堆栈内存溢出
  简体   繁体   English

System.DirectoryServices.Protocol 从组中添加/删除用户

[英]System.DirectoryServices.Protocol add/remove user from group

 原文  2011-09-12 18:17:27       c#/ active-directory/ active-directory-group

问题描述

I want to Add remove a user from a group in System.DirectoryServices.Protocol namespace.我想添加从 System.DirectoryServices.Protocol 命名空间中的组中删除用户。

I have the samples mentioned here :我有这里提到的样品:

link to my other question 链接到我的另一个问题

But can't find an exampel fo how to add and remove a user from a group using S.DS.P.但是找不到有关如何使用 SDS 从组中添加和删除用户的示例。

Does anyone know of any samples for this operation?有没有人知道这个操作的任何样本?

Thanks,谢谢,

Cal-校准-

3 个解决方案

解决方案1
 3 已采纳  2011-09-15 20:00:33

You'd just want to send a ModifyRequest on the member attribute with a DirectoryAttributeOperation.Add .您只想使用DirectoryAttributeOperation.Addmember属性上发送ModifyRequest The value you should pass is the DN of the user you want to add to the group您应该传递的值是您要添加到组中的用户的 DN

解决方案2
 0  2021-05-10 14:33:45

Here a example to add a object to a group.这是将对象添加到组的示例。

    public static void AddObjectToGroup(string objectName, string groupName)
    {
        // var credential = new NetworkCredential();
        // var identifier = new LdapDirectoryIdentifier("");
        using (var connection = new LdapConnection("company.com"))
        {
            connection.SessionOptions.StartTransportLayerSecurity(null);
            connection.Bind();

            string objectDn = null;
            var request = new SearchRequest("DC=company,DC=com", $"Name={objectName}", SearchScope.Subtree, "distinguishedName");
            var response = (SearchResponse)connection.SendRequest(request);
            if (response != null)
            {
                var enumerator = response.Entries.GetEnumerator();
                enumerator.Reset();
                if (enumerator.MoveNext() && enumerator.Current is SearchResultEntry entry)
                {
                    objectDn = entry.Attributes["distinguishedName"].GetValues(typeof(string)).Select(x => (string)x).FirstOrDefault();
                }
            }
            Log.Information($"object DN: {objectDn}");

            string groupDn = null;
            request = new SearchRequest("DC=company,DC=com", $"Name={groupName}", SearchScope.Subtree, "distinguishedName"); 
            response = (SearchResponse)connection.SendRequest(request);
            if (response != null)
            {
                var enumerator = response.Entries.GetEnumerator();
                enumerator.Reset();
                if (enumerator.MoveNext() && enumerator.Current is SearchResultEntry entry)
                {
                    groupDn = entry.Attributes["distinguishedName"].GetValues(typeof(string)).Select(x => (string)x).FirstOrDefault();
                }
            }
            Log.Information($"group DN: {groupDn}");

            request = new SearchRequest("DC=company,DC=com", $"(&(objectCategory=Group)(distinguishedName={groupDn}))", SearchScope.Subtree);
            response = (SearchResponse)connection.SendRequest(request);
            if (response != null && !string.IsNullOrWhiteSpace(objectDn))
            {
                var members = response.Entries[0].Attributes["member"];

                var existing = new List<string>();
                for (int i = 0; i < members.Count; i++)
                {
                    existing.Add(members[i].ToString());
                }

                if (existing.Contains(objectDn)) return;
                
                var dam = new DirectoryAttributeModification { Name = "member" };
                dam.Add(objectDn);
                dam.Operation = DirectoryAttributeOperation.Add;

                var mr = new ModifyRequest(groupDn, dam);
                var dr = connection.SendRequest(mr);
                Log.Information($"Add Response: {dr.ResultCode.ToString()}");
            }
        }
    }

解决方案3
 0  2021-05-11 15:40:24

Just for those who follow, here is how I actually solved the problem using System.DirectoryServices.AccountManagement对于那些关注的人,这是我使用 System.DirectoryServices.AccountManagement 实际解决问题的方法

string adServer = "";
            string adServerUser = "";
            string adServerPassword = "";
            string adServerContainer = "";

            GetSettings( ref adServer, ref adServerUser, ref adServerPassword, ref adServerContainer );

            if ( ((!string.IsNullOrEmpty(adServer) && !string.IsNullOrEmpty(adServerUser)) && !string.IsNullOrEmpty(adServerPassword)) && !string.IsNullOrEmpty(adServerContainer))
            {
                try
                {
                    using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, adServer, adServerContainer, adServerUser, adServerPassword))
                    {
                        using (GroupPrincipal group = GroupPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, this.textBox_GroupAdd.Text))
                        {
                            if (group == null)
                            {
                                FlexibleMessageBox.Show("group could not be found");
                                return;
                            }
                            PrincipalSearchResult<Principal> x = group.GetMembers();
                            using (UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, this.textBox_adName.Text))
                            {
                                string userSid = string.Format("<SID={0}>", ToSidString(user));
                                DirectoryEntry groupDirectoryEntry = (DirectoryEntry) group.GetUnderlyingObject();
                                groupDirectoryEntry.Properties["member"].Add(userSid);
                                groupDirectoryEntry.CommitChanges();
                            }
                        }
                    }
                }
                catch (Exception ex)
                {
                    FlexibleMessageBox.Show(ex.ToString());
                }
                FlexibleMessageBox.Show("group add done");
            }

and here is the guts of the remove from group这是从组中删除的胆量

                    using (UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, this.textBox_adName.Text))
                    {
                        string userSid = string.Format("<SID={0}>", ToSidString(user));
                        DirectoryEntry groupDirectoryEntry = (DirectoryEntry) group.GetUnderlyingObject();
                        groupDirectoryEntry.Properties["member"].Remove(userSid);
                        groupDirectoryEntry.CommitChanges();
                    }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 System.DirectoryServices.Protocol移动用户问题 - System.DirectoryServices.Protocol move user question System.DirectoryServices.Protocol搜索问题 - System.DirectoryServices.Protocol search question 如何在C#中的System.DirectoryServices.Protocol中获取嵌套组(子组) - How to get nested groups (subgroups) in System.DirectoryServices.Protocol in c# 如何使用System.DirectoryServices.Protocol验证用户名/密码? - How would I validate a Username/Password using System.DirectoryServices.Protocol? System.DirectoryServices.AccountManagement.PrincipalCollection - 如何检查主体是用户还是组? - System.DirectoryServices.AccountManagement.PrincipalCollection - how to check if principal is a user or a group? 如何使用System.DirectoryServices.AccountManagement将用户添加到AD? - How do I add a user to AD using System.DirectoryServices.AccountManagement? 使用System.DirectoryServices.AccountManagement,将组设为主要组 - Using System.DirectoryServices.AccountManagement, Making a group the primary group 通过System.DirectoryServices将StartTLS与LDAP一起使用 - Using StartTLS with LDAP from System.DirectoryServices System.DirectoryServices很慢 - System.DirectoryServices is slow System.DirectoryServices很慢? - System.DirectoryServices is slow?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM