[英]System.DirectoryServices.Protocol add/remove user from group
I want to Add remove a user from a group in System.DirectoryServices.Protocol namespace.我想添加从 System.DirectoryServices.Protocol 命名空间中的组中删除用户。
I have the samples mentioned here :我有这里提到的样品:
link to my other question 链接到我的另一个问题
But can't find an exampel fo how to add and remove a user from a group using S.DS.P.但是找不到有关如何使用 SDS 从组中添加和删除用户的示例。
Does anyone know of any samples for this operation?有没有人知道这个操作的任何样本?
Thanks,谢谢,
Cal-校准-
You'd just want to send a ModifyRequest
on the member
attribute with a DirectoryAttributeOperation.Add
.您只想使用
DirectoryAttributeOperation.Add
在member
属性上发送ModifyRequest
。 The value you should pass is the DN of the user you want to add to the group您应该传递的值是您要添加到组中的用户的 DN
Here a example to add a object to a group.这是将对象添加到组的示例。
public static void AddObjectToGroup(string objectName, string groupName)
{
// var credential = new NetworkCredential();
// var identifier = new LdapDirectoryIdentifier("");
using (var connection = new LdapConnection("company.com"))
{
connection.SessionOptions.StartTransportLayerSecurity(null);
connection.Bind();
string objectDn = null;
var request = new SearchRequest("DC=company,DC=com", $"Name={objectName}", SearchScope.Subtree, "distinguishedName");
var response = (SearchResponse)connection.SendRequest(request);
if (response != null)
{
var enumerator = response.Entries.GetEnumerator();
enumerator.Reset();
if (enumerator.MoveNext() && enumerator.Current is SearchResultEntry entry)
{
objectDn = entry.Attributes["distinguishedName"].GetValues(typeof(string)).Select(x => (string)x).FirstOrDefault();
}
}
Log.Information($"object DN: {objectDn}");
string groupDn = null;
request = new SearchRequest("DC=company,DC=com", $"Name={groupName}", SearchScope.Subtree, "distinguishedName");
response = (SearchResponse)connection.SendRequest(request);
if (response != null)
{
var enumerator = response.Entries.GetEnumerator();
enumerator.Reset();
if (enumerator.MoveNext() && enumerator.Current is SearchResultEntry entry)
{
groupDn = entry.Attributes["distinguishedName"].GetValues(typeof(string)).Select(x => (string)x).FirstOrDefault();
}
}
Log.Information($"group DN: {groupDn}");
request = new SearchRequest("DC=company,DC=com", $"(&(objectCategory=Group)(distinguishedName={groupDn}))", SearchScope.Subtree);
response = (SearchResponse)connection.SendRequest(request);
if (response != null && !string.IsNullOrWhiteSpace(objectDn))
{
var members = response.Entries[0].Attributes["member"];
var existing = new List<string>();
for (int i = 0; i < members.Count; i++)
{
existing.Add(members[i].ToString());
}
if (existing.Contains(objectDn)) return;
var dam = new DirectoryAttributeModification { Name = "member" };
dam.Add(objectDn);
dam.Operation = DirectoryAttributeOperation.Add;
var mr = new ModifyRequest(groupDn, dam);
var dr = connection.SendRequest(mr);
Log.Information($"Add Response: {dr.ResultCode.ToString()}");
}
}
}
Just for those who follow, here is how I actually solved the problem using System.DirectoryServices.AccountManagement对于那些关注的人,这是我使用 System.DirectoryServices.AccountManagement 实际解决问题的方法
string adServer = "";
string adServerUser = "";
string adServerPassword = "";
string adServerContainer = "";
GetSettings( ref adServer, ref adServerUser, ref adServerPassword, ref adServerContainer );
if ( ((!string.IsNullOrEmpty(adServer) && !string.IsNullOrEmpty(adServerUser)) && !string.IsNullOrEmpty(adServerPassword)) && !string.IsNullOrEmpty(adServerContainer))
{
try
{
using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, adServer, adServerContainer, adServerUser, adServerPassword))
{
using (GroupPrincipal group = GroupPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, this.textBox_GroupAdd.Text))
{
if (group == null)
{
FlexibleMessageBox.Show("group could not be found");
return;
}
PrincipalSearchResult<Principal> x = group.GetMembers();
using (UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, this.textBox_adName.Text))
{
string userSid = string.Format("<SID={0}>", ToSidString(user));
DirectoryEntry groupDirectoryEntry = (DirectoryEntry) group.GetUnderlyingObject();
groupDirectoryEntry.Properties["member"].Add(userSid);
groupDirectoryEntry.CommitChanges();
}
}
}
}
catch (Exception ex)
{
FlexibleMessageBox.Show(ex.ToString());
}
FlexibleMessageBox.Show("group add done");
}
and here is the guts of the remove from group这是从组中删除的胆量
using (UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, this.textBox_adName.Text))
{
string userSid = string.Format("<SID={0}>", ToSidString(user));
DirectoryEntry groupDirectoryEntry = (DirectoryEntry) group.GetUnderlyingObject();
groupDirectoryEntry.Properties["member"].Remove(userSid);
groupDirectoryEntry.CommitChanges();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.