我可以获得像OU这样的OU对象。
DirectoryEntry de = new DirectoryEntry(
"LDAP://domain.com",
"DOMAIN\\Administrator",
"Password");
DirectoryEntry ouEntry = de.Children.Find("OU=my-users,DC=domain,DC=com");
但我似乎无法找到任何类或库来添加权限。我想授予“MyGroup”权限以在此OU中创建和删除对象。我可以通过选择OU并使用“安全”选项卡在ADSIEdit中手动执行此操作,但无法找到等效代码。
答案 0 :(得分:1)
试试这个
DirectoryEntry rootEntry = new DirectoryEntry("LDAP://OU=Test OU,DC=test,DC=com");
DirectorySearcher dsFindOUs = new DirectorySearcher(rootEntry);
dsFindOUs.Filter = "(objectClass=organizationalUnit)";
dsFindOUs.SearchScope = SearchScope.Subtree;
SearchResult oResults = dsFindOUs.FindOne();
DirectoryEntry myOU = oResults.GetDirectoryEntry();
System.Security.Principal.IdentityReference newOwner = new System.Security.Principal.NTAccount("YourDomain", "YourUserName").Translate(typeof(System.Security.Principal.SecurityIdentifier));
ActiveDirectoryAccessRule newRule = new ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Allow);
myOU.ObjectSecurity.SetAccessRule(newRule);
请告诉我这是否适合您。
raymund的 http://anyrest.wordpress.com