在VB.Net中将用户添加到AD组(2008)

时间:2016-03-15 20:57:20

标签: vb.net active-directory ldap

我需要使用VB将用户添加到Active Directory。除了将用户分配到组之外,我发现(主要)工作的代码。我很确定代码是有效的,我只是不知道要传递给它的组的格式。

给定代码(下面)和我的AD结构的图像(在下面),传递给例程的GroupName的结构是什么,以将用户添加到组“Level1 / All Users / Level 2 / AK “?

TIA 

Public Shared Sub AddUserToGroup(ByVal de As DirectoryEntry, ByVal deUser As DirectoryEntry, ByVal GroupName As String)
Dim deSearch As DirectorySearcher = New DirectorySearcher()
deSearch.SearchRoot = de
deSearch.Filter = "(&(objectClass=group) (cn=" & GroupName & "))"
Dim results As SearchResultCollection = deSearch.FindAll()
Dim isGroupMember As Boolean = False
If results.Count > 0 Then
    Dim group As New DirectoryEntry(results(0).Path)
    Dim members As Object = group.Invoke("Members", Nothing)
    For Each member As Object In CType(members, IEnumerable)
        Dim x As DirectoryEntry = New DirectoryEntry(member)
        Dim name As String = x.Name
        If name <> deUser.Name Then
            isGroupMember = False
        Else
            isGroupMember = True
            Exit For
        End If
    Next member
    If (Not isGroupMember) Then
        group.Invoke("Add", New Object() {deUser.Path.ToString()})
    End If
    group.Close()
End If
Return

End Sub

enter image description here

1 个答案:

答案 0 :(得分:1)

根据您的评论意见,我为您设置了Sub

你没有澄清Level2以下的级别,所以我只是称之为Level3

此功能已启用用户作为已禁用的用户无用...

<强>参考文献: 

Imports System.DirectoryServices

使用方法: 

CreateUser("Doe", "John")

方式: 

Public Sub CreateUser(ByVal givenname As String, ByVal surname As String)

    Dim dom As New DirectoryEntry()
    Dim ou As DirectoryEntry = dom.Children.Find("OU=All Users")
    Dim ou2 As DirectoryEntry = ou.Children.Find("OU=Level2")
    Dim ou3 As DirectoryEntry = ou2.Children.Find("OU=Level3")

    Dim firstLetter As String = givenname.Substring(0, 1)
    Dim ou4 As DirectoryEntry

    If firstLetter Like "*[A-K]*" Then
        ou4 = ou3.Children.Find("OU=A-K")
    Else
        ou4 = ou3.Children.Find("OU=L-Z")
    End If

    Dim ADuser As DirectoryEntry = ou4.Children.Add("CN=" & givenname & "\, " & surname, "user")

    ADuser.CommitChanges()

    'The User is now created. Most people forget to enable their users so I'll put it in here too 

    'UF_DONT_EXPIRE_PASSWD 0x10000
    Dim exp As Integer = CInt(ADuser.Properties("userAccountControl").Value)
    ADuser.Properties("userAccountControl").Value = exp Or &H1
    ADuser.CommitChanges()
    'UF_ACCOUNTDISABLE 0x0002
    Dim val As Integer = CInt(ADuser.Properties("userAccountControl").Value)
    ADuser.Properties("userAccountControl").Value = val And Not &H2
    ADuser.CommitChanges()


End Sub

请参阅this帖子中的答案,了解与AD和LDAP交互的基本知识。

相关问题
最新问题