创建用户在Active Directory中使用C＃的错误 [英] Creating user in Active Directory with C# errors

问题描述

我想在我的域中的特定OU中创建一个用户。这是我得到了

I am trying to create a user in a specific OU in my domain. Here's what I got

public static string ldapPath = "LDAP://OU=Domain Users,DC=contoso,DC=com";
public static string CreateUserAccount(string userName, string userPassword)
{
    DirectoryEntry ldapConnection = new DirectoryEntry("contoso.com");
    ldapConnection.Path = ldapPath;

    DirectoryEntry user = ldapConnection.Children.Add("CN=" + userName, "user");

    return user.Guid.ToString();
}

如果我删除OU =域用户，它的工作原理，我收到一个GUID。不过，我需要这些帐户在我的OU。我复制从OU本身AD用户和计算机的ldapPath。我知道这是正确的。

If I remove the OU=Domain Users, it works, and I receive a Guid. However I need these accounts in my OU. I copied the ldapPath from the OU itself in AD Users and Computers. I know it's correct.

我收到的错误是

System.Runtime.InteropServices.COMException (0x80005009): The specified directory object is not bound to a remote resource

   at System.DirectoryServices.DirectoryEntry.RefreshCache()
   at System.DirectoryServices.DirectoryEntry.FillCache(String propertyName)
   at System.DirectoryServices.DirectoryEntry.get_NativeGuid()
   at System.DirectoryServices.DirectoryEntry.get_Guid()
   at ADINtegrationTest.ActiveDirectory.CreateUserAccount(String userName, String userPassword) in D:\_data\ADINtegrationTest\ADINtegrationTest\ActiveDirectoryUtils.cs:line 21
   at ADINtegrationTest.Form1.Form1_Load(Object sender, EventArgs e) in D:\_data\ADINtegrationTest\ADINtegrationTest\Form1.cs:line 32

我是一个成员Win2k8服务器的域上运行此，登录的域管理员。我最终需要下另一个OU中的OU中创建它，但让我们开始这一个。

I'm running this on a member Win2k8 server to the domain, logged in as domain administrator. I will eventually need to create it in an OU under another OU, but lets start with this one.

感谢您的帮助！ 大卫

推荐答案

如果你在.NET 3.5及以上，你应该看看 System.DirectoryServices.AccountManagement （S.DS.AM）命名空间。阅读所有关于它的：

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• 在管理目录安全主体在.NET Framework 3.5
• href="http://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.aspx" rel="nofollow"> MSDN文档

• Managing Directory Security Principals in the .NET Framework 3.5
• MSDN docs on System.DirectoryServices.AccountManagement

基本上，你可以定义域范围内，并很容易地找到在AD用户和/或组：

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// create a user principal object
UserPrincipal user = new UserPrincipal(ctx, "User1Acct", "pass@1w0rd01", true);

// assign some properties to the user principal
user.GivenName = "User";
user.Surname = "One";

// force the user to change password at next logon
user.ExpirePasswordNow();

// save the user to the directory
user.Save();

新S.DS.AM使得它可以很容易地玩弄用户和组AD！

The new S.DS.AM makes it really easy to play around with users and groups in AD!

这篇关于创建用户在Active Directory中使用C＃的错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！