AD用户操作

系统 1563 0

本人在网上公开的源代码上加上了,搜索,修改,删除。

using System;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using System.Data;


namespace Common
{
    public class ADHelper
    {
        private static string DomainName = "VMEX";

        private static string LDAPDomain = "DC=VMEX,DC=local";

        private static string ADPath = " LDAP://DC=VMEX,DC=local ";

        //AD管理员帐号
        private static string ADUser = "Administrator";

        //AD管理员密码
        private static string ADPasssWord = " 1234@abcd ";

        private static IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPasssWord, DomainName);

        ///
        ///用户登录验证结果
        ///
        public enum LoginResult
        {
            ///
            ///正常登录
            ///
            LOGIN_USER_OK = 0,
            ///
            ///用户不存在
            ///
            LOGIN_USER_DOESNT_EXIST,
            ///
            ///用户帐号被禁用
            ///
            LOGIN_USER_ACCOUNT_INACTIVE,
            ///
            ///用户密码不正确
            ///
            LOGIN_USER_PASSWORD_INCORRECT
        }

        ///
        ///用户属性定义标志
        ///
        public enum ADS_USER_FLAG_ENUM
        {
            ///
            ///登录脚本标志。如果通过 ADSI LDAP 进行读或写操作时,该标志失效。如果通过 ADSI WINNT,该标志为只读。
            ///
            ADS_UF_SCRIPT = 0X0001,
            ///
            ///用户帐号禁用标志
            ///
            ADS_UF_ACCOUNTDISABLE = 0X0002,
            ///
            ///主文件夹标志
            ///
            ADS_UF_HOMEDIR_REQUIRED = 0X0008,
            ///
            ///过期标志
            ///
            ADS_UF_LOCKOUT = 0X0010,
            ///
            ///用户密码不是必须的
            ///
            ADS_UF_PASSWD_NOTREQD = 0X0020,
            ///
            ///密码不能更改标志
            ///
            ADS_UF_PASSWD_CANT_CHANGE = 0X0040,
            ///
            ///使用可逆的加密保存密码
            ///
            ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,
            ///
            ///本地帐号标志
            ///
            ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,
            ///
            ///普通用户的默认帐号类型
            ///
            ADS_UF_NORMAL_ACCOUNT = 0X0200,
            ///
            ///跨域的信任帐号标志
            ///
            ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,
            ///
            ///工作站信任帐号标志
            ///
            ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,
            ///
            ///服务器信任帐号标志
            ///
            ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,
            ///
            ///密码永不过期标志
            ///
            ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,
            ///
            /// MNS 帐号标志
            ///
            ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,
            ///
            ///交互式登录必须使用智能卡
            ///
            ADS_UF_SMARTCARD_REQUIRED = 0X40000,
            ///
            ///当设置该标志时,服务帐号(用户或计算机帐号)将通过 Kerberos 委托信任
            ///
            ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000,
            ///
            ///当设置该标志时,即使服务帐号是通过 Kerberos 委托信任的,敏感帐号不能被委托
            ///
            ADS_UF_NOT_DELEGATED = 0X100000,
            ///
            ///此帐号需要 DES 加密类型
            ///
            ADS_UF_USE_DES_KEY_ONLY = 0X200000,
            ///
            ///不要进行 Kerberos 预身份验证
            ///
            ADS_UF_DONT_REQUIRE_PREAUTH = 0X4000000,
            ///
            ///用户密码过期标志
            ///
            ADS_UF_PASSWORD_EXPIRED = 0X800000,
            ///
            ///用户帐号可委托标志
            ///
            ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0X1000000
        }

        public ADHelper()
        {
            //
        }

        ///
        ///获得DirectoryEntry对象实例,以管理员登陆AD
        ///
        ///
        private static DirectoryEntry GetDirectoryObject()
        {
            DirectoryEntry entry = new DirectoryEntry(ADPath, ADUser, ADPasssWord, AuthenticationTypes.Secure);
            return entry;
        }

        ///
        ///根据指定用户名和密码获得相应DirectoryEntry实体
        ///
        ///
        ///
        ///
        private static DirectoryEntry GetDirectoryObject(string userName, string password)
        {
            DirectoryEntry entry = new DirectoryEntry(ADPath, userName, password, AuthenticationTypes.None);
            return entry;
        }

        private static DirectoryEntry GetDirectoryObject(string domainReference)
        {
            DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, ADUser, ADPasssWord, AuthenticationTypes.Secure);
            return entry;
        }

        /// <summary>
        /// 找到该用户对象
        /// </summary>
        /// <param name="commonName"></param>
        /// <returns></returns>
        public static DirectoryEntry GetDirectoryEntry(string commonName)
        {
            DirectoryEntry de = GetDirectoryObject();
            DirectorySearcher deSearch = new DirectorySearcher(de);
            deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";
            deSearch.SearchScope = SearchScope.Subtree;

            try
            {
                SearchResult result = deSearch.FindOne();
                de = new DirectoryEntry(result.Path);
                return de;
            }
            catch
            {
                return null;
            }

        }

         ///
         ///根据用户公共名称和密码取得用户的 对象。
         ///
         ///用户公共名称
         ///用户密码
         ///如果找到该用户,则返回用户的 对象;否则返回 null
         public static DirectoryEntry GetDirectoryEntry(string commonName, string password)
         {
              DirectoryEntry de = GetDirectoryObject(commonName, password);
              DirectorySearcher deSearch = new DirectorySearcher(de);
              deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";
              deSearch.SearchScope = SearchScope.Subtree;
 
              try
              {
                   SearchResult result = deSearch.FindOne();
                   de = new DirectoryEntry(result.Path);
                   return de;
              }
              catch
              {
                   return null;
              }
         }
 
         ///
         ///根据用户帐号称取得用户的 对象
         ///
         ///用户帐号名
         ///如果找到该用户,则返回用户的 对象;否则返回 null
         public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName)
         {
              DirectoryEntry de = GetDirectoryObject();
              DirectorySearcher deSearch = new DirectorySearcher(de);
              deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
              deSearch.SearchScope = SearchScope.Subtree;
 
              try
              {
                   SearchResult result = deSearch.FindOne();
                   de = new DirectoryEntry(result.Path);
                   return de;
              }
              catch
              {
                   return null;
              }
         }
 
         ///
         ///根据用户帐号和密码取得用户的 对象
         ///
         ///用户帐号名
         ///用户密码
         ///如果找到该用户,则返回用户的 对象;否则返回 null
         public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName, string password)
         {
              DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
              if (de != null)
              {
                   string commonName = de.Properties["cn"][0].ToString();
 
                   if (GetDirectoryEntry(commonName, password) != null)
                       return GetDirectoryEntry(commonName, password);
                   else
                       return null;
              }
              else
              {
                   return null;
              }
         }
 
         ///
         ///根据组名取得用户组的 对象
         ///
         ///组名
         ///
         public static DirectoryEntry GetDirectoryEntryOfGroup(string groupName)
         {
              DirectoryEntry de = GetDirectoryObject();
              DirectorySearcher deSearch = new DirectorySearcher(de);
              deSearch.Filter = "(&(objectClass=group)(cn=" + groupName + "))";
              deSearch.SearchScope = SearchScope.Subtree;
 
              try
              {
                   SearchResult result = deSearch.FindOne();
                   de = new DirectoryEntry(result.Path);
                   return de;
              }
              catch
              {
                   return null;
              }
         }
 
 
 
         #region GetProperty
 
         ///
         ///获得指定 指定属性名对应的值
         ///
         ///
         ///属性名称
         ///属性值
         public static string GetProperty(DirectoryEntry de, string propertyName)
         {
              if(de.Properties.Contains(propertyName))
              {
                   return de.Properties[propertyName][0].ToString() ;
              }
              else
              {
                   return string.Empty;
              }
         }
 
         ///
         ///获得指定搜索结果 中指定属性名对应的值
         ///
         ///
         ///属性名称
         ///属性值
         public static string GetProperty(SearchResult searchResult, string propertyName)
         {
              if(searchResult.Properties.Contains(propertyName))
              {
                   return searchResult.Properties[propertyName][0].ToString() ;
              }
              else
              {
                   return string.Empty;
              }
         }
 
         #endregion
 
         ///
         ///设置指定 的属性值
         ///
         ///
         ///属性名称
         ///属性值
         public static void SetProperty(DirectoryEntry de, string propertyName, string propertyValue)
         {
              if(propertyValue != string.Empty || propertyValue != "" || propertyValue != null)
              {
                   if(de.Properties.Contains(propertyName))
                   {
                       de.Properties[propertyName][0] = propertyValue;
                   }
                   else
                   {
                       de.Properties[propertyName].Add(propertyValue);
                   }
              }
         }
 
         ///
         ///创建新的用户
         ///
         ///N 位置。例如:OU=共享平台 或 CN=Users
         ///公共名称
         ///帐号
         ///密码
         ///physicalDeliveryOfficeName:办公位置:
         ///description:设备描述:
         ///telephoneNumber:固资编码:
         ///department:部门(二级部门):
         ///company:公司(一级部门):
         ///wWWHomePage:IP 地址:
         public static DirectoryEntry CreateNewUser(string ldapDN,string snName, string commonName, string sAMAccountName, string password,
             string description,string physicalDeliveryOfficeName,
             string telephoneNumber, string department,string title,
            string company, string wWWHomePage)
         {
              DirectoryEntry entry = GetDirectoryObject();
              DirectoryEntry subEntry = entry.Children.Find(ldapDN);
              DirectoryEntry deUser = subEntry.Children.Add("CN=" + commonName, "user");
              deUser.Properties["sAMAccountName"].Value = sAMAccountName;
              //deUser.Properties["description"].Value = description;
              //deUser.Properties["physicalDeliveryOfficeName"].Value = physicalDeliveryOfficeName;
              //deUser.Properties["telephoneNumber"].Value = telephoneNumber;
              //deUser.Properties["department"].Value = department;
              //deUser.Properties["title"].Value = title;
              //deUser.Properties["company"].Value = company;
              //deUser.Properties["wWWHomePage"].Value = wWWHomePage;
              ADHelper.SetProperty(deUser, "sn", snName);
              ADHelper.SetProperty(deUser, "description", description);
              ADHelper.SetProperty(deUser, "physicalDeliveryOfficeName", physicalDeliveryOfficeName);
              ADHelper.SetProperty(deUser, "telephoneNumber", telephoneNumber);
              ADHelper.SetProperty(deUser, "department", department);
              ADHelper.SetProperty(deUser, "title", title);
              ADHelper.SetProperty(deUser, "company", company);
              ADHelper.SetProperty(deUser, "wWWHomePage", wWWHomePage);
              deUser.CommitChanges();
           
              //ADHelper.SetProperty(deUser, "description", description);
              ADHelper.SetPassword(commonName, password);
              ADHelper.EnableUser(commonName);
             
              deUser.Close();
              return deUser;
         }


        /// <summary>
        /// 删除用户
        ///
        /// </summary>
        /// <param name="ldapDN"></param>
        /// <param name="sAMAccountName"></param>
         public static void DelUser(string ldapDN, string sAMAccountName)
         {
             DirectoryEntry entry = GetDirectoryObject();
             DirectoryEntry subEntry = entry.Children.Find(ldapDN);

             DirectorySearcher deSearch = new DirectorySearcher(subEntry);
            deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
            deSearch.SearchScope = SearchScope.Subtree;
 
            SearchResult result = deSearch.FindOne();
            DirectoryEntry de = new DirectoryEntry(result.Path);
          
            subEntry.Children.Remove(de);
 
            entry.CommitChanges();

            de.Close();
         }

         public static DataTable GetAllUser(string ouName)
         {
             DataTable dt = new DataTable();
             dt.Columns.Add("CN");
             dt.Columns.Add("sAMAccountName");
             dt.Columns.Add("description");
             dt.Columns.Add("physicalDeliveryOfficeName");
             dt.Columns.Add("telephoneNumber");
             dt.Columns.Add("department");
             dt.Columns.Add("title");
             dt.Columns.Add("company");
             dt.Columns.Add("wWWHomePage");

             DirectoryEntry adRoot = GetDirectoryObject();
             //设备MAC认证
             DirectoryEntry ou = adRoot.Children.Find("OU=" + ouName);

             DirectorySearcher mySearcher = new DirectorySearcher(ou);
             //(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))
             //mySearcher.Filter = ("(objectClass=user)");
             mySearcher.Filter = "(&(&(objectCategory=person)(objectClass=user)))";

             foreach (System.DirectoryServices.SearchResult resEnt in mySearcher.FindAll())
             {
                 DataRow dr = dt.NewRow();
                 dr["CN"] = string.Empty;
                 dr["sAMAccountName"] = string.Empty;
                 dr["description"] = string.Empty;
                 dr["physicalDeliveryOfficeName"] = string.Empty;
                 dr["telephoneNumber"] = string.Empty;
                 dr["department"] = string.Empty;
                 dr["title"] = string.Empty;
                 dr["company"] = string.Empty;
                 dr["wWWHomePage"] = string.Empty;


                 DirectoryEntry user = resEnt.GetDirectoryEntry();

                 if (user.Properties.Contains("sAMAccountName"))
                 {
                     dr["sAMAccountName"] = user.Properties["sAMAccountName"][0].ToString();
                 }
                 if (user.Properties.Contains("CN"))
                 {
                     dr["CN"] = user.Properties["CN"][0].ToString();
                 }

                 if (user.Properties.Contains("description"))
                 {
                     dr["description"] = user.Properties["description"][0].ToString();
                 }
                 if (user.Properties.Contains("physicalDeliveryOfficeName"))
                 {
                     dr["physicalDeliveryOfficeName"] = user.Properties["physicalDeliveryOfficeName"][0].ToString();
                 }
                 if (user.Properties.Contains("telephoneNumber"))
                 {
                     dr["telephoneNumber"] = user.Properties["telephoneNumber"][0].ToString();
                 }
                 if (user.Properties.Contains("department"))
                 {
                     dr["department"] = user.Properties["department"][0].ToString();
                 }
                 if (user.Properties.Contains("title"))
                 {
                     dr["title"] = user.Properties["title"][0].ToString();
                 }
                 if (user.Properties.Contains("company"))
                 {
                     dr["company"] = user.Properties["company"][0].ToString();
                 }
                 if (user.Properties.Contains("wWWHomePage"))
                 {
                     dr["wWWHomePage"] = user.Properties["wWWHomePage"][0].ToString();
                 }
                 dt.Rows.Add(dr);

             }

             return dt;
         }

         /// <summary>
        /// 查询用户
        /// </summary>
        /// <param name="ouName"></param>
        /// <returns></returns>
         public static DataTable GetAdUser(string ouName, string commonName)
         {
             DataTable dt = new DataTable();
             dt.Columns.Add("cn");
             dt.Columns.Add("sAMAccountName");
             dt.Columns.Add("description");
             dt.Columns.Add("physicalDeliveryOfficeName");
             dt.Columns.Add("telephoneNumber");
             dt.Columns.Add("department");
             dt.Columns.Add("title");
             dt.Columns.Add("company");
             dt.Columns.Add("wWWHomePage");

             DirectoryEntry adRoot = GetDirectoryObject();
             //设备MAC认证
             DirectoryEntry ou = adRoot.Children.Find("OU=" + ouName);

             DirectorySearcher mySearcher = new DirectorySearcher(ou);
             //(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))
             //mySearcher.Filter = ("(objectClass=user)");
             mySearcher.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";

             foreach (System.DirectoryServices.SearchResult resEnt in mySearcher.FindAll())
             {
                 DataRow dr = dt.NewRow();
                 dr["cn"] = string.Empty;
                 dr["sAMAccountName"] = string.Empty;
                 dr["description"] = string.Empty;
                 dr["physicalDeliveryOfficeName"] = string.Empty;
                 dr["telephoneNumber"] = string.Empty;
                 dr["department"] = string.Empty;
                 dr["title"] = string.Empty;
                 dr["company"] = string.Empty;
                 dr["wWWHomePage"] = string.Empty;
                

                 DirectoryEntry user = resEnt.GetDirectoryEntry();
                 if (user.Properties.Contains("cn"))
                 {
                     dr["cn"] = user.Properties["cn"][0].ToString();
                 }

                 if (user.Properties.Contains("sAMAccountName"))
                 {
                     dr["sAMAccountName"] = user.Properties["sAMAccountName"][0].ToString();
                 }
                 if (user.Properties.Contains("description"))
                 {
                     dr["description"] = user.Properties["description"][0].ToString();
                 }
                 if (user.Properties.Contains("physicalDeliveryOfficeName"))
                 {
                     dr["physicalDeliveryOfficeName"] = user.Properties["physicalDeliveryOfficeName"][0].ToString();
                 }
                 if (user.Properties.Contains("telephoneNumber"))
                 {
                     dr["telephoneNumber"] = user.Properties["telephoneNumber"][0].ToString();
                 }
                 if (user.Properties.Contains("department"))
                 {
                     dr["department"] = user.Properties["department"][0].ToString();
                 }
                 if (user.Properties.Contains("title"))
                 {
                     dr["title"] = user.Properties["title"][0].ToString();
                 }
                 if (user.Properties.Contains("company"))
                 {
                     dr["company"] = user.Properties["company"][0].ToString();
                 }
                 if (user.Properties.Contains("wWWHomePage"))
                 {
                     dr["wWWHomePage"] = user.Properties["wWWHomePage"][0].ToString();
                 }
                 dt.Rows.Add(dr);

             }

             return dt;

         }


        /// <summary>
        ///
        /// </summary>
        /// <param name="ouName"></param>
        /// <param name="commonName">登陆帐号</param>
        /// <returns></returns>
         public static DataTable GetUser(string ouName, string commonName)
         {
             DataTable dt = new DataTable();
             dt.Columns.Add("cn");
             dt.Columns.Add("sAMAccountName");
             dt.Columns.Add("description");
             dt.Columns.Add("physicalDeliveryOfficeName");
             dt.Columns.Add("telephoneNumber");
             dt.Columns.Add("department");
             dt.Columns.Add("title");
             dt.Columns.Add("company");
             dt.Columns.Add("wWWHomePage");

             DirectoryEntry adRoot = GetDirectoryObject();
             //设备MAC认证
             DirectoryEntry ou = adRoot.Children.Find("OU=" + ouName);

             DirectorySearcher mySearcher = new DirectorySearcher(ou);
             //(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))
             //mySearcher.Filter = ("(objectClass=user)");
             mySearcher.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + commonName + "))";

             foreach (System.DirectoryServices.SearchResult resEnt in mySearcher.FindAll())
             {
                 DataRow dr = dt.NewRow();
                 dr["cn"] = string.Empty;
                 dr["sAMAccountName"] = string.Empty;
                 dr["description"] = string.Empty;
                 dr["physicalDeliveryOfficeName"] = string.Empty;
                 dr["telephoneNumber"] = string.Empty;
                 dr["department"] = string.Empty;
                 dr["title"] = string.Empty;
                 dr["company"] = string.Empty;
                 dr["wWWHomePage"] = string.Empty;


                 DirectoryEntry user = resEnt.GetDirectoryEntry();
                 if (user.Properties.Contains("cn"))
                 {
                     dr["cn"] = user.Properties["cn"][0].ToString();
                 }

                 if (user.Properties.Contains("sAMAccountName"))
                 {
                     dr["sAMAccountName"] = user.Properties["sAMAccountName"][0].ToString();
                 }
                 if (user.Properties.Contains("description"))
                 {
                     dr["description"] = user.Properties["description"][0].ToString();
                 }
                 if (user.Properties.Contains("physicalDeliveryOfficeName"))
                 {
                     dr["physicalDeliveryOfficeName"] = user.Properties["physicalDeliveryOfficeName"][0].ToString();
                 }
                 if (user.Properties.Contains("telephoneNumber"))
                 {
                     dr["telephoneNumber"] = user.Properties["telephoneNumber"][0].ToString();
                 }
                 if (user.Properties.Contains("department"))
                 {
                     dr["department"] = user.Properties["department"][0].ToString();
                 }
                 if (user.Properties.Contains("title"))
                 {
                     dr["title"] = user.Properties["title"][0].ToString();
                 }
                 if (user.Properties.Contains("company"))
                 {
                     dr["company"] = user.Properties["company"][0].ToString();
                 }
                 if (user.Properties.Contains("wWWHomePage"))
                 {
                     dr["wWWHomePage"] = user.Properties["wWWHomePage"][0].ToString();
                 }
                 dt.Rows.Add(dr);

             }

             return dt;

         }
 
         ///
         ///创建新的用户。默认创建在 Users 单元下。
         ///
         ///公共名称
         ///帐号
         ///密码
         ///
         public static DirectoryEntry CreateNewUser(string commonName,string snName, string sAMAccountName,
               string password,
               string description,string physicalDeliveryOfficeName,
             string telephoneNumber, string department,string title,
            string company, string wWWHomePage)
         {
             return CreateNewUser("OU=设备MAC认证", commonName,snName, sAMAccountName, password,
                   description,physicalDeliveryOfficeName,
             telephoneNumber, department,title,
             company, wWWHomePage);
         }
 
         ///
         ///判断指定公共名称的用户是否存在
         ///
         ///用户公共名称
         ///如果存在,返回 true;否则返回 false
         public static bool IsUserExists(string commonName)
         {
              DirectoryEntry de = GetDirectoryObject();
              DirectorySearcher deSearch = new DirectorySearcher(de);
              deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";       // LDAP 查询串
              SearchResultCollection results = deSearch.FindAll();
 
              if (results.Count == 0)
                   return false;
              else
                   return true;
         }
 
         ///
         ///判断用户帐号是否激活
         ///
         ///用户帐号属性控制器
         ///如果用户帐号已经激活,返回 true;否则返回 false
         public static bool IsAccountActive(int userAccountControl)
         {
              int userAccountControl_Disabled = Convert.ToInt32(ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE);
              int flagExists = userAccountControl & userAccountControl_Disabled;
 
              if (flagExists > 0)
                   return false;
              else
                   return true;
         }
 
         ///
         ///判断用户与密码是否足够以满足身份验证进而登录
         ///
         ///用户公共名称
         ///密码
         ///如能可正常登录,则返回 true;否则返回 false
         public static LoginResult Login(string commonName, string password)
         {
              DirectoryEntry de = GetDirectoryEntry(commonName);
 
              if (de != null)
              {
                   // 必须在判断用户密码正确前,对帐号激活属性进行判断;否则将出现异常。
                   int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]);
                   de.Close();
 
                   if (!IsAccountActive(userAccountControl))
                       return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;
 
                   if (GetDirectoryEntry(commonName, password) != null)
                       return LoginResult.LOGIN_USER_OK;
                   else
                       return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;
              }
              else
              {
                   return LoginResult.LOGIN_USER_DOESNT_EXIST;
              }
         }
 
         ///
         ///判断用户帐号与密码是否足够以满足身份验证进而登录
         ///
         ///用户帐号
         ///密码
         ///如能可正常登录,则返回 true;否则返回 false
         public static LoginResult LoginByAccount(string sAMAccountName, string password)
         {
              DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
                  
              if (de != null)
              {
                   // 必须在判断用户密码正确前,对帐号激活属性进行判断;否则将出现异常。
                   int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]);
                   de.Close();
 
                   if (!IsAccountActive(userAccountControl))
                       return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;
 
                   if (GetDirectoryEntryByAccount(sAMAccountName, password) != null)
                       return LoginResult.LOGIN_USER_OK;
                   else
                       return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;
              }
              else
              {
                   return LoginResult.LOGIN_USER_DOESNT_EXIST;
              }
         }
 
         ///
         ///设置用户密码,管理员可以通过它来修改指定用户的密码。
         ///
         ///用户公共名称
         ///用户新密码
         public static void SetPassword(string commonName, string newPassword)
         {
              DirectoryEntry de = GetDirectoryEntry(commonName);
             
              // 模拟超级管理员,以达到有权限修改用户密码
              impersonate.BeginImpersonate();
              de.Invoke("SetPassword", new object[]{newPassword});
              impersonate.StopImpersonate();
 
              de.Close();
         }

         ///
         ///启用指定公共名称的用户
         ///
         ///用户公共名称
         public static void EnableUser(string commonName)
         {
             EnableUser(GetDirectoryEntry(commonName));
         }
         ///
         ///启用指定 的用户
         ///
         ///
         public static void EnableUser(DirectoryEntry de)
         {
             impersonate.BeginImpersonate();
             de.Properties["userAccountControl"][0] = ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD;
             de.CommitChanges();
             impersonate.StopImpersonate();
             de.Close();
         }
 
         ///
         ///设置帐号密码,管理员可以通过它来修改指定帐号的密码。
         ///
         ///用户帐号
         ///用户新密码
         public static void SetPasswordByAccount(string sAMAccountName, string newPassword)
         {
              DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
 
              // 模拟超级管理员,以达到有权限修改用户密码
              IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPasssWord, LDAPDomain);
              impersonate.BeginImpersonate();
              de.Invoke("SetPassword", new object[]{newPassword});
              impersonate.StopImpersonate();
 
              de.Close();
         }

         /// <summary>
        /// 修改用户资料
        /// </summary>
        /// <param name="sAMAccountName"></param>
         public static void EditUser(string ldapDN, string sAMAccountName,
             string snName, string description, string physicalDeliveryOfficeName,
             string telephoneNumber, string department, string title
             , string wWWHomePage, string company
             )
         {
             DirectoryEntry entry = GetDirectoryObject();
             DirectoryEntry subEntry = entry.Children.Find(ldapDN);

             DirectorySearcher deSearch = new DirectorySearcher(subEntry);
             deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
             deSearch.SearchScope = SearchScope.Subtree;

             SearchResult result = deSearch.FindOne();
             DirectoryEntry de = new DirectoryEntry(result.Path);

             ADHelper.SetProperty(de, "sn", snName);
             ADHelper.SetProperty(de, "description", description);
             ADHelper.SetProperty(de, "physicalDeliveryOfficeName", physicalDeliveryOfficeName);
             ADHelper.SetProperty(de, "telephoneNumber", telephoneNumber);
             ADHelper.SetProperty(de, "department", department);
             ADHelper.SetProperty(de, "title", title);
             ADHelper.SetProperty(de, "company", company);
             ADHelper.SetProperty(de, "wWWHomePage", wWWHomePage);

             de.CommitChanges();

             de.Close();    
                }


 
         ///
         ///修改用户密码
         ///
         ///用户公共名称
         ///旧密码
         ///新密码
         public static void ChangeUserPassword (string commonName, string oldPassword, string newPassword)
         {
              // to-do: 需要解决密码策略问题
              DirectoryEntry oUser = GetDirectoryEntry(commonName);
              oUser.Invoke("ChangePassword", new Object[]{oldPassword, newPassword});
              oUser.Close();
         }
 
      
 
        
         ///
         ///禁用指定公共名称的用户
         ///
         ///用户公共名称
         public static void DisableUser(string commonName)
         {
              DisableUser(GetDirectoryEntry(commonName));
         }
 
         ///
         ///禁用指定 的用户
         ///
         ///
         public static void DisableUser(DirectoryEntry de)
         {
              impersonate.BeginImpersonate();
              de.Properties["userAccountControl"][0]=ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE;
              de.CommitChanges();
              impersonate.StopImpersonate();
              de.Close();
         }
 
         ///
         ///将指定的用户添加到指定的组中。默认为 Users 下的组和用户。
         ///
         ///用户公共名称
         ///组名
         public static void AddUserToGroup(string userCommonName, string groupName)
          {
              DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);
              DirectoryEntry oUser = GetDirectoryEntry(userCommonName);
             
              impersonate.BeginImpersonate();
              oGroup.Properties["member"].Add(oUser.Properties["distinguishedName"].Value);
              oGroup.CommitChanges();
              impersonate.StopImpersonate();
 
              oGroup.Close();
              oUser.Close();
         }
 
         ///
         ///将用户从指定组中移除。默认为 Users 下的组和用户。
         ///
         ///用户公共名称
         ///组名
         public static void RemoveUserFromGroup(string userCommonName, string groupName)
         {
              DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);
              DirectoryEntry oUser = GetDirectoryEntry(userCommonName);
             
              impersonate.BeginImpersonate();
              oGroup.Properties["member"].Remove(oUser.Properties["distinguishedName"].Value);
              oGroup.CommitChanges();
              impersonate.StopImpersonate();
 
              oGroup.Close();
              oUser.Close();
         }
 
     }

   
}

AD用户操作


更多文章、技术交流、商务合作、联系博主

微信扫码或搜索:z360901061

微信扫一扫加我为好友

QQ号联系: 360901061

您的支持是博主写作最大的动力,如果您喜欢我的文章,感觉我的文章对您有帮助,请用微信扫描下面二维码支持博主2元、5元、10元、20元等您想捐的金额吧,狠狠点击下面给点支持吧,站长非常感激您!手机微信长按不能支付解决办法:请将微信支付二维码保存到相册,切换到微信,然后点击微信右上角扫一扫功能,选择支付二维码完成支付。

【本文对您有帮助就好】

您的支持是博主写作最大的动力,如果您喜欢我的文章,感觉我的文章对您有帮助,请用微信扫描上面二维码支持博主2元、5元、10元、自定义金额等您想捐的金额吧,站长会非常 感谢您的哦!!!

发表我的评论
最新评论 总共0条评论