通过IP地址C#选择域控制器
[英]Choose domain controller by IP address C#
问题描述
下面是在AD中创建用户的简单代码。 该代码是DC专用的。 不管它在哪个DC上创建它,它都将使用服务器连接到的Windows默认设置。
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, Domain, path, ContextOptions.Negotiate, ManagementUsername, ManagementPassword))
{
try
{
using (UserPrincipal up = new UserPrincipal(pc, username, password, true))
{
up.GivenName = firstName; up.Surname = lastName; up.DisplayName = firstName + " " + lastName; up.UserPrincipalName = username + "@" + Domain; up.Save();
}
}
catch (PasswordException) { return null; }
}
问题是新帐户有一个复制时间(通常域有15分钟)。 当某人想要在与服务器以外的DC连接的工作站上使用该帐户请求该帐户时,在尝试实施按需帐户创建时,此方法将不起作用。 他们最终不得不坐在工作站前长达15分钟,无法登录。
问题:有没有一种方法可以根据客户端IP地址连接到DC,以在该DC上创建DC? 或者是否有办法在所有DC上建立帐户,并且可以进行复制吗? 或强制该帐户以编程方式进行复制(基于对SO的搜索,我猜没有)。
1 个解决方案
解决方案1
2 已采纳 2016-01-18 23:12:34
Forest adForest = Forest.GetCurrentForest();
ActiveDirectorySite[] sites = new ActiveDirectorySite[adForest.Sites.Count];
adForest.Sites.CopyTo(sites, 0);
List<ActiveDirectorySubnet> subnets = new List<ActiveDirectorySubnet>();
sites.ToList().ForEach(x =>
{
ActiveDirectorySubnet[] subnetTemp = new ActiveDirectorySubnet[x.Subnets.Count];
x.Subnets.CopyTo(subnetTemp, 0);
subnets.AddRange(subnetTemp);
});
IPAddress address = IPAddress.Parse("IPAddress to look up closest DC");
var currentSubnet = subnets.Where(x => address.IsInRange(x.Name));
var location = currentSubnet.First().Site.Name;
DomainController dc = DomainController.FindOne(new DirectoryContext(DirectoryContextType.Domain, Domain), location);
这将使您获得与该站点和域关联的DC,该DC与拓扑中指定IP地址最接近。 然后,您将DC IP地址传递给主体上下文。
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, dc.IPAddress, path, ContextOptions.Negotiate, ManagementUsername, ManagementPassword))
{
try
{
using (UserPrincipal up = new UserPrincipal(pc, username, password, true))
{
up.GivenName = firstName; up.Surname = lastName; up.DisplayName = firstName + " " + lastName; up.UserPrincipalName = username + "@" + Domain; up.Save();
}
}
catch (PasswordException) { return null; }
}
并创建一个用户。
注意:IPAddress函数是通过github上的NetTools IPAddressRange类及其以下自定义扩展来完成的。
/// <summary>
/// All extensions for IPAddress type
/// </summary>
public static class IPAddressExtension
{
/// <summary>
/// Determine whether this IP address is part of the range/subnet
/// </summary>
/// <param name="range">A range of IPAddresses</param>
/// <returns></returns>
public static bool IsInRange(this IPAddress thisIP, IPAddressRange range)
{
return range.Contains(thisIP);
}
/// <summary>
/// Determine whether this IP address is part of the range/subnet
/// </summary>
/// <param name="range">Can be specified in CIDR/UNI (ex: 192.168.10.0/24) </param>
/// <returns></returns>
public static bool IsInRange(this IPAddress thisIP, string rangeIP)
{
IPAddressRange range = IPAddressRange.Parse(rangeIP);
return range.Contains(thisIP);
}
/// <summary>
/// Determine whether this IP address is part of the range/subnet
/// </summary>
/// <param name="ipBegin">Beginning IP address of range</param>
/// <param name="ipEnd">Ending IP address of range</param>
/// <returns></returns>
public static bool IsInRange(this IPAddress thisIP, IPAddress ipBegin, IPAddress ipEnd)
{
IPAddressRange range = new IPAddressRange(ipBegin, ipEnd);
return range.Contains(thisIP);
}
}
C#:从域名中获取 IP 地址?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.