如何在C＃中的不同Active Directory域中添加用户？ [英] How to add a user in a different Active Directory Domain in C#?

问题描述

所以我的目标是能够将用户从一个Active Directory域添加到单独的Active Directory域中的另一个组。

我想做这在C＃。我知道有一个System.DirectoryServices命名空间的类与AD通信，但我找不到任何有关添加用户跨域的信息。

在环境中有两个域控制器具有相同的父林。在这两个域之间有一个暂时的信任，我们称之为域A和B.

我可以将用户从B添加到域本地或通用组

有人知道我如何使用C＃以编程方式做这个？

1. 对我来说，这对我有用。获取要添加成员的组的DirectoryEntry。


2. 在DirectoryEntry组中调用Invoke，传递参数Add作为方法名称，并且 ADsPath 数组中的成员。

一些示例代码在我的头顶：

  DirectoryEntry group = new DirectoryEntry（@LDAP：// CN = foo， DC = domainA）; 
 string memberADsPath = @LDAP：// CN = bar，DC = domainB; 
 group.Invoke（Add，new Object [] {m​​emberADsPath}）; 
  

So my goal is to be able to add a user from one Active Directory Domain to another group in a separate Active Directory Domain.

I'd like to do this in C#. I know there is a System.DirectoryServices namespace with classes to communicate with AD, but I can't find any information on adding users across domains.

In the environment there are two domain controllers with the same parent forest. There is a transient trust between the 2 domains, let's call them domains A and B.

I'm able to add a user from B to a Domain Local or Universal group inside of domain A with the Active Directory tool.

Does anyone know how I can do this programmatically using C#?

解决方案

What worked for me when I wrote code to do this a couple years back:

1. Get a DirectoryEntry for the group to which you want to add a member.
2. Call Invoke on the group DirectoryEntry passing arguments "Add" as the method name and the ADsPath of the member in an array.

Some sample code off the top of my head:

DirectoryEntry group = new DirectoryEntry(@"LDAP://CN=foo,DC=domainA");
string memberADsPath = @"LDAP://CN=bar,DC=domainB";
group.Invoke("Add", new Object[] {memberADsPath});

这篇关于如何在C＃中的不同Active Directory域中添加用户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！