一、Active Directory域服務
Active Directory 域服務 (AD DS) 可存儲有關網絡上的用戶、計算機和其他資源的信息。AD DS 可幫助管理員安全地管理此信息。還便於在用戶中實現共享和協作。
網上關於AD域的安裝部署文檔太多了,這裏不過多介紹了,主要講以下C#實現AD域的連接和用戶組織等的同步。
以下代碼都在本人的github demo項目中,不想看過多文章的同學,可以直接移步github下載項目,使用自己的AD域信息和數據庫信息開始實戰。
GitHub項目地址:https://github.com/Menyoupingxiaoguo/LDAPConsoleApp。覺得有用的同學請點個star!
二、C#操作AD域代碼
以下主要介紹主要的幾種方法,太多的方法類不過多贅述。
1、config下配置。
public static string domainName = ConfigurationManager.AppSettings["domainName"];
public static string userName = ConfigurationManager.AppSettings["userName"];
public static string userPwd = ConfigurationManager.AppSettings["userPwd"];
public static string mainOU = ConfigurationManager.AppSettings["mainOU"];
public static string DC1 = ConfigurationManager.AppSettings["DC1"];
public static string DC2 = ConfigurationManager.AppSettings["DC2"];
2、AD域連接。
/// <summary>
/// 創建AD主連接
/// </summary>
/// <returns></returns>
public DirectoryEntry GetDirectoryEntry()
{
DirectoryEntry de = new DirectoryEntry();
if(IsConnected(domainName, userName, userPwd, out de))
{
return de;
}
return null;
}
/// <summary>
/// 是否連接到域
/// </summary>
/// <param name="domainName">域名或IP</param>
/// <param name="userName">用戶名</param>
/// <param name="userPwd">密碼</param>
/// <param name="domain">域</param>
/// <returns></returns>
public bool IsConnected(string domainName, string userName, string userPwd, out DirectoryEntry de)
{
de = new DirectoryEntry();
try
{
de.Path = string.Format("LDAP://{0}", domainName);
de.Username = userName;
de.Password = userPwd;
de.AuthenticationType = AuthenticationTypes.Secure;
var tmp = de.Guid;
de.RefreshCache();
return true;
}
catch (Exception ex)
{
LogHelper.WriteProgramLog("[IsConnected方法]錯誤信息:" + ex.Message);
return false;
}
}
3、AD域部門操作。
/// <summary>
/// 創建OU
/// </summary>
/// <param name="parentEntry"></param>
/// <param name="ouName"></param>
/// <param name="description"></param>
public void CreateOU(DirectoryEntry parentEntry, string ouName, string description)
{
try
{
DirectoryEntry ouEntry = parentEntry.Children.Add("ou=" + ouName, "organizationalUnit");
//爲創建的新OU賦值屬性
if (!String.IsNullOrEmpty(description))
ouEntry.Properties["description"].Value = description;
//保存
ouEntry.CommitChanges();
}
catch (Exception ex)
{
throw;
}
}
/// <summary>
/// 修改OU名稱
/// </summary>
/// <param name="ouName"></param>
/// <param name="ouNewName"></param>
public void ModifyOU(DirectoryEntry de, string ouNewName)
{
de.Rename("OU=" + ouNewName);
de.CommitChanges();
de.Close();
}
/// <summary>
/// 刪除OU
/// </summary>
/// <param name="ouName"></param>
public void DeleteOU(DirectoryEntry de, string ouName)
{
try
{
DirectoryEntry ouEntry = de.Children.Find("OU=" + ouName);
if (de != null)
{
de.Children.Remove(ouEntry);
de.CommitChanges();
}
ouEntry.Close();
de.Close();
}
catch (Exception)
{
throw;
}
}
4、AD域用戶操作。
/// <summary>
/// 創建一個新用戶
/// </summary>
/// <param name="employeeID"></param>
/// <param name="name"></param>
/// <param name="login"></param>
/// <param name="email"></param>
/// <param name="group"></param>
public void CreateNewUser(DirectoryEntry parentEntry, YTStaff staffModel, string DeptName, string group)
{
/*
LDAP Property Name Description Data Type
givenName First Name String
initials Initials String
sn Last name String
displayName Display name String
description Description String
physicalDeliveryOfficeName Office String
telephoneNumber Telephone number String
otherTelephone Other Telephone numbers String
mail E-mail String
wWWHomePage Web page String
url Other Web pages String
streetAddress Street String
postOfficeBox P.O. Box String
l City String
st State/province String
postalCode Zip/Postal Code String
c, co, countryCode Country/region String
userPrincipalName User logon name String
sAMAccountName pre-Windows 2000 logon name String
userAccountControl Account disabled? Boolean
profilePath User Profile path String
scriptPath Logon script String
homeDirectory Home folder, local path String
homeDrive Home folder, Connect, Drive String
homeDirectory Home folder, Connect, To: String
title Title String
department Department String
company Company String
manager Manager String
mobile Mobile String
facsimileTelephoneNumber Fax String
info Notes String
*/
string pinyin = Pinyin.GetPinyin(staffModel.StaffName).Replace(" ", "");
/// 1. Create user account
DirectoryEntry newuser = parentEntry.Children.Add("CN=" + staffModel.StaffName, "user");
/// 2. Set properties
SetProperty(newuser, "title", staffModel.PartName);
if(!string.IsNullOrEmpty(staffModel.StaffTel))
SetProperty(newuser, "telephoneNumber", staffModel.StaffTel);
SetProperty(newuser, "givenName", staffModel.StaffName);
SetProperty(newuser, "displayName", staffModel.StaffName);
SetProperty(newuser, "department", DeptName);
SetProperty(newuser, "name", staffModel.StaffName);
SetProperty(newuser, "sAMAccountName", pinyin);
SetProperty(newuser, "employeeID", staffModel.staffNum);
SetProperty(newuser, "userPrincipalName", pinyin + "@test.com");
SetProperty(newuser, "mobile", staffModel.StaffPhone);
newuser.CommitChanges();
/// 3. Enable account
EnableAccount(newuser);
/// 4. Set password
SetPassword(newuser, "123Qweasd");
/// 5. Add user account to groups
if(!string.IsNullOrEmpty(group))
AddUserToGroup(parentEntry, newuser, group);
newuser.Close();
parentEntry.Close();
}
/// <summary>
/// 設置用戶新密碼
/// </summary>
/// <param name="de"></param>
/// <param name="password"></param>
public void SetPassword(DirectoryEntry de, string password)
{
try
{
object ret = de.Invoke("SetPassword", new object[] { password });
de.CommitChanges();
de.Close();
}
catch (Exception ex)
{
throw;
}
}
/// <summary>
/// 啓用用戶帳號
/// </summary>
/// <param name="de"></param>
public void EnableAccount(DirectoryEntry de)
{
//UF_DONT_EXPIRE_PASSWD 0x10000
int exp = (int)de.Properties["userAccountControl"].Value;
de.Properties["userAccountControl"].Value = exp | 0x0001;
de.CommitChanges();
//UF_ACCOUNTDISABLE 0x0002
int val = (int)de.Properties["userAccountControl"].Value;
de.Properties["userAccountControl"].Value = val & ~0x0002;
de.CommitChanges();
}
/// <summary>
/// 禁用一個帳號
/// </summary>
/// <param name="EmployeeID"></param>
public void DisableAccount(string EmployeeID)
{
DirectoryEntry de = GetDirectoryEntry();
DirectorySearcher ds = new DirectorySearcher(de);
ds.Filter = "(&(objectCategory=Person)(objectClass=user)(employeeID=" + EmployeeID + "))";
ds.SearchScope = SearchScope.Subtree;
SearchResult results = ds.FindOne();
if (results != null)
{
DirectoryEntry dey = new DirectoryEntry(results.Path, userName, userPwd, AuthenticationTypes.Secure);
int val = (int)dey.Properties["userAccountControl"].Value;
dey.Properties["userAccountControl"].Value = val | 0x0002;
dey.Properties["msExchHideFromAddressLists"].Value = "TRUE";
dey.CommitChanges();
dey.Close();
}
de.Close();
}