[英]How to determine if user account is enabled or disabled
我正在拼湊一個快速的 C# win 表單應用程序來幫助解決重復的文書工作。
我已經在 AD 中搜索了所有用戶帳戶,並將它們添加到帶有復選框的列表視圖中。
我想默認 listviewitems 的默認檢查狀態取決於帳戶的啟用/禁用狀態。
string path = "LDAP://dc=example,dc=local";
DirectoryEntry directoryRoot = new DirectoryEntry(path);
DirectorySearcher searcher = new DirectorySearcher(directoryRoot,
"(&(objectClass=User)(objectCategory=Person))");
SearchResultCollection results = searcher.FindAll();
foreach (SearchResult result in results)
{
DirectoryEntry de = result.GetDirectoryEntry();
ListViewItem lvi = new ListViewItem(
(string)de.Properties["SAMAccountName"][0]);
// lvi.Checked = (bool) de.Properties["AccountEnabled"]
lvwUsers.Items.Add(lvi);
}
我正在努力尋找正確的屬性來解析以從 DirectoryEntry 對象中獲取帳戶的狀態。 我搜索了AD User attributes ,但沒有找到任何有用的東西。
任何人都可以提供任何指示嗎?
這里的代碼應該可以工作...
private bool IsActive(DirectoryEntry de)
{
if (de.NativeGuid == null) return false;
int flags = (int)de.Properties["userAccountControl"].Value;
return !Convert.ToBoolean(flags & 0x0002);
}
使用 System.DirectoryServices.AccountManagement:domainName 和 username 必須是域和用戶名的字符串值。
using (var domainContext = new PrincipalContext(ContextType.Domain, domainName))
{
using (var foundUser = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, username))
{
if (foundUser.Enabled.HasValue)
{
return (bool)foundUser.Enabled;
}
else
{
return true; //or false depending what result you want in the case of Enabled being NULL
}
}
}
不是有人問過,但這是一個java版本(因為我最終在這里尋找一個)。 空檢查留給讀者作為練習。
private Boolean isActive(SearchResult searchResult) {
Attribute userAccountControlAttr = searchResult.getAttributes().get("UserAccountControl");
Integer userAccountControlInt = new Integer((String) userAccoutControlAttr.get());
Boolean disabled = BooleanUtils.toBooleanObject(userAccountControlInt & 0x0002);
return !disabled;
}
你可以使用這樣的東西:
ADUserAccountControl flags;
Enum.TryParse(de.Properties["userAccountControl"].Value.ToString(), out flags);
if(flags.HasFlag(ADUserAccountControl.ACCOUNTDISABLE)
{
// account is disabled
}
這是所有可能標志的完整列表:
/// <summary>
/// Source: https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
/// </summary>
public enum ADUserAccountControl : long
{
SCRIPT = 0x0001,
ACCOUNTDISABLE = 0x0002,
HOMEDIR_REQUIRED = 0x0008,
LOCKOUT = 0x0010,
PASSWD_NOTREQD = 0x0020,
PASSWD_CANT_CHANGE = 0x0040,
ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080,
TEMP_DUPLICATE_ACCOUNT = 0x0100,
NORMAL_ACCOUNT = 0x0200,
INTERDOMAIN_TRUST_ACCOUNT = 0x0800,
WORKSTATION_TRUST_ACCOUNT = 0x1000,
SERVER_TRUST_ACCOUNT = 0x2000,
DONT_EXPIRE_PASSWORD = 0x10000,
MNS_LOGON_ACCOUNT = 0x20000,
SMARTCARD_REQUIRED = 0x40000,
TRUSTED_FOR_DELEGATION = 0x80000,
NOT_DELEGATED = 0x100000,
USE_DES_KEY_ONLY = 0x200000,
DONT_REQ_PREAUTH = 0x400000,
PASSWORD_EXPIRED = 0x800000,
TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000,
PARTIAL_SECRETS_ACCOUNT = 0x04000000,
}
我來這里是為了尋找答案,但它僅適用於DirectoryEntry 。 所以這是一個適用於SearchResult / SearchResultCollection的代碼,適用於有同樣問題的人:
private bool checkIfActive(SearchResult sr)
{
var vaPropertiy = sr.Properties["userAccountControl"];
if (vaPropertiy.Count > 0)
{
if (vaPropertiy[0].ToString() == "512" || vaPropertiy[0].ToString() == "66048")
{
return true;
}
return false;
}
return false;
}
使用PrincipalContext方法確定目錄用戶的帳戶是否已禁用帳戶
[英]Determine if a directory user's account is disabled account using PrincipalContext approach
啟用了視圖狀態的用戶控件,但放置在禁用了視圖狀態的頁面內。如何訪問?
[英]User control with viewstate enabled but placed inside page with viewstate disabled.How can i access?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.