我使用下面的代码创建一个新的活动目录用户。该帐户已成功创建,但当我尝试登录我的域时,我收到消息"确保您输入了您的工作或学校帐户的密码"。我确保正确输入了密码,并且在活动目录中启用并解锁了帐户。
DirectoryEntry entry = new DirectoryEntry(createLdapPath);
try
{
DirectoryEntry newUser = entry.Children.Add("CN = " + userName, "USER");
newUser.Properties["targetAddress"].Value = "SMTP:" + userName + "@mydomain.onmicrosoft.com";
newUser.Properties["extensionAttribute15"].Value = "EDU";
newUser.Properties["proxyAddresses"].Add("SMTP:" + userName + "@mydomain1.edu");
newUser.Properties["proxyAddresses"].Add("smtp:" + userName + "@mydomain.onmicrosoft.com");
newUser.Properties["proxyAddresses"].Add("smtp:" + userName + "@mydomain2.mail.onmicrosoft.com");
newUser.Properties["givenName"].Value = fname;
newUser.Properties["sn"].Value = lname;
newUser.Properties["displayName"].Value = fname + " " + lname;
newUser.Properties["mail"].Value = fname.ToLower() + "." + lname.ToLower() + "@mydomain.edu";
newUser.Properties["sAMAccountName"].Value = fname.ToLower() + "." + lname.ToLower();
newUser.Properties["userPrincipalName"].Insert(0, fname.ToLower() + "." + lname.ToLower() + "@mydomain.edu");
newUser.CommitChanges();
newUser.Invoke("SetPassword", new object[] { "myStrongPassword" });
newUser.CommitChanges();
newUser.Close();
string strUserName = userName;
DirectoryEntry usr = entry;
DirectorySearcher searcher = new DirectorySearcher(usr);
searcher.Filter = "(SAMAccountName=" + strUserName + ")";
searcher.CacheResults = false;
SearchResult result = searcher.FindOne();
usr = result.GetDirectoryEntry();
usr.Properties["LockOutTime"].Value = 0;
int old_UAC = (int)usr.Properties["userAccountControl"][0];
// AD user account disable flag
int ADS_UF_ACCOUNTDISABLE = 2;
// To enable an ad user account, we need to clear the disable bit/flag:
usr.Properties["userAccountControl"][0] = (old_UAC & ~ADS_UF_ACCOUNTDISABLE);
usr.CommitChanges();
usr.Close();
entry.Close();
}
catch (Exception ex)
{}
我只能在我打开" Active Directory用户和计算机"并导航到我新创建的帐户 - >右键单击 - >重设密码。然后再次输入密码,并检查"解锁用户"。这样当我尝试再次登录时,它工作正常。
我的代码中可能遗漏或错误的是什么?
答案 0 :(得分:1)
您不需要关闭'newUser'对象并重新绑定。以下是我在生产环境中运行的代码:
//Create user
newUser.CommitChanges();
newUser.Invoke("SetPassword", password);
newUser.Properties["userAccountControl"].Value = 512;
newUser.CommitChanges();
newUser.Close();
“(old_UAC& ~ADS_UF_ACCOUNTDISABLE)”也可能不是512(ADS_UF_NORMAL_ACCOUNT)。
答案 1 :(得分:1)
事实证明Active Directory已同步尚未运行Office 365,这就是我无法使用该用户帐户登录的原因。我可以通过运行任务计划程序Active Directory同步任务手动同步。