我正在尝试在Windows Active Directory中添加新用户。
我能够成功在AD中创建新用户。但是此用户在AD中添加为禁用用户,因此我想在AD中添加新用户作为已启用用户。
为此我使用下面的代码
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.InitialLdapContext;
public class Test {
final static String DOMAIN_NAME = "TEST.local";
final static String User_Context = "CN=Users,DC=TEST,DC=local";
final static String DOMAIN_URL = "ldap://192.168.1.100:389";
final static String ADMIN_NAME = "CN=Administrator,CN=Users,DC=TEST,DC=local";
final static String ADMIN_PASS = "Awesdew321";
final static String SEC_AUTH = "simple";
final static String CON_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
public static void main(String[] args) {
UserObjects userObj = new UserObjects();
userObj.sAMAccountName = "tuser01";
userObj.givenName = "Test";
userObj.sn = "User01";
userObj.password = "Terdar123";
userObj.organisationUnit = "";
try {
addUser(userObj);
} catch (NamingException e) {
}
}
public static boolean addUser(UserObjects userObj) throws NamingException {
int UF_NORMAL_ACCOUNT = 0x0200;
InitialLdapContext context = null;
Hashtable<String, String> env = new Hashtable<String, String>();
try {
env.put(Context.INITIAL_CONTEXT_FACTORY, CON_FACTORY);
env.put(Context.SECURITY_AUTHENTICATION, SEC_AUTH);
env.put(Context.SECURITY_PRINCIPAL, ADMIN_NAME);
env.put(Context.SECURITY_CREDENTIALS, ADMIN_PASS);
env.put(Context.PROVIDER_URL, DOMAIN_URL);
context = new InitialLdapContext(env, null);
Attribute objClasses = new BasicAttribute("objectClass");
objClasses.add("top");
objClasses.add("person");
objClasses.add("organizationalPerson");
objClasses.add("user");
String cnValue = new StringBuffer(userObj.givenName).append(" ").append(userObj.sn).toString();
Attribute cn = new BasicAttribute("cn", cnValue);
Attribute sAMAccountName = new BasicAttribute("sAMAccountName", userObj.sAMAccountName);
Attribute principalName = new BasicAttribute("userPrincipalName",
userObj.sAMAccountName + "@" + DOMAIN_NAME);
Attribute givenName = new BasicAttribute("givenName", userObj.givenName);
Attribute sn = new BasicAttribute("sn", userObj.sn);
Attribute uid = new BasicAttribute("uid", userObj.sAMAccountName);
Attribute userAccountControl = new BasicAttribute("userAccountControl",
Integer.toString(UF_NORMAL_ACCOUNT));
Attribute userPassword = new BasicAttribute("userpassword", userObj.password);
Attributes container = new BasicAttributes();
container.put(objClasses);
container.put(sAMAccountName);
container.put(principalName);
container.put(cn);
container.put(sn);
container.put(givenName);
container.put(uid);
container.put(userAccountControl);
container.put(userPassword);
String userDN = "cn=" + cnValue + "," + User_Context;
context.createSubcontext(userDN, container);
return true;
} catch (Exception e) {
return false;
}
}
}
当我运行它时,它会给我以下错误:
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
remaining name 'cn=Test User01,CN=Users,DC=TEST,DC=local'
我正在使用Java(jdk1.8.0_60)和Windows Active Directory。
答案 0 :(得分:0)
通常,当您使用创建用户帐户时,新帐户将被禁用,除非发生以下任何一种情况,否则无法启用该帐户:
如果在创建用户后设置密码和UF_NORMAL_ACCOUNT似乎最有效。
-Jim