的简要示例:
using(var pc = new PrincipalContext(ContextType.Domain))
{
using(var up = new UserPrincipal(pc))
{
up.SamAccountName = username;
up.EmailAddress = email;
up.SetPassword(password);
up.Enabled = true;
up.ExpirePasswordNow();
up.Save();
}
}
解决方案2
4 2013-07-31 17:26:49
Yes can also use below code to create bulk of users 是也可以使用以下代码创建大量用户
DirectoryEntry ouEntry = new DirectoryEntry("LDAP://OU=TestOU,DC=TestDomain,DC=local");
for (int i = 0; i < 10; i++)
{
try
{
DirectoryEntry childEntry = ouEntry.Children.Add("CN=TestUser" + i, "user");
childEntry.CommitChanges();
ouEntry.CommitChanges();
childEntry.Invoke("SetPassword", new object[] { "password" });
childEntry.CommitChanges();
}
catch (Exception ex)
{
}
}
解决方案3
4 2010-02-21 12:50:51
I'd use @Nick's code (wrapped in using statements so the context and principal are disposed properly). 我使用@ Nick的代码(包含在using语句中,以便正确处理上下文和主体)。 As for privileges, you'll need to at least have enough privileges on the OU where you are creating the user to create and manage objects. 至于权限,您至少需要在创建用户的OU上拥有足够的权限来创建和管理对象。 I'd create a specific user under which your program will run and give it just enough privileges to do the tasks that it needs in that specific OU and no more. 我将创建一个特定的用户来运行您的程序,并为其提供足够的权限,以便在该特定OU中执行所需的任务,而不再需要。
解决方案4
0 2016-09-28 09:55:03
Try with this code. 尝试使用此代码。
DirectoryEntry ouEntry = new DirectoryEntry("LDAP://OU=TestOU,DC=TestDomain,DC=local");
for (int i = 0; i < 10; i++)
{
try
{
DirectoryEntry childEntry = ouEntry.Children.Add("CN=TestUser" + i, "user");
childEntry.CommitChanges();
ouEntry.CommitChanges();
childEntry.Invoke("SetPassword", new object[] { "password" });
childEntry.CommitChanges();
}
catch (Exception ex)
{
}
}
解决方案5
0 2021-12-09 16:18:36
The actual attribute for the password is unicodePwd , which requires a specific format that is described in the documentation .密码的实际属性是unicodePwd ,它需要文档中描述的特定格式。 But this is how you can do it:但这是你可以做到的:
newUser.Properties["unicodePwd"].Value = Encoding.Unicode.GetBytes("\"NewPassword\"");
Doing it this way, you can create the user with a password in one step.这样做,您可以一步创建带有密码的用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.