在UserPrincipal更新名称字段 [英] Updating Name Field on UserPrincipal
问题描述
当我尝试更新名称字段(对应CN)上UserPrincipal(校长,真的),我得到一个错误服务器无法处理请求在调用UserPrincipal.Save()。
我检查,以确保不存在具有相同名称(CN)同一OU中的另一个对象。
我在操作PrincipalContext域根(不完全在那里的用户帐户存在OU级别)。
可能会有什么原因这个错误?有什么事情,可能是相关的(尽管我能够更新所有其他领域)的安全策略?
使用( VAR语境=新PrincipalContext(ContextType.Domain,ConfigurationManager.AppSettings [域],ConfigurationManager.AppSettings [根DN],ContextOptions.Negotiate,ConfigurationManager.AppSettings [用户名],ConfigurationManager.AppSettings [密码]) ){
VAR用户= UserPrincipal.FindByIdentity(背景下,IdentityType.Sid,...); // SID简称
user.Name =名称,测试;
user.Save();
}
我使用创建PrincipalContext有安全权限来修改广告的用户对象。如果我更新任何其他的其他领域(如姓,给定名称)的,一切工作正常。
编辑:
我已经能够完成我需要什么(使用ADSI)做的,但我必须运行在模拟下面的代码。该模拟代码是丑,下面的代码从打破我在更新广告数据(使用DirectoryServices.AccountManagement)的其他方式了,所以我想获得一个更好的解决方案。
使用(VAR companyOU =新的DirectoryEntry(LDAP://+ company.UserAccountOU)){
companyOU.Invoke(MoveHere,LDAP: //+ user.DistinguishedName,CN = Name\,测试);
}
只有我有办法发现这样做这是我的问题的EDIT部分。基本上,你不能使用UserPrincipal类。有什么特别的CN属性,你需要下拉一个级别,并使用的DirectoryEntry,一个LDAP字符串,并调用MoveHereADSI命令重命名的用户帐户。
When I try to update the Name field (corresponds to the CN) on UserPrincipal (Principal, really), I get an error "The server is unwilling to process the request" on the call to UserPrincipal.Save().
I've checked to make sure there isn't another object in the same OU with the same Name (CN).
The PrincipalContext I'm operating at is the domain root (not exactly at the OU level where the user account exists).
What reason might there be for this error? Is it something that might be security policy related (even though I'm able to update all the other fields)?
using (var context = new PrincipalContext(ContextType.Domain, ConfigurationManager.AppSettings["domain"], ConfigurationManager.AppSettings["rootDN"], ContextOptions.Negotiate, ConfigurationManager.AppSettings["username"], ConfigurationManager.AppSettings["password"])) {
var user = UserPrincipal.FindByIdentity(context, IdentityType.Sid, "..."); // SID abbreviated
user.Name = "Name, Test";
user.Save();
}
The user I am using to create the PrincipalContext has the security rights to modify AD objects. If I update any other of the other fields (e.g. Surname, GivenName), everything works fine.
EDIT:
I've been able to accomplish what I need to do (using ADSI), but I have to run the following code under impersonation. The impersonation code is ugly, and the code below breaks away from the other way I'm updating AD data (using DirectoryServices.AccountManagement), so I'd like to get a better solution.
using (var companyOU = new DirectoryEntry("LDAP://" + company.UserAccountOU)) {
companyOU.Invoke("MoveHere", "LDAP://" + user.DistinguishedName, "cn=Name\, Test");
}
The only way I've found to do this is in the EDIT section in my question. Basically, you cannot use the UserPrincipal class. There is something special about the CN attribute, and you need to drop down a level and use DirectoryEntry, an LDAP string, and invoke the "MoveHere" ADSI command to rename the user account.
这篇关于在UserPrincipal更新名称字段的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
