C#域控操作大全,节点删除,修改密码,添加用户
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Collections;
using System.Data;
using System.DirectoryServices;
using NJZF.SCDM.DAL.Database;
using System.Data.SqlClient;
using NJZF.SCDM.DAL.DBUtility;
using NJZF.SCDM.BLL.Tools;
using NJZF.SCDM.DataModel;
namespace er
{
public class AdHelper
{
/// <summary>
/// 定义域控配置结构
/// </summary>
public struct DomainConfig
{
public string LdapPath;
public string AdUser;
public string AdPwd;
public string DomainName;
}
/// <summary>
/// 初始化域控配置结构
/// </summary>
/// <returns></returns>
public static DomainConfig GetConfig()
{
DomainConfig Config = new DomainConfig();
SqlParameter [] Parameter={new SqlParameter
("@Type",SqlDbType.Int,4)};
Parameter[0].Value=1;
DataSet ds = DbHelperSQL.RunProcedure("SCDM_Config_GetModel",
Parameter, "SCDM_Config");
if (ds.Tables[0].Rows.Count > 0)
{
Config.LdapPath = ds.Tables[0].Rows[0][1].ToString();
Config.AdUser = ds.Tables[0].Rows[0][2].ToString();
Config.AdPwd = ds.Tables[0].Rows[0][3].ToString();
string DomainName = "";
string[] DomainNameArr = StringTools.GetSafeStr(ds.Tables
[0].Rows[0][5].ToString()).Split(new char[] { '.' });
if (DomainNameArr.Length > 0)
{
foreach (string arrname in DomainNameArr)
{
string DC1 = "DC=" + arrname + ",";
DomainName += DC1;
}
}
DomainName = DomainName.Remove(stIndexOf(','));
Config.DomainName = DomainName;
}
return Config;
}
/// <summary>
/// 获取数据库中跟节点的名称
/// </summary>
/// <returns></returns>
public static string GetRootName()
{
SqlParameter[] Parameter = { new SqlParameter("@Type",
SqlDbType.Int, 4) };
Parameter[0].Value = 1;
DataSet ds = DbHelperSQL.RunProcedure("SCDM_Config_GetModel",
Parameter, "SCDM_Config");
if (ds.Tables[0].Rows.Count > 0)
{
return ds.Tables[0].Rows[0][1].ToString();
}
else
{
return "";
}
}
/// <summary>
/// 域的名称
/// </summary>
#region MyRegion
///用户属性定义标志
public enum ADS_USER_FLAG_ENUM
{
///
///登录脚本标志。
如果通过ADSI LDAP 进行读或写操作时,该标志失效。
如果通过ADSI WINNT,该标志为只读。
///
ADS_UF_SCRIPT = 0X0001,
///
///用户帐号禁用标志
///
ADS_UF_ACCOUNTDISABLE = 0X0002,
///
///主文件夹标志
///
ADS_UF_HOMEDIR_REQUIRED = 0X0008,
///
///过期标志
///
ADS_UF_LOCKOUT = 0X0010,
///
///用户密码不是必须的
///
ADS_UF_PASSWD_NOTREQD = 0X0020,
///
///密码不能更改标志
///
ADS_UF_PASSWD_CANT_CHANGE = 0X0040,
///
///使用可逆的加密保存密码
///
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,
///
///本地帐号标志
///
ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,
///
///普通用户的默认帐号类型
ADS_UF_NORMAL_ACCOUNT = 0X0200,
///
///跨域的信任帐号标志
///
ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,
///
///工作站信任帐号标志
///
ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,
///
///服务器信任帐号标志
///
ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,
///
///密码永不过期标志
///
ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,
///
/// MNS 帐号标志
///
ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,
///
///交互式登录必须使用智能卡
///
ADS_UF_SMARTCARD_REQUIRED = 0X40000,
///
///当设置该标志时,服务帐号(用户或计算机帐号)将通过Kerberos 委
托信任
///
ADS_UF_TRUSTED_FOR_DELEGA TION = 0X80000,
///
///当设置该标志时,即使服务帐号是通过Kerberos 委托信任的,敏感帐
号不能被委托
///
ADS_UF_NOT_DELEGATED = 0X100000,
///
///此帐号需要DES 加密类型
///
ADS_UF_USE_DES_KEY_ONL Y = 0X200000,
///
///不要进行Kerberos 预身份验证
ADS_UF_DONT_REQUIRE_PREAUTH = 0X4000000,
///用户密码过期标志
ADS_UF_PASSWORD_EXPIRED = 0X800000,
///用户帐号可委托标志
ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0X1000000
}
#endregion
#region 获取域上的所有的用户列表
/// 获取域上的所有的用户列表
/// </summary>
/// <returns>用户集合</returns>
public static ArrayList GetUsers()
{
ArrayList users = new ArrayList();
DirectoryEntry de = GetObjectByAdmin();
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)
(objectClass=user)))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResultCollection results = deSearch.FindAll();
for (int i = 0; i < results.Count; i++)
{
DirectoryEntry des = results[i].GetDirectoryEntry();
users.Add(des);
}
return users;
}
catch (Exception e)
{
return null;
}
}
#endregion
#region 获取域上的所有用户组列表
/// 获取域上的所有用户组列表
/// </summary>
/// <returns>用户集合</returns>
public static ArrayList GetGroups()
{
ArrayList groups = new ArrayList();
DirectoryEntry de = GetObjectByAdmin();
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(objectCategory=group)";
deSearch.SearchScope = SearchScope.Subtree;
SearchResultCollection results;
try
{
results = deSearch.FindAll();
foreach (SearchResult sr in results)
{
DirectoryEntry directoryentry = sr.GetDirectoryEntry();
groups.Add(directoryentry);
}
return groups;
}
catch (Exception e)
{
return null;
}
}
#endregion
#region 根据用户组的名称查找该组下的用户成员
/// 根据用户组的名称查找该组下的用户成员
/// </summary>
/// <param name="groupName">用户组名称</param>
/// <returns>用户集合</returns>
public static ArrayList GetUsersByGroup(string groupName)
{
ArrayList users = new ArrayList();
DirectoryEntry SearchRoot = GetObjectByAdmin();
DirectorySearcher directorySearch = new DirectorySearcher
(SearchRoot);
directorySearch.Filter = "(&(objectClass=group)(SAMAccountName="
+ groupName + "))";
SearchResult results = directorySearch.FindOne();
try
{
if (results != null)
{
DirectoryEntry dirEntry = new DirectoryEntry
(results.Path,GetConfig().AdUser, GetConfig().AdPwd);
System.DirectoryServices.PropertyCollection
propertyCollection = dirEntry.Properties;
int count = propertyCollection["member"].Count;
for (int i = 0; i < count; i++)
{
string respath = results.Path;
string[] pathnavigate = respath.Split
("CN".ToCharArray());
respath = pathnavigate[0];
string objpath = propertyCollection["member"]
[i].ToString();
string path = respath + objpath;
DirectoryEntry user = new DirectoryEntry(path,
GetConfig().AdUser, GetConfig().AdPwd);
users.Add(user);
}
}
return users;
}
catch (Exception e)
{
return null;
}
}
#endregion
#region 根据用户组查找对应的用户
/// 根据用户组查找对应的用户
/// </summary>
/// <returns>ArrayList用户集合</returns>
public static ArrayList GetUsersByUserGroup(string GroupName)
{
ArrayList users = new ArrayList();
DirectoryEntry SearchRoot = GetObjectByAdmin();
DirectorySearcher directorySearch = new DirectorySearcher
(SearchRoot);
directorySearch.Filter = "(&(objectClass=group)(SAMAccountName="
+ GroupName + "))";
SearchResult results = directorySearch.FindOne();
try
{
if (results != null)
{
DirectoryEntry dirEntry = new DirectoryEntry
(results.Path, GetConfig().AdUser,GetConfig().AdPwd);
System.DirectoryServices.PropertyCollection
propertyCollection = dirEntry.Properties;
int count = propertyCollection["member"].Count;
for (int i = 0; i < count; i++)
{
string respath = results.Path;
string[] pathnavigate = respath.Split
("CN".ToCharArray());
respath = pathnavigate[0];
string objpath = propertyCollection["member"]
[i].ToString();
string path = respath + objpath;
DirectoryEntry user = new DirectoryEntry(path,
GetConfig().AdUser, GetConfig().AdPwd);
users.Add(user);
}
}
else
{
users = null;
}
return users;
}
catch (Exception e)
{
return null;
}
}
#endregion
#region 根据用户名称查找对应的组
/// 根据用户名称查找对应的组
/// </summary>
/// <param name="username">用户名</param>
/// <returns>ArrayList用户组集合</returns>
public static ArrayList GetGroupsByUser(string username)
{
DirectoryEntry directoryentry = GetObjectByAdmin();
DirectorySearcher ds = new DirectorySearcher(directoryentry);
ds.Filter = "(&(sAMAccountName=" + username + "))";
ds.PropertiesToLoad.Add("memberof");
SearchResult searchresult = ds.FindOne();
ArrayList results = new ArrayList();
if (searchresult == null)
{
results = null;
}
else
{
if (searchresult.Properties["memberof"] == null)
{
return (null);
}
for (int i = 0; i < searchresult.Properties
["memberof"].Count; i++)
{
string theGroupPath = searchresult.Properties
["memberof"][i].ToString();
results.Add(theGroupPath.Substring(3,
theGroupPath.IndexOf(",") - 3));
}
}
directoryentry.Close();
return (results);
}
#endregion
#region 以管理员的身份登陆域
/// 以管理员的身份登陆域
/// </summary>
/// <param name="adPath">Ldap地址</param>
/// <param name="adUser">用户名称</param>
/// <param name="adPassWord">用户密码</param>
/// <returns>返回DirectoryEntry对象</returns>
public static DirectoryEntry GetObjectByAdmin()
{
DirectoryEntry entry = new DirectoryEntry(GetConfig
().LdapPath,GetConfig().AdUser, GetConfig().AdPwd,
AuthenticationTypes.Secure);
return entry;
}
/// <summary>
/// 测试域控链接的方法
/// </summary>
/// <param name="UserName">域控管理员用户名</param>
/// <returns></returns>
public static DirectoryEntry TestAD(string UserName)
{
DirectoryEntry de = GetObjectByAdmin();
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(objectClass=group)(cn=" + UserName + "))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path);
return de;
}
catch
{
return null;
}
}
#endregion
#region 以管理员的身份登陆域
/// <summary>
/// 以管理员的身份登陆域
/// </summary>
/// <param name="adPath">Ldap地址</param>
/// <param name="adUser">用户名称</param>
/// <param name="adPassWord">用户密码</param>
/// <returns>返回DirectoryEntry对象</returns>
private static DirectoryEntry GetDirectoryObject(string
domainReference)
{
DirectoryEntry entry = new DirectoryEntry(GetConfig().LdapPath + domainReference,GetConfig().AdUser, GetConfig().AdPwd,
AuthenticationTypes.Secure);
return entry;
}
#endregion
#region 根据用户名称查找对应的组
/// <summary>
/// 根据用户名称查找对应的组
/// </summary>
/// <param name="username">用户名</param>
/// <returns>用户组字符串以,隔开</returns>
public static string GetGroupsByUserString(string username)
{
string groups = "";
DirectoryEntry directoryentry = GetObjectByAdmin();
DirectorySearcher ds = new DirectorySearcher(directoryentry);
ds.Filter = "(&(sAMAccountName=" + username + "))";
ds.PropertiesToLoad.Add("memberof");
SearchResult searchresult = ds.FindOne();
if (searchresult != null)
{
if (searchresult.Properties["memberof"] == null)
{
return (null);
}
ArrayList results = new ArrayList();
for (int i = 0; i < searchresult.Properties
["memberof"].Count; i++)
{
string theGroupPath = searchresult.Properties
["memberof"][i].ToString();
groups += theGroupPath.Substring(3, theGroupPath.IndexOf
(",") - 3) + ",";
}
}
directoryentry.Close();
if (groups.Length > 0)
{
groups = groups.Remove(stIndexOf(','));
}
return groups;
}
#endregion
#region 用户身份验证
/// <summary>
/// 用户身份验证
/// </summary>
/// <param name="UserID">用户账号名称</param>
/// <param name="Password">用户账号密码</param>
/// <returns>验证结果</returns>
public static bool IsAuthenticated(string UserID, string Password)
{
bool result = false;
DirectoryEntry entry = GetObjectByAdmin(UserID, Password);
try
{
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + UserID + ")";
SearchResult searchResult = search.FindOne();
if (searchResult != null)
{
result = true;
}
return result;
}
catch (Exception ex)
{
return result;
}
}
#endregion
#region MyRegion
/// <summary>
/// 根据用户名密码获取DirectoryEntry对象
/// </summary>
/// <param name="UserID">登陆名</param>
/// <param name="Password">密码</param>
/// <returns>DirectoryEntry</returns>
private static DirectoryEntry GetObjectByAdmin(string UserID, string
Password)
{
DirectoryEntry entry = new DirectoryEntry(GetConfig
().LdapPath,GetConfig().AdUser,GetConfig().AdPwd);
return entry;
}
#endregion
#region 域控成员身份验证
/// <summary>
/// 域控成员身份验证
/// </summary>
/// <param name="LdapPath">域控的地址</param>
/// <param name="UserName">登陆用户名</param>
/// <param name="PassWord">登陆密码</param>
/// <returns>验证结果true或者false</returns>
public static bool IsAuthenticated(string LdapPath, string UserName,
string PassWord)
{
DirectoryEntry entry = GetObjectByAdmin(LdapPath, UserName,
PassWord);
try
{
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + UserName + ")";
SearchResult result = search.FindOne();
if (null == result)
{
return false;
}
else
{
return true;
}
}
catch (Exception ex)
{
return false;
}
}
#endregion
#region 以管理员登陆域控
/// <summary>
/// 以管理员登陆域控
/// </summary>
/// <param name="LdapPath">域控的地址</param>
/// <param name="UserName">登录名称</param>
/// <param name="PassWord">登陆密码</param>
/// <returns>DirectoryEntry</returns>
public static DirectoryEntry GetObjectByAdmin(string LdapPath, string
UserName, string PassWord)
{
try
{
DirectoryEntry entry = new DirectoryEntry(LdapPath, UserName,
PassWord);
if (entry.Guid == null)
{
return null;
}
else
{
return entry;
}
}
catch
{
return null;
}
}
#endregion
#region 根据用户名获取用户实体对象
/// <summary>
/// 根据用户名称获取用户的实体对象
/// </summary>
/// <param name="AccoutName">用户账号名称</param>
/// <returns>用户实体对象</returns>
public static ModelUsers GetUserModel(string AccoutName)
{
DirectoryEntry der = AdHelper.GetDirectoryEntry(AccoutName);
DirectoryEntry de = GetObjectByAdmin();
DirectorySearcher desearcher = new DirectorySearcher(de);
desearcher.Filter = "(&(&(objectCategory=person)
(objectClass=user))(cn=" + AccoutName + "))";
desearcher.SearchScope = SearchScope.Subtree;
try
{
SearchResult SeaRes = desearcher.FindOne();
DirectoryEntry DireEnt = new DirectoryEntry(SeaRes.Path,
GetConfig().AdUser, GetConfig().AdPwd, AuthenticationTypes.Secure);
ModelUsers UserModel = new ModelUsers();
if (DireEnt == null)
{
UserModel = null;
return UserModel;
}
else
{
UserModel.Loginname = DireEnt.Properties ["sAMAccountName"].Value.ToString();
ername = ;
UserModel.Email = DireEnt.Properties["Mail"].Value == null ? "" : DireEnt.Properties["Mail"].Value.ToString();
UserModel.Description = DireEnt.Properties ["description"].Value == null ? "" : DireEnt.Properties
["description"].Value.ToString();
if( DireEnt.Properties["telephoneNumber"].Count>0)
UserModel.Tel = DireEnt.Properties["telephoneNumber"]
[0].ToString() == null ? "" : DireEnt.Properties["telephoneNumber"]
[0].ToString();
if (DireEnt.Properties["userPassword"].Count > 0)
{
UserModel.PassWord = DireEnt.Properties
["userPassword"].Value.ToString();
string m = DireEnt.Properties["userPassword"]
[0].ToString();
}
else
{
}
return UserModel;
}
}
catch (Exception e)
{
return null;
}
}
#endregion
#region 创建新的用户
/// <summary>
/// 创建新的用户
/// </summary>
/// <param name="ldapDN">路径</param>
/// <param name="UserModel">用户实体对象</param>
public static void CreateNewUser(string ldapDN, ModelUsers UserModel)
{
DirectoryEntry entry = GetObjectByAdmin();
DirectoryEntry subEntry = new DirectoryEntry(ldapDN,GetConfig
().AdUser, GetConfig().AdPwd);
DirectoryEntry deUser = subEntry.Children.Add("CN=" + ername, "user");
deUser.Properties["sAMAccountName"].Value = UserModel.Loginname;
if (UserModel.Description != "")
{
deUser.Properties["description"].Value =
UserModel.Description;
}
if (UserModel.Email != "")
{
deUser.Properties["Mail"].Value = UserModel.Email;
}
if (UserModel.Tel != "")
{
deUser.Properties["telephoneNumber"].Add(UserModel.Tel);
}
mitChanges();
AdHelper.SetPassword(ername,UserModel.PassWord);
AdHelper.EnableUser(ername);
deUser.Close();
}
#endregion
#region 修改用户信息
/// <summary>
/// 修改用户信息
/// </summary>
/// <param name="UserModel">用户实体对象</param>
public static void ModifyUsers(ModelUsers UserModel)
{
DirectoryEntry de = GetDirectoryEntry(ername);
if (UserModel.Description != "")
{
de.Properties["description"].Value = UserModel.Description;
}
if (UserModel.Email != "")
{
de.Properties["Mail"].Value = UserModel.Email;
}
if (UserModel.Tel != "")
{
if (de.Properties["telephoneNumber"].Count > 0)
{
string m = de.Properties["telephoneNumber"][0].ToString ();
de.Properties["telephoneNumber"][0] = UserModel.Tel;
}
else
{
de.Properties["telephoneNumber"].Add(UserModel.Tel);
}
}
try
{
mitChanges();
de.Close();
if (UserModel.PassWord != "")
{
de.Properties["userPassword"].Add(UserModel.PassWord);
SetPassword(ername, UserModel.PassWord);
}
}
catch
{
}
}
#endregion
#region 启用指定名称的用户
/// <summary>
/// 启用指定名称的用户
/// </summary>
/// <param name="commonName"></param>
public static void EnableUser(string commonName)
{
EnableUser(GetDirectoryEntry(commonName));
}
#endregion
#region 启用指定的用户
/// 启用指定的用户
/// </summary>
/// <param name="de"></param>
public static void EnableUser(DirectoryEntry de)
{
de.Properties["userAccountControl"][0] =
AdHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT |
AdHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD;
mitChanges();
de.Close();
}
#endregion
#region 设置用户密码,管理员可以通过它来修改指定用户的密码。
///设置用户密码,管理员可以通过它来修改指定用户的密码。
///用户公共名称
///用户新密码
public static void SetPassword(string commonName, string newPassword)
{
DirectoryEntry de = GetDirectoryEntry(commonName);
try
{
de.Invoke("SetPassword", new object[] { newPassword });
}
catch(Exception Msg)
{
;
}
de.Close();
}
#endregion
#region 修改用户密码
///修改用户密码
///用户公共名称
///旧密码
///新密码
public static void ChangeUserPassword(string commonName, string
oldPassword, string newPassword)
{
// to-do: 需要解决密码策略问题
DirectoryEntry oUser = GetDirectoryEntry(commonName);
oUser.Invoke("ChangePassword", new Object[] { oldPassword,
newPassword });
oUser.Close();
}
#endregion
#region 禁用指定公共名称的用户
///禁用指定公共名称的用户
///用户公共名称
public static void DisableUser(string commonName)
{
DisableUser(GetDirectoryEntry(commonName));
}
#endregion
#region 禁用指定的用户
///禁用指定的用户
public static void DisableUser(DirectoryEntry de)
{
de.Properties["userAccountControl"][0] =
AdHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | AdHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD |
AdHelper.ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE;
mitChanges();
de.Close();
}
#endregion
#region 判断用户帐号是否激活
///判断用户帐号是否激活
//用户帐号属性控制器
///如果用户帐号已经激活,返回true;否则返回false
public static bool IsAccountActive(int userAccountControl)
{
int userAccountControl_Disabled = Convert.ToInt32
(ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE);
int flagExists = userAccountControl & userAccountControl_Disabled;
if (flagExists > 0)
return false;
else
return true;
}
#endregion
#region 将指定的用户添加到指定的组中。
默认为Users下的组和用户。
///将指定的用户添加到指定的组中。
默认为Users下的组和用户。
///用户公共名称
///组名
//public static void AddRootUserToGroup(string userCommonName, string
groupName)
//{
// try
// {
// DirectoryEntry oGroup = GetDirectoryEntryOfGroup
(groupName);
// DirectoryEntry oUser = GetDirectoryEntry(userCommonName);
// DataModel.SCDM_Config Config = new
NJZF.SCDM.DataModel.SCDM_Config();
// BLL.BLLObject.SCDM_Config Bllconfig = new
BLL.BLLObject.SCDM_Config();
// Config = Bllconfig.GetModel(1);
// if (Config != null)
// {
// string OU = Config.Config_Value4;
// oGroup.Properties["Member"].Add("CN=" + userCommonName
+ ",OU="+OU+",DC=nj,DC=zf,DC=com");
// mitChanges();
// oGroup.Close();
// oUser.Close();
// }
// // impersonate.BeginImpersonate();
// }
// catch (Exception msg)
// { }
//}
public static void AddRootUserToGroup(string userCommonName, string
groupName)
{
try
{
DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);
DirectoryEntry oUser = GetDirectoryEntry(userCommonName);
string path = oUser.Path.Substring(oUser.Path.IndexOf
("CN="));
oGroup.Properties["Member"].Add(path);
mitChanges();
oGroup.Close();
oUser.Close();
// impersonate.BeginImpersonate();
}
catch (Exception msg)
{
}
}
//public static void AddOUUserToGroup(string userCommonName, string
groupName,string parent)
//{
// try
// {
// DirectoryEntry oGroup = GetDirectoryEntryOfGroup
(groupName);
// DirectoryEntry oUser = GetDirectoryEntry(userCommonName);
// DataModel.SCDM_Config Config = new
NJZF.SCDM.DataModel.SCDM_Config();
// BLL.BLLObject.SCDM_Config Bllconfig = new
BLL.BLLObject.SCDM_Config();
// Config = Bllconfig.GetModel(1);
// if (Config != null)
// {
// string OU = Config.Config_Value4;
// oGroup.Properties["Member"].Add("CN=" + userCommonName
+ ",OU="+parent+",OU=" + OU + ",DC=nj,DC=zf,DC=com");
// mitChanges();
// oGroup.Close();
// oUser.Close();
// }
// // impersonate.BeginImpersonate();
// }
// catch (Exception msg)
// { }
//}
#endregion
#region 根据组名取得用户组的对象
///根据组名取得用户组的对象
///组名
public static DirectoryEntry GetDirectoryEntryOfGroup(string
groupName)
{
DirectoryEntry de = GetObjectByAdmin();
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(objectClass=group)(cn=" + groupName + "))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path,GetConfig
().AdUser,GetConfig().AdPwd, AuthenticationTypes.Secure);
return de;
}
catch
{
return null;
}
}
#endregion
#region
///从指定的组中删除用户(关系)
/// <summary>
/// 删除用户操作
/// </summary>
/// <param name="userCommonName">用户名称</param>
/// <param name="groupName">用户组名称</param>
public static void RemoveUserFromGroup(string userCommonName, string groupName)
DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);
DirectoryEntry oUser = GetDirectoryEntry(userCommonName);
oGroup.Properties["member"].Remove(oUser.Properties
["distinguishedName"].Value);
mitChanges();
oGroup.Close();
oUser.Close();
}
#endregion
#region
/// <summary>
/// 删除用户
/// </summary>
/// <param name="Ldap">路径</param>
public static void DeleteUser(string Ldap)
{
DirectoryEntry de = new DirectoryEntry(Ldap, GetConfig().AdUser,
GetConfig().AdPwd, AuthenticationTypes.Secure);
try
{
de.DeleteTree();
mitChanges();
de.Dispose();
}
catch (Exception Msg)
{
;
}
}
#endregion
#region 修改用户组的信息
/// <summary>
/// 修改用户组的信息
/// </summary>
/// <param name="groupName"></param>
/// <param name="groupDesc"></param>
/// <param name="groupCtl"></param>
public static void ModifyGroup(string Ldap,ModelUserGroup UserGroupModel)
DirectoryEntry group = new DirectoryEntry(Ldap, GetConfig
().AdUser, GetConfig().AdPwd, AuthenticationTypes.Secure);
group.Properties["description"].Value
=UserGroupModel.Description;
mitChanges();
group.Close();
}
#endregion
#region 删除用户组
/// <summary>
/// 删除用户组
/// </summary>
/// <param name="Ldap">路径</param>
/// <param name="UserGroupModel">用户组对象</param>
public static void DeleteGroup(string Ldap,ModelUserGroup
UserGroupModel)
{
DirectoryEntry de = new DirectoryEntry(Ldap, GetConfig().AdUser,
GetConfig().AdPwd, AuthenticationTypes.Secure);
try
{
de.DeleteTree();
mitChanges();
de.Dispose();
}
catch (Exception Msg)
{
;
}
}
#endregion
#region 根据框架的名臣获取该框架集下所有的路径集合
/// <summary>
/// 根据框架的名臣获取该框架集下所有的路径集合
/// </summary>
/// <param name="ClassName"></param>
/// <returns></returns>
public static SearchResultCollection GetTreeGroup(string ClassName)
DirectoryEntry de = GetObjectByAdmin();
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(objectCategory=group)";
deSearch.SearchScope = SearchScope.Subtree;
SearchResultCollection results = deSearch.FindAll();
return results;
//search.Sort=new SortOption("name","Path","displayname","sam"
}
#endregion
#region 根据用户名获取用户的对象
/// <summary>
/// 根据用户名获取用户的对象
/// </summary>
/// <param name="commonName"></param>
/// <returns></returns>
public static DirectoryEntry GetDirectoryEntry(string commonName)
{
DirectoryEntry de = GetObjectByAdmin();
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)
(objectClass=user))(cn=" + commonName + "))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
DirectoryEntry deuser = new DirectoryEntry
(result.Path,GetConfig().AdUser, GetConfig().AdPwd);
return deuser;
}
catch (Exception e)
{
return null;
}
}
#endregion
#region 添加组织单元里的用户组
/// <summary>
/// 添加组织单元里的用户组
/// </summary>。