System.DirectoryServices.Protocol在组中添加/删除用户

时间:2011-09-12 18:17:28

标签: c# active-directory active-directory-group

我想添加从System.DirectoryServices.Protocol命名空间中的组中删除用户。

我有这里提到的样本:

link to my other question

但是找不到如何使用S.DS.P从组中添加和删除用户的示例。

是否有人知道此操作的任何样本?

谢谢,

卡尔 -

3 个答案:

答案 0 :(得分:2)

您只想在ModifyRequest属性上使用member发送DirectoryAttributeOperation.Add。您应传递的值是您要添加到组

的用户的DN

答案 1 :(得分:0)

这是将对象添加到组的示例。

    public static void AddObjectToGroup(string objectName, string groupName)
    {
        // var credential = new NetworkCredential();
        // var identifier = new LdapDirectoryIdentifier("");
        using (var connection = new LdapConnection("company.com"))
        {
            connection.SessionOptions.StartTransportLayerSecurity(null);
            connection.Bind();

            string objectDn = null;
            var request = new SearchRequest("DC=company,DC=com", $"Name={objectName}", SearchScope.Subtree, "distinguishedName");
            var response = (SearchResponse)connection.SendRequest(request);
            if (response != null)
            {
                var enumerator = response.Entries.GetEnumerator();
                enumerator.Reset();
                if (enumerator.MoveNext() && enumerator.Current is SearchResultEntry entry)
                {
                    objectDn = entry.Attributes["distinguishedName"].GetValues(typeof(string)).Select(x => (string)x).FirstOrDefault();
                }
            }
            Log.Information($"object DN: {objectDn}");

            string groupDn = null;
            request = new SearchRequest("DC=company,DC=com", $"Name={groupName}", SearchScope.Subtree, "distinguishedName"); 
            response = (SearchResponse)connection.SendRequest(request);
            if (response != null)
            {
                var enumerator = response.Entries.GetEnumerator();
                enumerator.Reset();
                if (enumerator.MoveNext() && enumerator.Current is SearchResultEntry entry)
                {
                    groupDn = entry.Attributes["distinguishedName"].GetValues(typeof(string)).Select(x => (string)x).FirstOrDefault();
                }
            }
            Log.Information($"group DN: {groupDn}");

            request = new SearchRequest("DC=company,DC=com", $"(&(objectCategory=Group)(distinguishedName={groupDn}))", SearchScope.Subtree);
            response = (SearchResponse)connection.SendRequest(request);
            if (response != null && !string.IsNullOrWhiteSpace(objectDn))
            {
                var members = response.Entries[0].Attributes["member"];

                var existing = new List<string>();
                for (int i = 0; i < members.Count; i++)
                {
                    existing.Add(members[i].ToString());
                }

                if (existing.Contains(objectDn)) return;
                
                var dam = new DirectoryAttributeModification { Name = "member" };
                dam.Add(objectDn);
                dam.Operation = DirectoryAttributeOperation.Add;

                var mr = new ModifyRequest(groupDn, dam);
                var dr = connection.SendRequest(mr);
                Log.Information($"Add Response: {dr.ResultCode.ToString()}");
            }
        }
    }

答案 2 :(得分:0)

对于那些关注的人,这里是我使用 System.DirectoryServices.AccountManagement 实际解决问题的方法

string adServer = "";
            string adServerUser = "";
            string adServerPassword = "";
            string adServerContainer = "";

            GetSettings( ref adServer, ref adServerUser, ref adServerPassword, ref adServerContainer );

            if ( ((!string.IsNullOrEmpty(adServer) && !string.IsNullOrEmpty(adServerUser)) && !string.IsNullOrEmpty(adServerPassword)) && !string.IsNullOrEmpty(adServerContainer))
            {
                try
                {
                    using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, adServer, adServerContainer, adServerUser, adServerPassword))
                    {
                        using (GroupPrincipal group = GroupPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, this.textBox_GroupAdd.Text))
                        {
                            if (group == null)
                            {
                                FlexibleMessageBox.Show("group could not be found");
                                return;
                            }
                            PrincipalSearchResult<Principal> x = group.GetMembers();
                            using (UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, this.textBox_adName.Text))
                            {
                                string userSid = string.Format("<SID={0}>", ToSidString(user));
                                DirectoryEntry groupDirectoryEntry = (DirectoryEntry) group.GetUnderlyingObject();
                                groupDirectoryEntry.Properties["member"].Add(userSid);
                                groupDirectoryEntry.CommitChanges();
                            }
                        }
                    }
                }
                catch (Exception ex)
                {
                    FlexibleMessageBox.Show(ex.ToString());
                }
                FlexibleMessageBox.Show("group add done");
            }

这里是从组中删除的内容

                    using (UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, this.textBox_adName.Text))
                    {
                        string userSid = string.Format("<SID={0}>", ToSidString(user));
                        DirectoryEntry groupDirectoryEntry = (DirectoryEntry) group.GetUnderlyingObject();
                        groupDirectoryEntry.Properties["member"].Remove(userSid);
                        groupDirectoryEntry.CommitChanges();
                    }
相关问题
最新问题