建立在.NET中的Active Directory用户(C#) [英] Create Active Directory user in .NET (C#)
问题描述
我需要建立在Active Directory中的新用户。我已经发现了几例这样的:
使用系统;
使用System.DirectoryServices中;
命名空间测试{
类节目{
静态无效的主要(字串[] args){
尝试 {
字符串路径=LDAP:// OU = X,DC = Y,DC = COM;
字符串的用户名=JOHNDOE;
使用(的DirectoryEntry OU =新的DirectoryEntry(路径)){
的DirectoryEntry用户= ou.Children.Add(CN =+用户名用户);
user.Properties [sAMAccountName赋]添加(用户名)。
ou.CommitChanges();
}
}
赶上(例外EXC){
Console.WriteLine(exc.Message);
}
}
}
}
当我运行此code我没有得到任何错误,但没有创建新用户。
我与运行测试的帐户具有足够的权限来创建目标组织单位的用户。
我缺少的东西(的用户对象可能是一些必需属性)?
任何想法,为什么code不给例外?
修改
下面为我工作:
INT NORMAL_ACCOUNT为0x200 =;
INT PWD_NOTREQD = 0x20的;
的DirectoryEntry用户= ou.Children.Add(CN =+用户名用户);
。user.Properties [sAMAccountName赋]值=用户名;
user.Properties [userAccountControl的]值= NORMAL_ACCOUNT。| PWD_NOTREQD;
user.CommitChanges();
所以,实际上有几个问题:
-
的CommitChanges一定要叫上用户(感谢罗布) - 密码策略是要建立preventing用户(感谢马克)
我觉得你呼吁错的DirectoryEntry的CommitChanges。在MSDN文档(<一href="http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentries.add.aspx">http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentries.add.aspx)它规定如下(重点由我加的)
您必须调用的CommitChanges方法的上的新条目的,以使创建永久性的。当你调用这个方法,你可以再上新条目设置强制性的属性值。每个提供者具有该需要设置一个调用的CommitChanges方法作出之前属性不同的要求。如果不符合这些要求,供应商可能会抛出异常。请与您的供应商,以确定哪些属性必须提交更改之前设置。
所以,如果你改变了code为 user.CommitChanges()它应该工作,如果你需要设置的不仅仅是帐户名称更多的属性,那么你应该得到一个例外。
由于您目前呼吁一直没有被改变也不会有例外的OU的CommitChanges()。
I need to create a new user in Active Directory. I have found several examples like the following:
using System;
using System.DirectoryServices;
namespace test {
class Program {
static void Main(string[] args) {
try {
string path = "LDAP://OU=x,DC=y,DC=com";
string username = "johndoe";
using (DirectoryEntry ou = new DirectoryEntry(path)) {
DirectoryEntry user = ou.Children.Add("CN=" + username, "user");
user.Properties["sAMAccountName"].Add(username);
ou.CommitChanges();
}
}
catch (Exception exc) {
Console.WriteLine(exc.Message);
}
}
}
}
When I run this code I get no errors, but no new user is created.
The account I'm running the test with has sufficient privileges to create a user in the target Organizational Unit.
Am I missing something (possibly some required attribute of the user object)?
Any ideas why the code does not give exceptions?
EDIT
The following worked for me:
int NORMAL_ACCOUNT = 0x200;
int PWD_NOTREQD = 0x20;
DirectoryEntry user = ou.Children.Add("CN=" + username, "user");
user.Properties["sAMAccountName"].Value = username;
user.Properties["userAccountControl"].Value = NORMAL_ACCOUNT | PWD_NOTREQD;
user.CommitChanges();
So there were actually a couple of problems:
CommitChangesmust be called onuser(thanks Rob)- The password policy was preventing the user to be created (thanks Marc)
I think you are calling CommitChanges on the wrong DirectoryEntry. In the MSDN documentation (http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentries.add.aspx) it states the following (emphasis added by me)
You must call the CommitChanges method on the new entry to make the creation permanent. When you call this method, you can then set mandatory property values on the new entry. The providers each have different requirements for properties that need to be set before a call to the CommitChanges method is made. If those requirements are not met, the provider might throw an exception. Check with your provider to determine which properties must be set before committing changes.
So if you change your code to user.CommitChanges() it should work, if you need to set more properties than just the account name then you should get an exception.
Since you're currently calling CommitChanges() on the OU which hasn't been altered there will be no exceptions.
这篇关于建立在.NET中的Active Directory用户(C#)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
