在带有 C# 错误的 Active Directory 中创建用户 [英] Creating user in Active Directory with C# errors

问题描述

我正在尝试在我的域中的特定 OU 中创建用户.这是我得到的

I am trying to create a user in a specific OU in my domain. Here's what I got

public static string ldapPath = "LDAP://OU=Domain Users,DC=contoso,DC=com";
public static string CreateUserAccount(string userName, string userPassword)
{
    DirectoryEntry ldapConnection = new DirectoryEntry("contoso.com");
    ldapConnection.Path = ldapPath;

    DirectoryEntry user = ldapConnection.Children.Add("CN=" + userName, "user");

    return user.Guid.ToString();
}

如果我删除 OU=Domain Users，它就可以工作，并且我会收到一个 Guid.但是，我的 OU 中需要这些帐户.我从 AD 用户和计算机中的 OU 本身复制了 ldapPath.我知道这是正确的.

If I remove the OU=Domain Users, it works, and I receive a Guid. However I need these accounts in my OU. I copied the ldapPath from the OU itself in AD Users and Computers. I know it's correct.

我得到的错误是

System.Runtime.InteropServices.COMException (0x80005009): The specified directory object is not bound to a remote resource

   at System.DirectoryServices.DirectoryEntry.RefreshCache()
   at System.DirectoryServices.DirectoryEntry.FillCache(String propertyName)
   at System.DirectoryServices.DirectoryEntry.get_NativeGuid()
   at System.DirectoryServices.DirectoryEntry.get_Guid()
   at ADINtegrationTest.ActiveDirectory.CreateUserAccount(String userName, String userPassword) in D:\_dataADINtegrationTestADINtegrationTestActiveDirectoryUtils.cs:line 21
   at ADINtegrationTest.Form1.Form1_Load(Object sender, EventArgs e) in D:\_dataADINtegrationTestADINtegrationTestForm1.cs:line 32

我在域的成员 Win2k8 服务器上运行它，以域管理员身份登录.我最终需要在另一个 OU 下的一个 OU 中创建它，但让我们从这个开始.

I'm running this on a member Win2k8 server to the domain, logged in as domain administrator. I will eventually need to create it in an OU under another OU, but lets start with this one.

感谢您的帮助！大卫

推荐答案

如果您使用 .NET 3.5 及更高版本，您应该查看 System.DirectoryServices.AccountManagement (S.DS.AM) 命名空间.在此处阅读所有相关信息:

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• 在 .NET Framework 3.5 中管理目录安全主体莉>
• System.DirectoryServices.AccountManagement 上的 MSDN 文档

基本上，您可以定义域上下文并轻松找到 AD 中的用户和/或组:

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// create a user principal object
UserPrincipal user = new UserPrincipal(ctx, "User1Acct", "pass@1w0rd01", true);

// assign some properties to the user principal
user.GivenName = "User";
user.Surname = "One";

// force the user to change password at next logon
user.ExpirePasswordNow();

// save the user to the directory
user.Save();

新的 S.DS.AM 使在 AD 中与用户和组一起玩变得非常容易！

The new S.DS.AM makes it really easy to play around with users and groups in AD!

这篇关于在带有 C# 错误的 Active Directory 中创建用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！