首先我们来了解一下什么是Active Directory。不用我描述,看以下网址,或在.net自带帮助文档里根据Active Directory关键字一搜,就什么都明白了。
接下来,我们来看看权限。你可以通过“网上邻居--整个网络--Directory--demain(你的域名)”你就可以看到所有关于域下的信息,粗一看就知道是怎么回事了。
需要告诉大家的:所有组织单位下的用户都在Users(容器)--Demain Users(组)中
用代码进行访问时,如果你是域管理员用户,则可以做任何操作,否则,只能查询用户属性。
private void SearchUser()
{
string domainName = \"Domain\";
string groupName = \"Domain Users\";
string dirmemName=\"\";
//在Domain Users域用户里取得每个用户名
System.DirectoryServices.DirectoryEntry group = new System.DirectoryServices.DirectoryEntry(\"WinNT://\" + domainName + \"/\" + groupName + \",group\");
foreach(Object member in (IEnumerable)group.Invoke(\"Members\"))
{
//根据很个用户生成如:\"LDAP://OU=套装软体课,OU=系统开发部,OU=资讯服务处,OU=营运支援中心,OU=XX公司,DC=Domain,DC=com,DC=cn\"
System.DirectoryServices.DirectoryEntry dirmem = new System.DirectoryServices.DirectoryEntry(member);
dirmemName=dirmem.Name;
string DomainName=\"Domain\";
string FilterStr = \"(sAMAccountname=\"+dirmemName+\")\";
System.DirectoryServices.DirectorySearcher FindMe = new System.DirectoryServices.DirectorySearcher(DomainName);
FindMe.Filter = FilterStr;
System.DirectoryServices.SearchResult FindRes = FindMe.FindOne();
System.DirectoryServices.DirectoryEntry MyUser = FindRes.GetDirectoryEntry();
string OUPath=MyUser.Parent.Path;
//找到该用户所在的LDAP:后,由域管理员登录,并取得该用户的所在属性。
string strFieldsValue=\"\",strFields=\"\";
System.DirectoryServices.DirectoryEntry myds=new System.DirectoryServices.DirectoryEntry(OUPath,\"域管理员名\",\"域管理员密码\");
foreach(System.DirectoryServices.DirectoryEntry tempEntry in myds.Children)
{
if(tempEntry.SchemaClassName.ToString() == \"user\" && tempEntry.Properties[\"sAMAccountName\"].Value.ToString().ToLower()==dirmemName)
{
foreach (string propertyName in tempEntry.Properties.PropertyNames )
{
string oneNode = propertyName + \": \" +
entry.Properties[propertyName][0].ToString();
this.Textbox1.Text=oneNode;
}
}
-------------------------------------------
public void AddUser(string strPath,string Username,string ChineseName)//strPath 增加用户至哪个组织单位如\"LDAP://OU=XX公司,DC=Domain,DC=com\"帐号、中文名{
try
{
string RootDSE;
//System.DirectoryServices.DirectorySearcher DSESearcher= new System.DirectoryServices.DirectorySearcher();
//RootDSE=DSESearcher.SearchRoot.Path;
//RootDSE=\"LDAP://DC=Domain,DC=com\";
//RootDSE=RootDSE.Insert(7,\"CN=Users,\");
System.DirectoryServices.DirectoryEntry myDE = new System.DirectoryServices.DirectoryEntry(strPath);
System.DirectoryServices.DirectoryEntries myEntries = myDE.Children;
// Create a new entry \'Sample\' in the container.
string strname=\"CN=\"+ChineseName;
System.DirectoryServices.DirectoryEntry myDirectoryEntry = myEntries.Add(strname, \"user\");
//MessageBox.Show(myDirectoryEntry.SchemaClassName.ToString());
myDirectoryEntry.Properties[\"userPrincipalName\"].Value=Username;
myDirectoryEntry.Properties[\"name\"].Value=ChineseName;
myDirectoryEntry.Properties[\"samAccountName\"].Value=Username;
myDirectoryEntry.Properties[\"userAccountControl\"].Value =66048; //590336;
myDirectoryEntry.CommitChanges();
}
----------------------------------------------
private void addOU(string strPath,string OUName)//增加组织到strPath组织单位下,组织名称
{
try
{
//String RootDSE;
//System.DirectoryServices.DirectorySearcher DSESearcher= new System.DirectoryServices.DirectorySearcher();
//RootDSE=DSESearcher.SearchRoot.Path;
//RootDSE=\"LDAP://OU=百意时尚广场,DC=Domain,DC=com\";
System.DirectoryServices.DirectoryEntry myDE = new System.DirectoryServices.DirectoryEntry(strPath);
System.DirectoryServices.DirectoryEntries myEntries = myDE.Children;
string name=\"OU=\"+OUName;
System.DirectoryServices.DirectoryEntry myDirectoryEntry = myEntries.Add(name,\"organizationalUnit\");
myDirectoryEntry.Properties[\"name\"].Value=OUName;
myDirectoryEntry.Properties[\"instanceType\"].Value=4;
myDirectoryEntry.Properties[\"distinguishedName\"].Value=\"OU=\"+OUName+\",DC=Domain,DC=COM)\";
myDirectoryEntry.Properties[\"objectCategory\"].Value=\"CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=sedep,DC=COM\";
myDirectoryEntry.Properties[\"ou\"].Value=OUName;
myDirectoryEntry.Properties[\"postalCode\"].Value=\"777\";
myDirectoryEntry.CommitChanges();
//UserMoveto(\"LDAP://OU=\"+OUName+\",DC=sedep,DC=com\",strPath);
}
catch(Exception RaiseErr)
{
MessageBox.Show (RaiseErr.Message);
}
}
---------------------------------------------
private void ModifyUser()
{
try
{
string DomainName=\"Domain\";
string FilterStr = \"(sAMAccountname=karlluo)\";
System.DirectoryServices.DirectorySearcher FindMe = new System.DirectoryServices.DirectorySearcher(DomainName);
FindMe.Filter = FilterStr;
System.DirectoryServices.SearchResult FindRes = FindMe.FindOne();
string tt=FindRes.Path;
System.DirectoryServices.DirectoryEntry MyUser = FindRes.GetDirectoryEntry();
string OUPath=MyUser.Parent.Path;
DirectoryEntry myds=new DirectoryEntry(OUPath,\"域管理员名\",\"域管理员密码\");
foreach(System.DirectoryServices.DirectoryEntry tempEntry in myds.Children)
{
if(tempEntry.SchemaClassName.ToString() == \"user\")
{
if(tempEntry.Properties[\"sAMAccountName\"].Value.ToString().ToLower()==\"karlluo\")
{
tempEntry.UsePropertyCache=true;
tempEntry.Properties[\"st\"].Value=\"yyyyyyyyyyyyyyyy\";
//newEntry.Properties[\"userPrincipalName\"].Value=\"userID\";
tempEntry.CommitChanges();
}
}
}
}
catch(Exception RaiseErr)
{
MessageBox.Show (RaiseErr.Message);
}
} |