C#实现Active Directory域服务连接、用户和组织等同步

其他 2020-04-30 12:39:25 阅读次数: 0

一、Active Directory域服务

Active Directory 域服务 (AD DS) 可存储有关网络上的用户、计算机和其他资源的信息。AD DS 可帮助管理员安全地管理此信息。还便于在用户中实现共享和协作。

网上关于AD域的安装部署文档太多了,这里不过多介绍了,主要讲以下C#实现AD域的连接和用户组织等的同步。

以下代码都在本人的github demo项目中,不想看过多文章的同学,可以直接移步github下载项目,使用自己的AD域信息和数据库信息开始实战。

GitHub项目地址:https://github.com/Menyoupingxiaoguo/LDAPConsoleApp。觉得有用的同学请点个star!

二、C#操作AD域代码

以下主要介绍主要的几种方法,太多的方法类不过多赘述。

1、config下配置。

public static string domainName = ConfigurationManager.AppSettings["domainName"];
public static string userName = ConfigurationManager.AppSettings["userName"];
public static string userPwd = ConfigurationManager.AppSettings["userPwd"];
public static string mainOU = ConfigurationManager.AppSettings["mainOU"];
public static string DC1 = ConfigurationManager.AppSettings["DC1"];
public static string DC2 = ConfigurationManager.AppSettings["DC2"];

2、AD域连接。

/// <summary>
/// 创建AD主连接
/// </summary>
/// <returns></returns>
public DirectoryEntry GetDirectoryEntry()
{
	DirectoryEntry de = new DirectoryEntry();
	if(IsConnected(domainName, userName, userPwd, out de))
	{
		return de;
	}

	return null;
}
/// <summary>
/// 是否连接到域
/// </summary>
/// <param name="domainName">域名或IP</param>
/// <param name="userName">用户名</param>
/// <param name="userPwd">密码</param>
/// <param name="domain">域</param>
/// <returns></returns>
public bool IsConnected(string domainName, string userName, string userPwd, out DirectoryEntry de)
{
	de = new DirectoryEntry();
	try
	{
		de.Path = string.Format("LDAP://{0}", domainName);
		de.Username = userName;
		de.Password = userPwd;
		de.AuthenticationType = AuthenticationTypes.Secure;

		var tmp = de.Guid;
		de.RefreshCache();

		return true;
	}
	catch (Exception ex)
	{
		LogHelper.WriteProgramLog("[IsConnected方法]错误信息:" + ex.Message);
		return false;
	}
}

3、AD域部门操作。

/// <summary>
/// 创建OU
/// </summary>
/// <param name="parentEntry"></param>
/// <param name="ouName"></param>
/// <param name="description"></param>
public void CreateOU(DirectoryEntry parentEntry, string ouName, string description)
{
	try
	{
		DirectoryEntry ouEntry = parentEntry.Children.Add("ou=" + ouName, "organizationalUnit");
		//为创建的新OU赋值属性
		if (!String.IsNullOrEmpty(description))
			ouEntry.Properties["description"].Value = description;
		//保存
		ouEntry.CommitChanges();
	}
	catch (Exception ex)
	{
		throw;
	}
	
}
/// <summary>
/// 修改OU名称
/// </summary>
/// <param name="ouName"></param>
/// <param name="ouNewName"></param>
public void ModifyOU(DirectoryEntry de, string ouNewName)
{
	de.Rename("OU=" + ouNewName);
	de.CommitChanges();
	de.Close();
}
/// <summary>
/// 删除OU
/// </summary>
/// <param name="ouName"></param>
public void DeleteOU(DirectoryEntry de, string ouName)
{
	try
	{
		DirectoryEntry ouEntry = de.Children.Find("OU=" + ouName);
		if (de != null)
		{
			de.Children.Remove(ouEntry);

			de.CommitChanges();
		}
		ouEntry.Close();
		de.Close();
	}
	catch (Exception)
	{

		throw;
	}
}

4、AD域用户操作。

/// <summary>
/// 创建一个新用户
/// </summary>
/// <param name="employeeID"></param>
/// <param name="name"></param>
/// <param name="login"></param>
/// <param name="email"></param>
/// <param name="group"></param>
public void CreateNewUser(DirectoryEntry parentEntry, YTStaff staffModel, string DeptName, string group)
{
	/*
	 LDAP Property Name                 Description                         Data Type
		givenName                           First Name                          String
		initials                            Initials                            String
		sn                                  Last name                           String
		displayName                         Display name                        String
		description                         Description                         String
		physicalDeliveryOfficeName          Office                              String
		telephoneNumber                     Telephone number                    String
		otherTelephone                      Other Telephone numbers             String
		mail                                E-mail                              String
		wWWHomePage                         Web page                            String
		url                                 Other Web pages                     String
		streetAddress                       Street                              String
		postOfficeBox                       P.O. Box                            String
		l                                   City                                String
		st                                  State/province                      String
		postalCode                          Zip/Postal Code                     String
		c, co, countryCode                  Country/region                      String
		userPrincipalName                   User logon name                     String
		sAMAccountName                      pre-Windows 2000 logon name         String
		userAccountControl                  Account disabled?                   Boolean
		profilePath                         User Profile path                   String
		scriptPath                          Logon script                        String
		homeDirectory                       Home folder, local path             String
		homeDrive                           Home folder, Connect, Drive         String
		homeDirectory                       Home folder, Connect, To:           String
		title                               Title                               String
		department                          Department                          String
		company                             Company                             String
		manager                             Manager                             String
		mobile                              Mobile                              String
		facsimileTelephoneNumber            Fax                                 String
		info                                Notes                               String
	 */
	string pinyin = Pinyin.GetPinyin(staffModel.StaffName).Replace(" ", "");
	/// 1. Create user account
	DirectoryEntry newuser = parentEntry.Children.Add("CN=" + staffModel.StaffName, "user");

	/// 2. Set properties
	SetProperty(newuser, "title", staffModel.PartName);
	if(!string.IsNullOrEmpty(staffModel.StaffTel))
		SetProperty(newuser, "telephoneNumber", staffModel.StaffTel);
	SetProperty(newuser, "givenName", staffModel.StaffName);
	SetProperty(newuser, "displayName", staffModel.StaffName);
	SetProperty(newuser, "department", DeptName);
	SetProperty(newuser, "name", staffModel.StaffName);
	SetProperty(newuser, "sAMAccountName", pinyin);
	SetProperty(newuser, "employeeID", staffModel.staffNum);
	SetProperty(newuser, "userPrincipalName", pinyin + "@test.com");
	SetProperty(newuser, "mobile", staffModel.StaffPhone);
	newuser.CommitChanges();

	/// 3. Enable account           
	EnableAccount(newuser);

	/// 4. Set password
	SetPassword(newuser, "123Qweasd");

	/// 5. Add user account to groups
	if(!string.IsNullOrEmpty(group))
		AddUserToGroup(parentEntry, newuser, group);

	newuser.Close();
	parentEntry.Close();
}
/// <summary>
/// 设置用户新密码
/// </summary>
/// <param name="de"></param>
/// <param name="password"></param>
public void SetPassword(DirectoryEntry de, string password)
{
	try
	{
		object ret = de.Invoke("SetPassword", new object[] { password });
		
		de.CommitChanges();
		de.Close();
	}
	catch (Exception ex)
	{
		throw;
	}
	
}
/// <summary>
/// 启用用户帐号
/// </summary>
/// <param name="de"></param>
public void EnableAccount(DirectoryEntry de)
{
	//UF_DONT_EXPIRE_PASSWD 0x10000
	int exp = (int)de.Properties["userAccountControl"].Value;
	de.Properties["userAccountControl"].Value = exp | 0x0001;
	de.CommitChanges();
	//UF_ACCOUNTDISABLE 0x0002
	int val = (int)de.Properties["userAccountControl"].Value;
	de.Properties["userAccountControl"].Value = val & ~0x0002;
	de.CommitChanges();
}
/// <summary>
/// 禁用一个帐号
/// </summary>
/// <param name="EmployeeID"></param>
public void DisableAccount(string EmployeeID)
{
	DirectoryEntry de = GetDirectoryEntry();
	DirectorySearcher ds = new DirectorySearcher(de);
	ds.Filter = "(&(objectCategory=Person)(objectClass=user)(employeeID=" + EmployeeID + "))";
	ds.SearchScope = SearchScope.Subtree;
	SearchResult results = ds.FindOne();

	if (results != null)
	{
		DirectoryEntry dey = new DirectoryEntry(results.Path, userName, userPwd, AuthenticationTypes.Secure);
		int val = (int)dey.Properties["userAccountControl"].Value;
		dey.Properties["userAccountControl"].Value = val | 0x0002;
		dey.Properties["msExchHideFromAddressLists"].Value = "TRUE";
		dey.CommitChanges();
		dey.Close();
	}

	de.Close();
}

 

闷油瓶小锅
原创文章 79 获赞 56 访问量 17万+
关注 私信

猜你喜欢

转载自blog.csdn.net/qq_23009105/article/details/105826456
今日推荐
美国拟限制 AI 大模型出口中国和俄罗斯
苹果将与 OpenAI 达成协议,将 ChatGPT 应用于 iPhone
openKylin 社区生态委员会第六次会议圆满召开
阿里云正式发布通义千问 2.5
Python 3.13 发布首个 Beta:实验性自由线程模式和 JIT、改进交互式解释器
Stack Overflow 拿我的代码去训练 AI 大模型,还封了我的账号
Pop!_OS 的 COSMIC 桌面完成 App Store 上架工作
报告:Django 仍然是 74% 开发者的首选
《2024 年一季度互联网投融资运行情况》研究报告
15 年前上了“FFmpeg 耻辱柱”,今天他还得谢谢咱——腾讯QQPlayer一雪前耻?
TIOBE 5 月榜单:Fortran “复活”进入 Top 10
GCC 14.1 发布
周排行
curl的POST请求,封装方法
8.1.1. Integer Types
Java基础 Day05(个人复习整理)
Python - Django - 中间件 process_exception
小L的试卷
【Shell编程】 (函数)判断用户是否存在
python(css样式)
spring ant path 匹配原则 - 【笔记】
《JavaScript与JScript从入门到精通》(美)James.Jaworski.中译本.扫描版.pdf
Eclipse运行带参数的java程序
每日归档
更多
2024-05-12(0)
2024-05-11(38)
2024-05-10(38)
2024-05-09(35)
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)
2024-05-03(19)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022