在 C# 中使用密码创建 Active Directory 用户
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2305857/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Creating Active Directory user with password in C#
提问by RajenK
I'm looking for a way to create Active Directory users and set their password, preferably without giving my application/service Domain Admin privileges.
我正在寻找一种方法来创建 Active Directory 用户并设置他们的密码,最好不授予我的应用程序/服务域管理员权限。
I've tried the following:
我尝试了以下方法:
DirectoryEntry newUser = _directoryEntry.Children.Add("CN=" + fullname, USER);
newUser.Properties["samAccountName"].Value = username;
newUser.Properties["userPassword"].Value = password;
newUser.Properties["mail"].Value = email;
newUser.CommitChanges();
The user is created, but it seems the password is never set on the user.
用户已创建,但似乎从未在用户上设置密码。
Does anyone have an idea on how to set the user's password initially when creating the user? I know about
有没有人知道如何在创建用户时最初设置用户的密码?我知道
.Invoke("SetPassword", new object[] { password })
But that requires my code to be run with Domain Admin privileges. As I don't really see the point to grant my code Domain Admin privileges, just to set the initial password (I also allow user password resets, but those run in the context of that particular user), I am hoping someone has a clever solution that doesn't require me to do so.
但这需要我的代码以域管理员权限运行。因为我真的没有看到授予我的代码域管理员权限的意义,只是为了设置初始密码(我也允许用户密码重置,但那些在该特定用户的上下文中运行),我希望有人有一个聪明的不需要我这样做的解决方案。
Thanks in advance!
提前致谢!
采纳答案by Nick Craver
You can do this whole process much easier now with System.DirectoryServices.AccountManagement (long as you're on .Net 3.5):
您现在可以使用 System.DirectoryServices.AccountManagement 更轻松地完成整个过程(只要您使用的是 .Net 3.5):
Here's a quick example of your specific case:
这是您的具体案例的快速示例:
using(var pc = new PrincipalContext(ContextType.Domain))
{
using(var up = new UserPrincipal(pc))
{
up.SamAccountName = username;
up.EmailAddress = email;
up.SetPassword(password);
up.Enabled = true;
up.ExpirePasswordNow();
up.Save();
}
}
回答by tvanfosson
I'd use @Nick's code (wrapped in usingstatements so the context and principal are disposed properly). As for privileges, you'll need to at least have enough privileges on the OU where you are creating the user to create and manage objects. I'd create a specific user under which your program will run and give it just enough privileges to do the tasks that it needs in that specific OU and no more.
我会使用@Nick 的代码(包装在using语句中,以便正确处理上下文和主体)。至于权限,您至少需要在创建用户的 OU 上拥有足够的权限来创建和管理对象。我会创建一个特定的用户,您的程序将在该用户下运行,并授予它足够的权限来执行该特定 OU 中所需的任务,仅此而已。
回答by kombsh
Yes can also use below code to create bulk of users
是的,也可以使用下面的代码来创建大量用户
DirectoryEntry ouEntry = new DirectoryEntry("LDAP://OU=TestOU,DC=TestDomain,DC=local");
for (int i = 0; i < 10; i++)
{
try
{
DirectoryEntry childEntry = ouEntry.Children.Add("CN=TestUser" + i, "user");
childEntry.CommitChanges();
ouEntry.CommitChanges();
childEntry.Invoke("SetPassword", new object[] { "password" });
childEntry.CommitChanges();
}
catch (Exception ex)
{
}
}
回答by Munna
Try with this code.
尝试使用此代码。
DirectoryEntry ouEntry = new DirectoryEntry("LDAP://OU=TestOU,DC=TestDomain,DC=local");
for (int i = 0; i < 10; i++)
{
try
{
DirectoryEntry childEntry = ouEntry.Children.Add("CN=TestUser" + i, "user");
childEntry.CommitChanges();
ouEntry.CommitChanges();
childEntry.Invoke("SetPassword", new object[] { "password" });
childEntry.CommitChanges();
}
catch (Exception ex)
{
}
}
