一、Active Directory域服务
Active Directory 域服务 (AD DS) 可存储有关网络上的用户、计算机和其他资源的信息。AD DS 可帮助管理员安全地管理此信息。还便于在用户中实现共享和协作。
网上关于AD域的安装部署文档太多了,这里不过多介绍了,主要讲以下C#实现AD域的连接和用户组织等的同步。
以下代码都在本人的github demo项目中,不想看过多文章的同学,可以直接移步github下载项目,使用自己的AD域信息和数据库信息开始实战。
GitHub项目地址:https://github.com/Menyoupingxiaoguo/LDAPConsoleApp。觉得有用的同学请点个star!
二、C#操作AD域代码
以下主要介绍主要的几种方法,太多的方法类不过多赘述。
1、config下配置。
public static string domainName = ConfigurationManager.AppSettings["domainName"];
public static string userName = ConfigurationManager.AppSettings["userName"];
public static string userPwd = ConfigurationManager.AppSettings["userPwd"];
public static string mainOU = ConfigurationManager.AppSettings["mainOU"];
public static string DC1 = ConfigurationManager.AppSettings["DC1"];
public static string DC2 = ConfigurationManager.AppSettings["DC2"];
2、AD域连接。
/// <summary>
/// 创建AD主连接
/// </summary>
/// <returns></returns>
public DirectoryEntry GetDirectoryEntry()
{
DirectoryEntry de = new DirectoryEntry();
if(IsConnected(domainName, userName, userPwd, out de))
{
return de;
}
return null;
}
/// <summary>
/// 是否连接到域
/// </summary>
/// <param name="domainName">域名或IP</param>
/// <param name="userName">用户名</param>
/// <param name="userPwd">密码</param>
/// <param name="domain">域</param>
/// <returns></returns>
public bool IsConnected(string domainName, string userName, string userPwd, out DirectoryEntry de)
{
de = new DirectoryEntry();
try
{
de.Path = string.Format("LDAP://{0}", domainName);
de.Username = userName;
de.Password = userPwd;
de.AuthenticationType = AuthenticationTypes.Secure;
var tmp = de.Guid;
de.RefreshCache();
return true;
}
catch (Exception ex)
{
LogHelper.WriteProgramLog("[IsConnected方法]错误信息:" + ex.Message);
return false;
}
}
3、AD域部门操作。
/// <summary>
/// 创建OU
/// </summary>
/// <param name="parentEntry"></param>
/// <param name="ouName"></param>
/// <param name="description"></param>
public void CreateOU(DirectoryEntry parentEntry, string ouName, string description)
{
try
{
DirectoryEntry ouEntry = parentEntry.Children.Add("ou=" + ouName, "organizationalUnit");
//为创建的新OU赋值属性
if (!String.IsNullOrEmpty(description))
ouEntry.Properties["description"].Value = description;
//保存
ouEntry.CommitChanges();
}
catch (Exception ex)
{
throw;
}
}
/// <summary>
/// 修改OU名称
/// </summary>
/// <param name="ouName"></param>
/// <param name="ouNewName"></param>
public void ModifyOU(DirectoryEntry de, string ouNewName)
{
de.Rename("OU=" + ouNewName);
de.CommitChanges();
de.Close();
}
/// <summary>
/// 删除OU
/// </summary>
/// <param name="ouName"></param>
public void DeleteOU(DirectoryEntry de, string ouName)
{
try
{
DirectoryEntry ouEntry = de.Children.Find("OU=" + ouName);
if (de != null)
{
de.Children.Remove(ouEntry);
de.CommitChanges();
}
ouEntry.Close();
de.Close();
}
catch (Exception)
{
throw;
}
}
4、AD域用户操作。
/// <summary>
/// 创建一个新用户
/// </summary>
/// <param name="employeeID"></param>
/// <param name="name"></param>
/// <param name="login"></param>
/// <param name="email"></param>
/// <param name="group"></param>
public void CreateNewUser(DirectoryEntry parentEntry, YTStaff staffModel, string DeptName, string group)
{
/*
LDAP Property Name Description Data Type
givenName First Name String
initials Initials String
sn Last name String
displayName Display name String
description Description String
physicalDeliveryOfficeName Office String
telephoneNumber Telephone number String
otherTelephone Other Telephone numbers String
mail E-mail String
wWWHomePage Web page String
url Other Web pages String
streetAddress Street String
postOfficeBox P.O. Box String
l City String
st State/province String
postalCode Zip/Postal Code String
c, co, countryCode Country/region String
userPrincipalName User logon name String
sAMAccountName pre-Windows 2000 logon name String
userAccountControl Account disabled? Boolean
profilePath User Profile path String
scriptPath Logon script String
homeDirectory Home folder, local path String
homeDrive Home folder, Connect, Drive String
homeDirectory Home folder, Connect, To: String
title Title String
department Department String
company Company String
manager Manager String
mobile Mobile String
facsimileTelephoneNumber Fax String
info Notes String
*/
string pinyin = Pinyin.GetPinyin(staffModel.StaffName).Replace(" ", "");
/// 1. Create user account
DirectoryEntry newuser = parentEntry.Children.Add("CN=" + staffModel.StaffName, "user");
/// 2. Set properties
SetProperty(newuser, "title", staffModel.PartName);
if(!string.IsNullOrEmpty(staffModel.StaffTel))
SetProperty(newuser, "telephoneNumber", staffModel.StaffTel);
SetProperty(newuser, "givenName", staffModel.StaffName);
SetProperty(newuser, "displayName", staffModel.StaffName);
SetProperty(newuser, "department", DeptName);
SetProperty(newuser, "name", staffModel.StaffName);
SetProperty(newuser, "sAMAccountName", pinyin);
SetProperty(newuser, "employeeID", staffModel.staffNum);
SetProperty(newuser, "userPrincipalName", pinyin + "@test.com");
SetProperty(newuser, "mobile", staffModel.StaffPhone);
newuser.CommitChanges();
/// 3. Enable account
EnableAccount(newuser);
/// 4. Set password
SetPassword(newuser, "123Qweasd");
/// 5. Add user account to groups
if(!string.IsNullOrEmpty(group))
AddUserToGroup(parentEntry, newuser, group);
newuser.Close();
parentEntry.Close();
}
/// <summary>
/// 设置用户新密码
/// </summary>
/// <param name="de"></param>
/// <param name="password"></param>
public void SetPassword(DirectoryEntry de, string password)
{
try
{
object ret = de.Invoke("SetPassword", new object[] { password });
de.CommitChanges();
de.Close();
}
catch (Exception ex)
{
throw;
}
}
/// <summary>
/// 启用用户帐号
/// </summary>
/// <param name="de"></param>
public void EnableAccount(DirectoryEntry de)
{
//UF_DONT_EXPIRE_PASSWD 0x10000
int exp = (int)de.Properties["userAccountControl"].Value;
de.Properties["userAccountControl"].Value = exp | 0x0001;
de.CommitChanges();
//UF_ACCOUNTDISABLE 0x0002
int val = (int)de.Properties["userAccountControl"].Value;
de.Properties["userAccountControl"].Value = val & ~0x0002;
de.CommitChanges();
}
/// <summary>
/// 禁用一个帐号
/// </summary>
/// <param name="EmployeeID"></param>
public void DisableAccount(string EmployeeID)
{
DirectoryEntry de = GetDirectoryEntry();
DirectorySearcher ds = new DirectorySearcher(de);
ds.Filter = "(&(objectCategory=Person)(objectClass=user)(employeeID=" + EmployeeID + "))";
ds.SearchScope = SearchScope.Subtree;
SearchResult results = ds.FindOne();
if (results != null)
{
DirectoryEntry dey = new DirectoryEntry(results.Path, userName, userPwd, AuthenticationTypes.Secure);
int val = (int)dey.Properties["userAccountControl"].Value;
dey.Properties["userAccountControl"].Value = val | 0x0002;
dey.Properties["msExchHideFromAddressLists"].Value = "TRUE";
dey.CommitChanges();
dey.Close();
}
de.Close();
}