Question

当我尝试创建新用户时，我一直收到此错误。

这是我的代码中的一部分，它给了我错误：

Public Function CreateAdAccount(ByVal sUserName As String, ByVal sPassword As String, ByVal sFirstName As String, ByVal sLastName As String, ByVal sGroupName As String) As Boolean
   Dim bResult As Boolean = True
   Dim dirEntry As New DirectoryEntry(ADFullPath)

   SetCultureAndIdentity()

   ' 1. Create user account
   Dim adUsers As DirectoryEntries
   Dim newUser As DirectoryEntry

   If Not UserExists(sUserName) Then
      Try
         adUsers = dirEntry.Children
         newUser = adUsers.Add("CN=" & sUserName, "user")

         ' 2. Set properties
         SetProperty(newUser, "givenname", sFirstName)
         SetProperty(newUser, "sn", sLastName)
         SetProperty(newUser, "SAMAccountName", sUserName)
         SetProperty(newUser, "userPrincipalName", sUserName)
         SetProperty(newUser, "displayName", sFirstName & " " & sLastName)

         Try
            newUser.CommitChanges()
         Catch ex As Exception
            Err.Raise(4938, "clsSource", ex.Message)
         End Try

此行发生错误：newUser.CommitChanges()

我似乎无法弄清楚为什么它一直在破碎。我尝试以管理员身份登录AD并创建新用户。它工作得很好......

Answer 1

如果您使用 .NET 3.5 及以上，则应查看System.DirectoryServices.AccountManagement（S.DS.AM）命名空间。在这里阅读所有相关内容：

Managing Directory Security Principals in the .NET Framework 3.5

基本上，您可以定义域上下文并轻松创建新用户：

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// create a new user
UserPrincipal newUser = new UserPrincipal(ctx);

// define properties
newUser.GivenName = sFirstName;
newUser.Surname = sLastName;
newUser.SamAccountName = sUserName;
newUser.UserPrincipalName = sUserName;
newUser.DisplayName = sFirstName + " " + sLastName;

// save changes
newUser.Save();

我不确定您在sUserName中拥有的内容 - 但.UserPrincipalName属性应始终类似于someuser@somedomain.com - 您的用户名是否包含此类值？如果不是 - 也许尝试使用那种用户主体名称的表示法。

新的S.DS.AM使得在AD中使用用户和群组变得非常容易：

.NET和Active Directory - System.Exception：一般访问被拒绝错误

1 个答案: