编程锁定Active Directory帐户 [英] Lock Active Directory accounts programmatically
问题描述
我要锁定在Active Directory用户帐户以编程方式在C#。
I have to lock user accounts in Active Directory programmatically in C#.
不幸的是,通过userAccountControl属性不起作用。每次我设置userAccountControl的528(=普通帐户瓦特/锁定标志),活动目录将不接受该值,并重置它恕不另行通知512(=正常帐户)。
Unfortunately it doesn't work via the userAccountControl attribute. Every time I set userAccountControl to 528 (=normal account w/ lockout flag), Active Directory won't accept the value and resets it without further notice to 512 (=normal account).
现在我试图通过提供不正确的凭据(见下文),以锁定帐户,但是这也不行。
Now I tried to lock the account by providing incorrect credentials (see below), but this doesn't work either.
int retries = 0;
while (!adsUser.IsAccountLocked && retries < MAX_LOCK_RETRIES)
{
retries++;
try
{
new DirectoryEntry(userPath, logonName, incorrectPassword).RefreshCache();
}
catch (Exception)
{
/* ... */
}
adsUser.GetInfo();
}
任何想法?
推荐答案
请确保您使用禁用帐户的帐户有足够的权限来禁用帐户。请参见这个例子的微软。
Make sure the account you're using to disable the account has sufficient privileges to disable accounts. See this example from Microsoft.
这篇关于编程锁定Active Directory帐户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!