堆栈内存溢出
  简体   繁体   English

通过AccountManagement将AD用户添加到计算机本地组

[英]Adding an AD User to a Machine Local group via AccountManagement

 原文  2012-08-13 17:42:18       c#/ active-directory/ account-management/ userprincipal

问题描述

I wanted to implement adding an AD user to a local machine group via User and GroupPrincipals, and I thought it would work nice and easy. 我想实现通过User和GroupPrincipals将AD用户添加到本地计算机组的方法,并且我认为它可以很好且容易地工作。 Unfortunately, I continue to get a General Access Denied error. 不幸的是,我继续收到“常规访问被拒绝”错误。 It's possible I just don't understand the proper authentication happening, but I assumed I had the proper access set up. 我可能不了解正确的身份验证,但是我认为我已经建立了正确的访问权限。 Here is a code snippet of what is being called: 这是被称为的代码片段: 

var ctx = new PrincipalContext(ContextType.Machine,
                               Environment.MachineName,
                               ConfigurationManager.AppSettings["MyUser"],
                               ConfigurationManager.AppSettings["MyPW"]);

        var grp = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, "LocalGrp");
        var adUser = ADService.GetUserByDomainUserName(vModel.ContactId);

        var adCtx = new PrincipalContext(ContextType.Domain,
                                         "myDomain.com",
                                         ConfigurationManager.AppSettings["MyUser"],
                                         ConfigurationManager.AppSettings["MyPW"])
                                              ;
        var user = UserPrincipal.FindByIdentity(adCtx, 
                                                IdentityType.Guid,
                                                adUser.UserGuid.ToString());

        if (grp != null &&
            user != null)
        {
            if(!user.IsMemberOf(grp))
            {
                grp.Members.Add(user);
                grp.Save();
            }
        }

The user is found, the group is found, but when I add and reach the grp.Save() step, I am treated with a General Access Denied exception. 找到了用户,找到了组,但是当我添加并到达grp.Save()步骤时,将被视为General Access Denied异常。 with the ctx being opened via the "MyUser" and "MyPW", I thought that would allow group manipulation on the machine since that account is part of the machine local administrators group. 通过“ MyUser”和“ MyPW”打开ctx,我认为这将允许在计算机上进行组操作,因为该帐户是计算机本地管理员组的一部分。 Can I not mix machine/domain contexts in this manner, or is there an authentication problem I am just missing? 我不能以这种方式混合计算机/域上下文,还是我只是缺少一个身份验证问题?

1 个解决方案

解决方案1
 0  2012-08-13 18:42:09

Did you run Visual Studio in Admin mode. 您是否在管理模式下运行Visual Studio。 Even though your login has admin rights, your program needs to elevate itself to use those rights if you didn't start it elevated. 即使您的登录名具有管理员权限,但如果您没有以提升权限启动程序,则程序也需要提升自身才能使用这些权限。

See: 看到:

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用AccountManagement快速*将多个用户添加到AD组 - Add multiple users to an AD group *quickly* using AccountManagement 如何测试AD用户是否是本地组的成员 - How to test if AD User is a member of a local group 在C#中将本地用户添加到本地组 - Adding a local user to a local group in C# 将本地用户添加到本地管理员组 - Adding Local User to Local Admin Group 将AD组添加到SP组时找不到用户 - User not found when adding an AD group to an SP group System.DirectoryServices.AccountManagement.PrincipalCollection - 如何检查主体是用户还是组? - System.DirectoryServices.AccountManagement.PrincipalCollection - how to check if principal is a user or a group? 通过C#修改本地用户组 - Local user group modifications via C# 使用正确的权限集将来宾用户添加到 Azure AD 组失败 - Adding guest user to Azure AD group fails with correct permissions set 添加到AD组时出现OutOfMemoryException - OutOfMemoryException on adding to AD group 使用Rest(400)错误请求将Azure AD用户添加到组 - Adding a Azure AD User to a group using Rest (400) Bad Request
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM