我需要知道帐户是否:
• Enabled/Disabled
• Locked/Unlocked
• Password expires / never expires
• Password can be changed / can’t be changed
• Password required / No password required
从哪个值可以知道该帐户是上述之一?
答案 0 :(得分:2)
此字段是位掩码。您可以查看https://msdn.microsoft.com/en-us/library/aa772300(v=vs.85).aspx以查看各个字段。
答案 1 :(得分:1)
userAccountControl是Active Directory中包含这些位值的字段。您可以使用LDAP查询使用Brian在我之前的响应中找到的值来查找满足该字段所需条件的帐户。以下是检查指定用户是否已禁用的示例。
public bool checkDisabled(string domainFQDN, string alias)
{
bool disabled = false;
try
{
using (DirectoryEntry domainDE = new DirectoryEntry("LDAP://" + domainFQDN, "domain\\cn", "password", AuthenticationTypes.Secure))
{
using (DirectorySearcher searcher = new DirectorySearcher(domainDE))
{
searcher.Filter = String.Format("(&(objectClass=user)(cn={0})(userAccountControl:1.2.840.113556.1.4.803:=2))", alias);
disabled = (searcher.FindOne() != null);
}
}
}
catch (Exception ex)
{
EventLog.WriteEntry("source name", MethodBase.GetCurrentMethod().DeclaringType + "." + MethodBase.GetCurrentMethod().Name + "\r\n\r\nUnable to get user's token groups for domain: " + domainFQDN + " user: " + alias + "\r\n\r\n" + ex.Message, EventLogEntryType.Error);
}
return disabled;
}