![](/img/trans.png)
[英]Active Directory LDAP connection using System.DirectoryServices - The server is not operational
[英]Active Directory: System.DirectoryServices namespace. Getting “An invalid directory pathname was passed”
按照Howto :(幾乎)通過C#教程在Active Directory中進行所有操作我試圖編寫一段內容,以便使用System.DirectoryServices
命名空間將用戶添加到Active Directory中,但是每次嘗試都出現標題中提到的錯誤。
正如錯誤所暗示的,我看了我的路徑名是如何構造的,但我仍然有疑問。
我的目標是添加一個新用戶並將該用戶放入AD組。 從技術上講,我們的“組”實際上只是父DC下的組織單位。
我們的廣告層次結構通常采用以下格式:
OU(部門名稱)> OU(用戶)> CN(用戶)
我還假定我可以在添加新帳戶時為用戶設置某些屬性,盡管我不確定對此有什么限制。
以下是我編寫的代碼。 除了Code Project上的文章外,我已經閱讀了幾篇文章,但是我不確定這是否只是我缺乏理解或什么。 當然,這並不像我要說的那么困難。 我可能還不太了解AD。
public static string CreateUserAccount()
{
try
{
DirectoryEntryData newUserADdata = new DirectoryEntryData();
string oGUID = string.Empty;
string connectionPrefix = "LDAP://" + "DOMAIN";
DirectoryEntry dirEntry = new DirectoryEntry(connectionPrefix);
DirectoryEntry newUser = dirEntry.Children.Add
// Define directory entry based on Organizational Units and Common Names
("CN=" + newUserADdata.NewUserFirstName + newUserADdata.NewUserLastName + ", OU = " + newUserADdata.NewUserOrganizationDepartment + ", DC = domain, DC = local", "user");
// Prepair Data for New Entry
// Initial Login Information
newUser.Properties["samAccountName"].Value = newUserADdata.NewUserLoginUserName; // Set Initial Username
newUser.Invoke("SetPassword", new object[] { newUserADdata.NewUserLoginPassword }); // Set Initial Password
newUser.Properties["userPrincipalName"].Value = newUserADdata.NewUserLoginUserName + "@domain.local"; // Principal Name
newUser.Properties["pwdLastSet"].Value = "0"; // Set "Password Last Set" property to 0 to invoke a password change upon first login
// General
newUser.Properties["givenName"].Value = newUserADdata.NewUserFirstName; // First name
newUser.Properties["sn"].Value = newUserADdata.NewUserLastName; // Last Name
newUser.Properties["displayName"].Value = newUserADdata.NewUserDisplayName; // Display Name
newUser.Properties["description"].Value = newUserADdata.NewUserDescription; // Description
newUser.Properties["physicalDeliveryOfficeName"].Value = newUserADdata.NewUserOffice; // Office
newUser.Properties["telephoneNumber"].Value = newUserADdata.NewUserTelephone; // Telephone Number
newUser.Properties["homeDrive"].Value = newUserADdata.NewUserHomeDriveLetter; // Home Drive Letter (H:)
newUser.Properties["homeDirectory"].Value = newUserADdata.NewUserHomeDrivePath; // Home Drive Path
// Telephones
newUser.Properties["homePhone"].Value = newUserADdata.NewUserTelephoneHome; // Home Phone Number
newUser.Properties["pager"].Value = newUserADdata.NewUserTelephonePager; // Pager Number
newUser.Properties["mobile"].Value = newUserADdata.NewUserTelephoneMobile; // Mobile Phone Number
newUser.Properties["facsimileTelephoneNumber"].Value = newUserADdata.NewUserTelephoneFax; // Fax Number
newUser.Properties["ipPhone"].Value = newUserADdata.NewUserTelephoneIP; // IP Phone Number
// Address
newUser.Properties["streetAddress"].Value = newUserADdata.NewUserAddressStreet; // Street
newUser.Properties["postOfficeBox"].Value = newUserADdata.NewUserAddressPObox; // P.O. Box
newUser.Properties["l"].Value = newUserADdata.NewUserAddressCity; // City
newUser.Properties["st"].Value = newUserADdata.NewUserAddressState; // State/Province
newUser.Properties["postalCode"].Value = newUserADdata.NewUserAddressZipCode; // Zip/Postal Code
newUser.Properties["c"].Value = newUserADdata.NewUserAddressCountry; // Country/Region Name
// Organization
newUser.Properties["title"].Value = newUserADdata.NewUserOrganizationJobTitle; // Job Title
newUser.Properties["department"].Value = newUserADdata.NewUserOrganizationDepartment; // Deparment
newUser.Properties["company"].Value = newUserADdata.NewUserOrganizationCompany; // Company
newUser.Properties["manager"].Value = newUserADdata.NewUserOrganizationManagerName; // Manager Name
newUser.CommitChanges();
oGUID = newUser.Guid.ToString();
int val = (int)newUser.Properties["userAccountControl"].Value;
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
/// Account Control Flags :: syntax :: val | hex | hex | and so on... http://support.microsoft.com/kb/305144
//////////////////////////////////////////////////////////////////////////////////////////////////////////////
newUser.Properties["userAccountControl"].Value = val | 512; // Normal User Settings
newUser.CommitChanges();
dirEntry.Close();
newUser.Close();
}
catch (System.DirectoryServices.DirectoryServicesCOMException e)
{
return "<br /><br /><div class='alert alert-danger'><b><i class='fa fa-exclamation-triangle'></i> An Error has occured:</b> <br /><br />" + e.ToString() + "</div>";
}
return "<br /><br /><div class='alert alert-success'><b>Success:<b> <br /><br />The User has been successfully added to Active Directory.</div>";
}
知道如何使它起作用嗎? 我真的很感激。
更新:
對於您中的那些人,通過搜索AD解決方案可以引出這篇文章。
我已經接受了marc_s提出的解決方案。 這使事情變得更加容易並加快了開發速度。 值得一提的是UserPrincipal類的屬性有一些限制。 我為此找到的解決方案是使用Principal Extensions 。 這將允許您將不包含的其他屬性添加到類中,例如physicalDeliveryOfficeName
或facsimileTelephoneNumber
。
如果您使用的是.NET 3.5及更高版本,則應簽出System.DirectoryServices.AccountManagement
(S.DS.AM)命名空間。 在這里閱讀所有內容:
基本上,您可以定義域上下文並輕松找到AD中的用戶和/或組:
// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
// do something here....
}
// add a new user
UserPrincipal newUser = new UserPrincipal(ctx);
// set properties
newUser.givenName = "....";
newUser.surname = "....";
.....
// save new user
newUser.Save();
}
新的S.DS.AM使得與AD中的用戶和組玩起來非常容易!
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.