我想在Active Directory的OU上提供访问权限。我已经完成了以下部分操作,删除了OU的所有访问权限。代码如下:
DirectoryEntry rootEntry = new DirectoryEntry("LDAP://OU=Test OU,DC=test,DC=com");
DirectorySearcher dsFindOUs = new DirectorySearcher(rootEntry);
dsFindOUs.Filter = "(objectClass=organizationalUnit)";
dsFindOUs.SearchScope = SearchScope.Subtree;
SearchResult oResults = dsFindOUs.FindOne();
DirectoryEntry myOU = oResults.GetDirectoryEntry();
System.Security.Principal.IdentityReference newOwner = new System.Security.Principal.NTAccount("YourDomain", "YourUserName").Translate(typeof(System.Security.Principal.SecurityIdentifier));
ActiveDirectoryAccessRule newRule = new ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.deny);
myOU.ObjectSecurity.SetAccessRule(newRule); myOU.Commitchanges();
现在的问题是,如果我从AD OU中删除所有权限,那么我如何再次授予权限(再次恢复权限)。我尝试使用System.Security.AccessControl.AccessControlType.Allow for newRule。但由于OU没有权限,因此会抛出异常:
SearchResult oResults = dsFindOUs.FindOne();
DirectoryEntry myOU = oResults.GetDirectoryEntry();
如何在C#中再次向perticualr OU授予权限。
ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Deny);
但问题是我已经删除了所有通用权限,当我尝试再次搜索OU时,它将无法再找到它。所以我不能再次应用建议的逻辑。 你可以尝试:)。 给我一些方法,我如何再次访问OU。
答案 0 :(得分:0)
只需更换此行:
ActiveDirectoryAccessRule newRule = new ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Deny);
用这个:
ActiveDirectoryAccessRule newRule = new ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Allow);
P.S。 :请将问题中的代码行格式化为代码。