密码更改Active Directory用户时出错

时间:2012-04-17 22:16:36

标签: c# active-directory

您好我正在尝试重置Active Directory用户的密码但我收到错误,以下是我的代码:

    public string ChangePassword(string Identity,string OldPassword, string Password)
 {
      string success = "Success";
      try
      {


          DirectoryEntry UserEntry = null;
          DirectoryEntry entry = new DirectoryEntry("LDAP://.../DC=Domain,DC=COM", Identity, OldPassword);

          DirectorySearcher search = new DirectorySearcher(entry);
          SearchResult resultsearch = search.FindOne();
          if (resultsearch == null)
          {
              success = "User Not Found In This Domain";
          }
          else
          {

              success = "find";
              UserEntry = resultsearch.GetDirectoryEntry();
              UserEntry.Username = @"Domain\Administrator";
              UserEntry.Password = "password";
              UserEntry.AuthenticationType = AuthenticationTypes.None;

              if (UserEntry == null)
                  success = "User Not Found In This Domain";
              else
              {
                  try
                  {
                      success = UserEntry.Username.ToString();


    UserEntry.Invoke("ChangePassword", new object[] { OldPassword, Password });
                      UserEntry.CommitChanges();

                  }
                  catch (Exception ex)
                  {
                      success = ex.ToString();
                  }
              }
          }
      }
      catch (Exception ex)
      {
          success = ex.ToString();
      }

所以我在 UserEntry.Invoke(“ChangePassword”,new object [] {OldPassword,Password})中收到错误;                           UserEntry.CommitChanges();

错误:

        System.Runtime.InteropServices.COMException (0x80020006): Unknown name.           (Exception from HRESULT: 0x80020006 (DISP_E_UNKNOWNNAME))
        at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args)
        at WebService.ChangePassword(String Identity, String OldPassword, String Password) in c:\inetpub\wwwroot\WebSite1\App_Code\WebService.cs:line 370

2 个答案:

答案 0 :(得分:1)

如果您使用的是.NET Framework 3.5或更高版本,则以下代码将解决此问题。类定义被省略。

using System.DirectoryServices.AccountManagement;

public static string ChangePassword(string adminUser, string adminPassword,
    string domain, string container, string userName, string newPassword)
{
    try
    {
        PrincipalContext principalContext = 
            new PrincipalContext(ContextType.Domain, domain, container, 
                adminUser, adminPassword);
        UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, userName);
        if (user == null) return "User Not Found In This Domain";

        user.SetPassword(newPassword);
        return user.Name;
    }
    catch (Exception ex)
    {
        return ex.Message;
    }
}

用法:

ChangePassword(@"DOMAIN\Administrator", "password", "DOMAIN",
  "DC=Domain,DC=COM", userName, newPassword);

编辑:添加了.NET 2.0框架的版本。

.NET 2.0的更改密码方法:

public static string ChangePassword20(string adminUser, string adminPassword,
    string container, string domainController, string userName, string newPassword)
{
    const AuthenticationTypes authenticationTypes = AuthenticationTypes.Secure |
        AuthenticationTypes.Sealing | AuthenticationTypes.ServerBind;

    DirectoryEntry searchRoot = null;
    DirectorySearcher searcher = null;
    DirectoryEntry userEntry = null;

    try
    {
        searchRoot = new DirectoryEntry(String.Format("LDAP://{0}/{1}", 
            domainController, container), 
            adminUser, adminPassword, authenticationTypes);

        searcher = new DirectorySearcher(searchRoot);
        searcher.Filter = String.Format("sAMAccountName={0}", userName);
        searcher.SearchScope = SearchScope.Subtree;
        searcher.CacheResults = false;

        SearchResult searchResult = searcher.FindOne(); ;
        if (searchResult == null) return "User Not Found In This Domain";

        userEntry = searchResult.GetDirectoryEntry();

        userEntry.Invoke("SetPassword", new object[] { newPassword });
        userEntry.CommitChanges();

        return "New password set";
    }
    catch (Exception ex)
    {
        return ex.ToString();
    }
    finally
    {
        if (userEntry != null) userEntry.Dispose();
        if (searcher != null) searcher.Dispose();
        if (searchRoot != null) searchRoot.Dispose();
    }
}

用法:

ChangePassword20(@"DOMAIN\Administrator", "password", "DC=Domain,DC=COM",
    "domainControllerName", "userName", "newPassword");

答案 1 :(得分:0)

少数事情:

  • 您不应在UserEntry上设置用户名,密码或AuthN类型。
  • 您的成功= UserEntry.Username...应为obj foo = UserEntry.NativeObject;。如果通过,则您有一个有效的DE。
  • 您无需在此处致电CommitChanges()
  • 您可以在用户的​​上下文中调用ChangePassword,而不是管理员。这将正确地通过GetDirectoryEntry()电话。