8

我有使用 LDAP 和 C# 在 Active Directory 中创建新组的场景。

请提供建议

4

4 回答 4

10

CodeProject 上的这篇文章是一个非常好的起点:

Howto:(几乎)通过 C# 在 Active Directory 中的所有内容

要创建组,您需要:

  • 绑定到要在其中创建组的容器
  • 创建组并定义一些属性

代码:

public void Create(string ouPath, string name)
{
    if (!DirectoryEntry.Exists("LDAP://CN=" + name + "," + ouPath))
    {
        try
        {
            // bind to the container, e.g. LDAP://cn=Users,dc=...
            DirectoryEntry entry = new DirectoryEntry("LDAP://" + ouPath);

            // create group entry
            DirectoryEntry group = entry.Children.Add("CN=" + name, "group");

            // set properties
            group.Properties["sAmAccountName"].Value = name;

            // save group
            group.CommitChanges();
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message.ToString());
        }
    }
    else { Console.WriteLine(path + " already exists"); }
}
于 2013-04-23T14:21:54.053 回答
9

有关设置组范围和组类型的一些附加信息,枚举是:

public enum GroupType : uint
{
    GLOBAL       = 0x2,
    DOMAIN_LOCAL = 0x4,
    UNIVERSAL    = 0x8,
    SECURITY     = 0x80000000
}

SECURITY(从 ADS_GROUP_TYPE_SECURITY_ENABLED 缩写)与前 3 个枚举相结合,为您提供 6 个可能的选项,没有它,一个组将成为一个分发组。

这些值被设置为一个 int,它与安全标志一起变为负数,因此需要使用 unchecked()。或者,您可以为组合值创建一个枚举。

GLOBAL       | SECURITY = 0x80000002 = -2147483646
DOMAIN_LOCAL | SECURITY = 0x80000004 = -2147483644
UNIVERSAL    | SECURITY = 0x80000008 = -2147483640

该值存储在“groupType”属性中:

var groupType = unchecked((int)(GroupType.UNIVERSAL | GroupType.SECURITY));
group.Properties["groupType"].Value = groupType;
group.CommitChanges();
于 2014-07-23T17:17:54.333 回答
0

看看这个链接: http: //msdn.microsoft.com/en-us/library/ms180903 (v=vs.80).aspx

我想你可能正在寻找这部分代码:

// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();

// Find the container (in this case, the Consulting organizational unit) that you 
// wish to add the new group to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");

// Add the new group Practice Managers.
DirectoryEntry group = ou.Children.Add("CN=Practice Managers", "group");

// Set the samAccountName for the new group.
group.Properties["samAccountName"].Value = "pracmans";

// Commit the new group to the directory.
group.CommitChanges();
于 2013-04-23T14:21:31.247 回答
0

我刚刚解决了 .NET Core 2.0 应用程序的这个问题 - 这是使用 .NET Core 2.0+ 的人的更新解决方案。

这利用了 NuGet 包System.DirectoryServices.Protocols

try
{
    string adminUsername = "myAdminUser";
    string namingContext = "CN=Test123,DC=MyCompany,DC=com";
    string hostNameAndSSLPort = "192.168.123.123:636";
    string adminuser = $"CN={adminUsername},{namingContext}";
    string adminpass = "password";

    using (LdapConnection connection = new LdapConnection(hostNameAndSSLPort))
    {
        LdapSessionOptions options = connection.SessionOptions;
        options.ProtocolVersion = 3;
        options.SecureSocketLayer = true;

        connection.AuthType = AuthType.Basic;

        NetworkCredential credential = new NetworkCredential(adminuser, adminpass);
        connection.Credential = credential;
        connection.Bind();

        string rolesContext = $"CN=Roles,{namingContext}";
        string nameOfNewGroup = "MyGroup";
        string groupDN = $"CN={nameOfNewGroup},{rolesContext}";
        string dirClassType = "group";

        AddRequest addRequest = new AddRequest(groupDN, dirClassType);
        AddResponse addResponse = (AddResponse)connection.SendRequest(addRequest);
        Console.WriteLine($"A {dirClassType} with a dn of\n {groupDN} was added successfully. The server response was {addResponse.ResultCode}");
    }
}
catch (Exception e)
{
    Console.WriteLine(e.ToString());
}

微软提供的这个示例项目中还有很多很棒的代码示例。

于 2018-12-14T04:23:18.417 回答