我正在使用 WCF 服务向我们的技术支持人员公开某些 Active Directory 管理功能,而没有为他们提供直接操作 AD 所需的组成员身份。在组中添加用户和从组中删除用户就像与现有用户的冠军一样,但每次我创建一个新用户时,它都会抛出这个有趣的代码:
The server is unwilling to process the request. (Exception from HRESULT: 0x80072035)
我用来将用户添加到组的代码是
public bool AddGroupToUser(string userDn, string groupDn)
{
try
{
DirectoryEntry groupEntry = LdapTools.GetDirectoryEntry(groupDn);
groupEntry.Properties["member"].Add(userDn);
groupEntry.CommitChanges();
groupEntry.Close();
return true;
}
catch (DirectoryServicesCOMException)
{
return false;
}
}
我读到的关于这个主题的所有内容都相当模糊,我似乎无法找出为什么会触发异常。有任何想法吗?
更新
这是我用来在 AD 中创建用户的代码:
try
{
DirectoryEntry container = GetDirectoryEntry(storageOu);
DirectoryEntry newUser = container.Children.Add("CN=" + employee.FullName, "user");
newUser.Properties["sAMAccountName"].Value = employee.Username;
newUser.Properties["displayName"].Value = employee.FullName;
newUser.Properties["givenName"].Value = employee.FirstName;
newUser.Properties["sn"].Value = employee.LastName;
newUser.Properties["department"].Value = departmentName;
newUser.Properties["userPrincipalName"].Value = employee.Username + "@APEX.Local";
newUser.CommitChanges();
newUser.Invoke("SetPassword", new object[] { employee.Password });
newUser.CommitChanges();
AdsUserFlags userSettings = AdsUserFlags.NormalAccount;
newUser.Properties["userAccountControl"].Value = userSettings;
newUser.CommitChanges();
ldapPath = newUser.Path;
newUser.Close();
container.Close();
}
catch (DirectoryServicesCOMException e)
{
// Something went wrong... what???
}
catch (Exception e)
{
// Something else went wrong
}
新用户可以登录,并且可以使用标准的 MS 工具进行操作。