首先我們來了解一下什麼是Active Directory。不用我描述,看以下網址,或在.Net自帶幫助文檔裡根據Active Directory關鍵字一搜,就什麼都明白了。
接下來,我們來看看權限。你可以通過“網上鄰居--整個網絡--Directory--demain(你的域名)”你就可以看到所有關於域下的信息,粗一看就知道是怎麼回事了。
需要告訴大家的:所有組織單位下的用戶都在Users(容器)--Demain Users(組)中
用代碼進行訪問時,如果你是域管理員用戶,則可以做任何操作,否則,只能查詢用戶屬性。
private void SearchUser()
{
string domainName = "Domain";
string groupName = "Domain Users";
string dirmemName="";
//在Domain Users域用戶裡取得每個用戶名
System.DirectoryServices.DirectoryEntry group = new System.DirectoryServices.DirectoryEntry("WinNT://" + domainName + "/" + groupName + ",group");
foreach(Object member in (IEnumerable)group.Invoke("Members"))
{
//根據很個用戶生成如:"LDAP://OU=套裝軟體課,OU=系統開發部,OU=資訊服務處,OU=營運支援中心,OU=XX公司,DC=Domain,DC=com,DC=cn"
System.DirectoryServices.DirectoryEntry dirmem = new System.DirectoryServices.DirectoryEntry(member);
dirmemName=dirmem.Name;
string DomainName="Domain";
string FilterStr = "(sAMaccountname="+dirmemName+")";
System.DirectoryServices.DirectorySearcher FindMe = new System.DirectoryServices.DirectorySearcher(DomainName);
FindMe.Filter = FilterStr;
System.DirectoryServices.SearchResult FindRes = FindMe.FindOne();
System.DirectoryServices.DirectoryEntry MyUser = FindRes.GetDirectoryEntry();
string OUPath=MyUser.Parent.Path;
//找到該用戶所在的LDAP:後,由域管理員登錄,並取得該用戶的所在屬性。
string strFieldsValue="",strFIElds="";
System.DirectoryServices.DirectoryEntry myds=new System.DirectoryServices.DirectoryEntry(OUPath,"域管理員名","域管理員密碼");
foreach(System.DirectoryServices.DirectoryEntry tempEntry in myds.Children)
{
if(tempEntry.ScheMaclassName.ToString() == "user" && tempEntry.PropertIEs["sAMaccountName"].Value.ToString().ToLower()==dirmemName)
{
foreach (string propertyName in tempEntry.PropertIEs.PropertyNames )
{
string oneNode = propertyName + ": " +
entry.PropertIEs[propertyName][0].ToString();
this.Textbox1.Text=oneNode;
}
}
-------------------------------------------
public void AddUser(string strPath,string Username,string ChineseName)//strPath 增加用戶至哪個組織單位如"LDAP://OU=XX公司,DC=Domain,DC=com"帳號、中文名{
try
{
string RootDSE;
//System.DirectoryServices.DirectorySearcher DSESearcher= new System.DirectoryServices.DirectorySearcher();
//RootDSE=DSESearcher.SearchRoot.Path;
//RootDSE="LDAP://DC=Domain,DC=com";
//RootDSE=RootDSE.Insert(7,"CN=Users,");
System.DirectoryServices.DirectoryEntry myDE = new System.DirectoryServices.DirectoryEntry(strPath);
System.DirectoryServices.DirectoryEntries myEntrIEs = myDE.Children;
// Create a new entry 'Sample' in the container.
string strname="CN="+ChineseName;
System.DirectoryServices.DirectoryEntry myDirectoryEntry = myEntrIEs.Add(strname, "user");
//MessageBox.Show(myDirectoryEntry.ScheMaclassName.ToString());
myDirectoryEntry.PropertIEs["userPrincipalName"].Value=Username;
myDirectoryEntry.PropertIEs["name"].Value=ChineseName;
myDirectoryEntry.PropertIEs["saMaccountName"].Value=Username;
myDirectoryEntry.PropertIEs["userAccountControl"].Value =66048; //590336;
myDirectoryEntry.CommitChanges();
}
----------------------------------------------
private void addOU(string strPath,string OUName)//增加組織到strPath組織單位下,組織名稱
{
try
{
//String RootDSE;
//System.DirectoryServices.DirectorySearcher DSESearcher= new System.DirectoryServices.DirectorySearcher();
//RootDSE=DSESearcher.SearchRoot.Path;
//RootDSE="LDAP://OU=百意時尚廣場,DC=Domain,DC=com";
System.DirectoryServices.DirectoryEntry myDE = new System.DirectoryServices.DirectoryEntry(strPath);
System.DirectoryServices.DirectoryEntries myEntrIEs = myDE.Children;
string name="OU="+OUName;
System.DirectoryServices.DirectoryEntry myDirectoryEntry = myEntrIEs.Add(name,"organizationalUnit");
myDirectoryEntry.PropertIEs["name"].Value=OUName;
myDirectoryEntry.PropertIEs["instanceType"].Value=4;
myDirectoryEntry.PropertIEs["distinguishedName"].Value="OU="+OUName+",DC=Domain,DC=COM)";
myDirectoryEntry.PropertIEs["objectCategory"].Value="CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=sedep,DC=COM";
myDirectoryEntry.PropertIEs["ou"].Value=OUName;
myDirectoryEntry.PropertIEs["postalCode"].Value="777";
myDirectoryEntry.CommitChanges();
//UserMoveto("LDAP://OU="+OUName+",DC=sedep,DC=com",strPath);
}
catch(Exception RaiseErr)
{
MessageBox.Show (RaiseErr.Message);
}
}
---------------------------------------------
private void ModifyUser()
{
try
{
string DomainName="Domain";
string FilterStr = "(sAMaccountname=karlluo)";
System.DirectoryServices.DirectorySearcher FindMe = new System.DirectoryServices.DirectorySearcher(DomainName);
FindMe.Filter = FilterStr;
System.DirectoryServices.SearchResult FindRes = FindMe.FindOne();
string tt=FindRes.Path;
System.DirectoryServices.DirectoryEntry MyUser = FindRes.GetDirectoryEntry();
string OUPath=MyUser.Parent.Path;
DirectoryEntry myds=new DirectoryEntry(OUPath,"域管理員名","域管理員密碼");
foreach(System.DirectoryServices.DirectoryEntry tempEntry in myds.Children)
{
if(tempEntry.ScheMaclassName.ToString() == "user")
{
if(tempEntry.PropertIEs["sAMaccountName"].Value.ToString().ToLower()=="karlluo")
{
tempEntry.UsePropertyCache=true;
tempEntry.PropertIEs["st"].Value="yyyyyyyyyyyyyyyy";
//newEntry.PropertIEs["userPrincipalName"].Value="userID";
tempEntry.CommitChanges();
}
}
}
}
catch(Exception RaiseErr)
{
MessageBox.Show (RaiseErr.Message);
}
}
