Question

我需要通过c＃锁定AD帐户。这是我的功能

/// <summary>
/// This Methoid will Disable the User Account based on the Directory Entry Object
/// </summary>
/// <param name="oDE">The Directoy Entry Object of the Account to Disable</param>
public void LockAccount(DirectoryEntry oDE)
{
   oDE.InvokeSet("IsAccountLocked", true); 
   //oDE.Properties["userAccountControl"][0] = ADMethods.ADAccountOptions.UF_NORMAL_ACCOUNT | ADMethods.ADAccountOptions.UF_DONT_EXPIRE_PASSWD | ADMethods.ADAccountOptions.UF_ACCOUNT_LOCKOUT;
   //oDE.CommitChanges();
   //oDE.Close();
}

运行它并宣传例外：

System.Reflection.TargetInvocationException：抛出了异常通过调用的目标。 ---＆GT; System.Runtime.InteropServices.COMException：来自HRESULT的异常： 0x80005008 ---内部异常堆栈跟踪结束--- at System.DirectoryServices.DirectoryEntry.InvokeSet（String propertyName，对象[] args）

Answer 1

我认为单个未注释的行会出现错误吗？

您是否可能无权锁定用户。您在哪个帐户权限下运行？

MSDN says InvokeSet should not be used

This CodeProject link详细介绍了Active Directory，禁用帐户的具体代码如下：

public void Disable(string userDn)
{
    try
    {
        DirectoryEntry user = new DirectoryEntry(userDn);
        int val = (int)user.Properties["userAccountControl"].Value;
        user.Properties["userAccountControl"].Value = val | 0x2; 
             //ADS_UF_ACCOUNTDISABLE;

        user.CommitChanges();
        user.Close();
    }
    catch (System.DirectoryServices.DirectoryServicesCOMException E)
    {
        //DoSomethingWith --> E.Message.ToString();    
    }
}

锁定AD帐户c＃

1 个答案: