如何在C#中使用LDAP在Active Directory中添加新组

时间:2013-04-23 14:17:15

标签: c#-4.0 active-directory ldap

我有使用LDAP和C#在Active Directory中创建新组的方案。

请提供建议

4 个答案:

答案 0 :(得分:9)

关于CodeProject的这篇文章是一个非常好的起点:

Howto: (Almost) Everything In Active Directory via C#

要创建群组,您需要:

  • 绑定到要在
    • 中创建组的容器
  • 创建组并定义一些属性

代码:

public void Create(string ouPath, string name)
{
    if (!DirectoryEntry.Exists("LDAP://CN=" + name + "," + ouPath))
    {
        try
        {
            // bind to the container, e.g. LDAP://cn=Users,dc=...
            DirectoryEntry entry = new DirectoryEntry("LDAP://" + ouPath);

            // create group entry
            DirectoryEntry group = entry.Children.Add("CN=" + name, "group");

            // set properties
            group.Properties["sAmAccountName"].Value = name;

            // save group
            group.CommitChanges();
        }
        catch (Exception e)
        {
            Console.WriteLine(e.Message.ToString());
        }
    }
    else { Console.WriteLine(path + " already exists"); }
}

答案 1 :(得分:5)

有关设置组范围和组类型的一些附加信息,枚举是:

public enum GroupType : uint
{
    GLOBAL       = 0x2,
    DOMAIN_LOCAL = 0x4,
    UNIVERSAL    = 0x8,
    SECURITY     = 0x80000000
}

SECURITY(从ADS_GROUP_TYPE_SECURITY_ENABLED缩写)与前3个枚举相结合,为您提供了6个可能的选项,没有它,组将成为分发组。

将值设置为int,其中安全标志为负数,因此需要使用unchecked()。 或者,您可以为组合值创建枚举。

GLOBAL       | SECURITY = 0x80000002 = -2147483646
DOMAIN_LOCAL | SECURITY = 0x80000004 = -2147483644
UNIVERSAL    | SECURITY = 0x80000008 = -2147483640

该值存储在'groupType'属性中:

var groupType = unchecked((int)(GroupType.UNIVERSAL | GroupType.SECURITY));
group.Properties["groupType"].Value = groupType;
group.CommitChanges();

答案 2 :(得分:0)

请看一下这个链接:http://msdn.microsoft.com/en-us/library/ms180903(v=vs.80).aspx

我认为您可能正在寻找这部分代码:

// Bind to the domain that this user is currently connected to.
DirectoryEntry dom = new DirectoryEntry();

// Find the container (in this case, the Consulting organizational unit) that you 
// wish to add the new group to.
DirectoryEntry ou = dom.Children.Find("OU=Consulting");

// Add the new group Practice Managers.
DirectoryEntry group = ou.Children.Add("CN=Practice Managers", "group");

// Set the samAccountName for the new group.
group.Properties["samAccountName"].Value = "pracmans";

// Commit the new group to the directory.
group.CommitChanges();

答案 3 :(得分:0)

我刚刚解决了.NET Core 2.0应用程序的问题-这是针对使用.NET Core 2.0+的用户的更新解决方案。

这利用了NuGet软件包System.DirectoryServices.Protocols

try
{
    string adminUsername = "myAdminUser";
    string namingContext = "CN=Test123,DC=MyCompany,DC=com";
    string hostNameAndSSLPort = "192.168.123.123:636";
    string adminuser = $"CN={adminUsername},{namingContext}";
    string adminpass = "password";

    using (LdapConnection connection = new LdapConnection(hostNameAndSSLPort))
    {
        LdapSessionOptions options = connection.SessionOptions;
        options.ProtocolVersion = 3;
        options.SecureSocketLayer = true;

        connection.AuthType = AuthType.Basic;

        NetworkCredential credential = new NetworkCredential(adminuser, adminpass);
        connection.Credential = credential;
        connection.Bind();

        string rolesContext = $"CN=Roles,{namingContext}";
        string nameOfNewGroup = "MyGroup";
        string groupDN = $"CN={nameOfNewGroup},{rolesContext}";
        string dirClassType = "group";

        AddRequest addRequest = new AddRequest(groupDN, dirClassType);
        AddResponse addResponse = (AddResponse)connection.SendRequest(addRequest);
        Console.WriteLine($"A {dirClassType} with a dn of\n {groupDN} was added successfully. The server response was {addResponse.ResultCode}");
    }
}
catch (Exception e)
{
    Console.WriteLine(e.ToString());
}

this sample project provided by Microsoft中也有很多很棒的代码示例。

相关问题
最新问题