从AD组中删除用户

时间:2010-10-06 16:15:05

标签: .net asp.net active-directory ldap ldap-query

我正在尝试通过代码从Active Directory组中删除用户。得到有用的错误:

  

目标引发了异常   调用“

     

跟踪:堆栈跟踪:at   System.DirectoryServices.DirectoryEntry.Invoke(字符串   methodName,Object [] args)at   Active_Directory.RemoveUserFromGroup(字符串   sInUserName,String sInGroupName)in   C:\ Documents and Settings \ user \ My   Documents \ Visual Studio   2010 \网站已\应用程序名称\ App_Code文件\ COMMON \ Active_Directory.vb:行   192

这是我的功能:

查看Invoke Line:oGroup.Invoke(“Remove”,New Object(){oUser.Path})

Public Shared Sub RemoveUserFromGroup(ByVal sInUserName As String _
                                      , ByVal sInGroupName As String)
    Dim entry1 As DirectoryEntry
    Dim de As DirectoryEntry
    Dim deSearch As DirectorySearcher
    Dim results As SearchResult
    Dim comeon As String
    Dim oUser As DirectoryEntry
    Dim oGroup As DirectoryEntry
    Dim sr As SearchResult

    Try

        entry1 = New DirectoryEntry("LDAP://rootDSE")
        comeon = entry1.Properties("DefaultNamingContext").Item(0)
        de = New DirectoryEntry("LDAP://" & comeon)

        deSearch = New DirectorySearcher()
        deSearch.SearchRoot = de
        deSearch.Filter = "(sAMAccountName=" + sInUserName + ")"
        deSearch.PropertiesToLoad.Add("cn")
        sr = deSearch.FindOne()

        If sr Is Nothing Then
            oUser = Nothing
        Else
            oUser = sr.GetDirectoryEntry()
        End If

        deSearch.Dispose()
        deSearch = Nothing
        sr = Nothing

        If Not (oUser Is Nothing) Then

            deSearch = New DirectorySearcher()
            deSearch.SearchRoot = de
            deSearch.Filter = "(&(objectClass=group) (CN=" & sInGroupName & "))"
            deSearch.SearchScope = SearchScope.Subtree

            results = deSearch.FindOne()

            If results IsNot Nothing Then

                oGroup = results.GetDirectoryEntry()

                Try

                    oGroup.Invoke("Remove", New Object() {oUser.Path})
                    oGroup.CommitChanges()
                    oGroup.Close()

                Catch ex As Exception
                    Dim s As String
                    s = ex.ToString
                    s = ""
                End Try

            End If

            entry1.Dispose()
            de.Dispose()

            entry1 = Nothing
            de = Nothing
            deSearch = Nothing
            results = Nothing

        End If

        oUser.Close()

    Catch ex As Exception

        Dim myerror As New MyError
        myerror.showMeTheError(ex)

    End Try

End Sub

1 个答案:

答案 0 :(得分:2)

你似乎做得非常复杂 - 不必要的。

查看H owto do almost everything in Active Directory CodeProject文章 - 优秀的内容。

以下是从组中删除用户(由他的DN提供)所需的代码段(也由DN定义):

public void RemoveUserFromGroup(string userDn, string groupDn)
{
    try
    {
        DirectoryEntry dirEntry = new DirectoryEntry("LDAP://" + groupDn);
        dirEntry.Properties["member"].Remove(userDn);
        dirEntry.CommitChanges();
        dirEntry.Close();
    }
    catch (System.DirectoryServices.DirectoryServicesCOMException E)
    {
        //doSomething with E.Message.ToString();

    }
}

这对你有用吗?

相关问题
最新问题