我有使用 LDAP 和 C# 在 Active Directory 中创建新组的场景。
请提供建议
问问题
18723 次
4 回答
10
CodeProject 上的这篇文章是一个非常好的起点:
Howto:(几乎)通过 C# 在 Active Directory 中的所有内容
要创建组,您需要:
- 绑定到要在其中创建组的容器
- 创建组并定义一些属性
代码:
public void Create(string ouPath, string name)
{
if (!DirectoryEntry.Exists("LDAP://CN=" + name + "," + ouPath))
{
try
{
// bind to the container, e.g. LDAP://cn=Users,dc=...
DirectoryEntry entry = new DirectoryEntry("LDAP://" + ouPath);
// create group entry
DirectoryEntry group = entry.Children.Add("CN=" + name, "group");
// set properties
group.Properties["sAmAccountName"].Value = name;
// save group
group.CommitChanges();
}
catch (Exception e)
{
Console.WriteLine(e.Message.ToString());
}
}
else { Console.WriteLine(path + " already exists"); }
}
于 2013-04-23T14:21:54.053 回答
9
有关设置组范围和组类型的一些附加信息,枚举是:
public enum GroupType : uint
{
GLOBAL = 0x2,
DOMAIN_LOCAL = 0x4,
UNIVERSAL = 0x8,
SECURITY = 0x80000000
}
SECURITY(从 ADS_GROUP_TYPE_SECURITY_ENABLED 缩写)与前 3 个枚举相结合,为您提供 6 个可能的选项,没有它,一个组将成为一个分发组。
这些值被设置为一个 int,它与安全标志一起变为负数,因此需要使用 unchecked()。或者,您可以为组合值创建一个枚举。
GLOBAL | SECURITY = 0x80000002 = -2147483646
DOMAIN_LOCAL | SECURITY = 0x80000004 = -2147483644
UNIVERSAL | SECURITY = 0x80000008 = -2147483640
该值存储在“groupType”属性中:
var groupType = unchecked((int)(GroupType.UNIVERSAL | GroupType.SECURITY));
group.Properties["groupType"].Value = groupType;
group.CommitChanges();
于 2014-07-23T17:17:54.333 回答
0
看看这个链接: http: //msdn.microsoft.com/en-us/library/ms180903 (v=vs.80).aspx
我想你可能正在寻找这部分代码:
// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();
// Find the container (in this case, the Consulting organizational unit) that you
// wish to add the new group to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");
// Add the new group Practice Managers.
DirectoryEntry group = ou.Children.Add("CN=Practice Managers", "group");
// Set the samAccountName for the new group.
group.Properties["samAccountName"].Value = "pracmans";
// Commit the new group to the directory.
group.CommitChanges();
于 2013-04-23T14:21:31.247 回答
0
我刚刚解决了 .NET Core 2.0 应用程序的这个问题 - 这是使用 .NET Core 2.0+ 的人的更新解决方案。
这利用了 NuGet 包System.DirectoryServices.Protocols:
try
{
string adminUsername = "myAdminUser";
string namingContext = "CN=Test123,DC=MyCompany,DC=com";
string hostNameAndSSLPort = "192.168.123.123:636";
string adminuser = $"CN={adminUsername},{namingContext}";
string adminpass = "password";
using (LdapConnection connection = new LdapConnection(hostNameAndSSLPort))
{
LdapSessionOptions options = connection.SessionOptions;
options.ProtocolVersion = 3;
options.SecureSocketLayer = true;
connection.AuthType = AuthType.Basic;
NetworkCredential credential = new NetworkCredential(adminuser, adminpass);
connection.Credential = credential;
connection.Bind();
string rolesContext = $"CN=Roles,{namingContext}";
string nameOfNewGroup = "MyGroup";
string groupDN = $"CN={nameOfNewGroup},{rolesContext}";
string dirClassType = "group";
AddRequest addRequest = new AddRequest(groupDN, dirClassType);
AddResponse addResponse = (AddResponse)connection.SendRequest(addRequest);
Console.WriteLine($"A {dirClassType} with a dn of\n {groupDN} was added successfully. The server response was {addResponse.ResultCode}");
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
}
微软提供的这个示例项目中还有很多很棒的代码示例。
于 2018-12-14T04:23:18.417 回答