我正在尝试创建一个域用户,然后将它们添加到当前机器上的本地组中。每次我在域上调用 add 时都会这样做,我会得到这个{"A member could not be added to or removed from the local group because the member does not exist.\r\n"}。但是,我知道用户存在,因为我的测试人员正在查看目录,并且一旦我的创建代码运行,用户就出现了。
我会说,当我将 SID 转换为 NTUser 帐户时,我注意到我最终以 domain\$DDDDD-FAF234AFS 作为名称而不是 domain\test.user。为什么会这样,这可能是我的问题吗?
这是我创建用户的代码:
private UserPrincipal CreateNewUser(Section.User.User user, PrincipalContext principal)
{
_logger.Debug("User did not exist creating now.");
UserPrincipal newUser = new UserPrincipal(principal)
{
Name = user.UserName.Contains('\\') ? user.UserName.Split('\\')[1] : user.UserName,
Description = string.IsNullOrEmpty(user.UserDescription) ? "IIS {0} user.".FormatWith(user.UserType) : user.UserDescription,
UserCannotChangePassword = false,
PasswordNeverExpires = true,
PasswordNotRequired = false,
Enabled = true
};
_logger.Debug("User created.");
_logger.Debug("Setting user password and applying to the system.");
newUser.SetPassword(user.UserPassword);
newUser.Save();
return newUser;
}
用户只是一个具有用户名、密码和描述的自定义类。principalcontext 是域的有效上下文。
这是我用来将用户添加到本地域的代码:
private void AddDomainUserToGroup(Principal groupPrincipal, Principal user, string group)
{
using (DirectoryEntry groupEntry = groupPrincipal.GetUnderlyingObject() as DirectoryEntry)
using (DirectoryEntry userEntry = user.GetUnderlyingObject() as DirectoryEntry)
{
NTAccount ntUser = user.Sid.Translate(typeof (NTAccount)) as NTAccount;
string domain = ntUser.ToString().Split('\\')[0];
string userPath = string.Format("WinNT://{0}/{1},user", domain, user);
groupEntry.Invoke("Add", new object[] {userPath});
}
}
此外,我从未将用户添加到本地计算机,我只是将它们添加到域中。这可能是我的问题吗?