安裝AD
1.開始-運作-dcpromo 詳情參見 http://www.docin.com/p-191729140.html
操作AD
ActiveDirectoryService.cs
public class ActiveDirectoryService
{
public static DirectoryEntry CreateNewDirectoryEntry(string ldapPath)
{
DirectoryEntry de = new DirectoryEntry(ldapPath);
return de;
}
/// 類似
/// DomainName = "LDAP://devlab.com/DC=devlab,DC=com"
/// AdminUser = "cmpadmin"
/// AdminPwd = "[email protected]"
/// <summary>
/// 擷取 AD 位址
/// </summary>
/// <param name="path">位址</param>
/// <returns></returns>
public static DirectoryEntry GetPath()
{
string path = GetDomainPath();
DirectoryEntry de = CreateNewDirectoryEntry(path);
return de;
}
/// <summary>
/// 擷取 AD 使用者
/// </summary>
/// <param name="account">使用者</param>
/// <param name="path">位址</param>
/// <returns></returns>
public static DirectoryEntry GetUser(string account)
{
string path = GetDomainPath();
DirectoryEntry de = CreateNewDirectoryEntry(path);
DirectorySearcher ds = new DirectorySearcher();
ds.SearchRoot = de;
ds.Filter = "(&(objectClass=user)(cn=" + account + "))";
ds.SearchScope = SearchScope.Subtree;
SearchResult result = ds.FindOne();
if (result != null)
{
return CreateNewDirectoryEntry(result.Path);
}
else
{
return null;
}
}
/// <summary>
/// 擷取OU
/// </summary>
/// <param name="this.ADConfiguration.LDAP"></param>
/// <param name="this.ADConfiguration.ADUserName"></param>
/// <param name="this.ADConfiguration.ADPassword"></param>
/// <param name="ou"></param>
/// <returns></returns>
public static DirectoryEntry GetOU(string ou)
{
DirectoryEntry de = GetPath();
DirectorySearcher ds = new DirectorySearcher();
ds.SearchRoot = de;
ds.Filter = "(&(objectClass=organizationalUnit)(ou=" + ou + "))";
ds.SearchScope = SearchScope.Subtree;
SearchResult result = ds.FindOne();
if (result != null)
{
return CreateNewDirectoryEntry(result.Path);
}
else
{
return null;
}
}
#region OU
/// <summary>
/// 建立OU
/// </summary>
/// <param name="account"ou名稱</param>
/// <param name="displayName">顯示名稱</param>
/// <param name="domainname">url</param>
public static void CreateOU(string ou, string displayName, string domainname)
{
if (GetOU(ou) == null)//擷取OU
{
DirectoryEntry direE = GetPath();
if (direE == null) return;
DirectoryEntry de = direE.Children.Add("OU=" + ou, "organizationalUnit");
de.Properties[ActiveDirectoryAttributes.Name].Add(ou);
de.Properties[ActiveDirectoryAttributes.DisplayName].Add(displayName);
de.Properties[ActiveDirectoryAttributes.Url].Add(domainname);
de.CommitChanges();
de.Close();
direE.Close();
}
}
/// <summary>
/// 修改OU使用者
/// </summary>
/// <param name="ou"></param>
public static void UpdateOU(string ou, string displayname)
{
DirectoryEntry de = GetOU(ou);
if (de != null)
{
de.Properties[ActiveDirectoryAttributes.DisplayName].Value = displayname;//修改顯示名稱
de.CommitChanges();
de.Close();
}
}
/// <summary>
/// 删除OU使用者
/// </summary>
/// <param name="ou"></param>
public static void DeleteOU(string ou)
{
DirectoryEntry de = GetOU(ou); //擷取OU
if (de != null)
{
de.Parent.Children.Remove(de);
de.CommitChanges();
de.Close();
}
}
#endregion
#region AD
/// <summary>
/// 建立 AD
/// </summary>
/// <param name="ou">OU名稱</param>
/// <param name="account">使用者名</param>
/// <param name="userPwd">密碼</param>
/// <param name="displaName">顯示名稱</param>
/// <param name="company">公司</param>
/// <param name="department">部門</param>
/// <param name="title">職務</param>
/// <param name="phone">電話</param>
/// <param name="mobile">手機号碼</param>
/// <param name="address">位址</param>
/// <param name="upn">UPN</param>
public static void CreateUser(string ou, string account, string userPwd, string displaName, string company, string department, string title, string phone, string mobile, string address, string upn)
{
if (GetUser(account) == null)//擷取AD使用者
{
DirectoryEntry direE = GetOU(ou);
if (direE == null) return;
DirectoryEntry de = direE.Children.Add("CN=" + account, "user");
de.Properties[ActiveDirectoryAttributes.Name].Add(account);
de.CommitChanges();
//設定密碼
de.Invoke(ActiveDirectoryAttributes.SetPassword, new object[] { userPwd });//SetPassword
de.Properties[ActiveDirectoryAttributes.UserAccountControl][0] = AccountOptions.ADS_UF_NORMAL_ACCOUNT;
de.CommitChanges();
de.Properties[ActiveDirectoryAttributes.UserPrincipalName].Add(upn);
de.CommitChanges();
//顯示名稱
if (!RegexLib.IsNullOrEmpty(displaName)) de.Properties[ActiveDirectoryAttributes.DisplayName].Add(displaName);
//公司
if (!RegexLib.IsNullOrEmpty(company)) de.Properties[ActiveDirectoryAttributes.Company].Add(company);
//部門
if (!RegexLib.IsNullOrEmpty(department)) de.Properties[ActiveDirectoryAttributes.Department].Add(department);
//職務
if (!RegexLib.IsNullOrEmpty(title)) de.Properties[ActiveDirectoryAttributes.Title].Add(title);
//電話
if (!RegexLib.IsNullOrEmpty(phone)) de.Properties[ActiveDirectoryAttributes.TelephoneNumber].Add(phone);
//手機
if (!RegexLib.IsNullOrEmpty(mobile)) de.Properties[ActiveDirectoryAttributes.Mobile].Add(mobile);
//位址
if (!RegexLib.IsNullOrEmpty(address)) de.Properties[ActiveDirectoryAttributes.StreetAddress].Add(address);
de.CommitChanges();
de.Close();
direE.Close();
}
}
/// <summary>
/// 修改密碼
/// </summary>
/// <param name="account"></param>
/// <param name="userOldPwd"></param>
public static void UpdatePwd(string ou, string account, string userOldPwd, string userNewPwd)
{
DirectoryEntry de = GetUser(account); //擷取使用者
if (de != null)
{
var pwd = new object[] { userOldPwd, userNewPwd };
de.Invoke(ActiveDirectoryAttributes.ChangePassword, new Object[] { userOldPwd, userNewPwd });//ChangePassword
de.Properties[ActiveDirectoryAttributes.UserAccountControl][0] = AccountOptions.ADS_UF_NORMAL_ACCOUNT;
//普通使用者的預設帳号類型。即激活狀态标志。
de.CommitChanges();
de.Close();
}
}
/// <summary>
/// 删除AD
/// </summary>
/// <param name="account"></param>
public static void DeleteUser(string account)
{
DirectoryEntry de = GetUser(account); //擷取使用者
if (de != null)
{
de.Parent.Children.Remove(de);
de.CommitChanges();
de.Close();
}
}
/// <summary>
/// 激活
/// </summary>
/// <param name="account">使用者名</param>
/// <param name="enable">激活、禁用</param>
public static void EnableUser(string account, bool enable)
{
DirectoryEntry de = GetUser(account); //擷取使用者
if (de != null)
{
if (enable)
{
de.Properties[ActiveDirectoryAttributes.UserAccountControl][0] = AccountOptions.ADS_UF_NORMAL_ACCOUNT;
}
else
{
de.Properties[ActiveDirectoryAttributes.UserAccountControl][0] = AccountOptions.ADS_UF_ACCOUNTDISABLE;
}
de.CommitChanges();
de.Close();
}
}
/// <summary>
/// 禁用User
/// </summary>
/// <param name="account"></param>
public static void DisableUser(string account)
{
DirectoryEntry de = GetUser(account); //擷取使用者
if (de != null)
{
de.Properties[ActiveDirectoryAttributes.UserAccountControl][0] = AccountOptions.ADS_UF_ACCOUNTDISABLE;
de.CommitChanges();
de.Close();
}
}
/// <summary>
/// 設定密碼
/// </summary>
/// <param name="ou"></param>
/// <param name="account"></param>
/// <param name="userNewPwd"></param>
public static void SetUserPwd(string ou, string account, string userNewPwd)
{
DirectoryEntry de = GetUser(account); //擷取使用者
if (de != null)
{
var pwd = new object[] { userNewPwd };
de.Invoke(ActiveDirectoryAttributes.SetPassword, pwd);//ChangePassword
de.Properties[ActiveDirectoryAttributes.UserAccountControl].Value = AccountOptions.ADS_UF_NORMAL_ACCOUNT;
//普通使用者的預設帳号類型。即激活狀态标志。
de.CommitChanges();
de.Close();
}
}
/// <summary>
/// 更新AD
/// </summary>
/// <param name="ou">OU名稱</param>
/// <param name="account">使用者名</param>
/// <param name="displaName">顯示名稱</param>
/// <param name="company">公司</param>
/// <param name="department">部門</param>
/// <param name="title">職務</param>
/// <param name="phone">電話</param>
/// <param name="mobile">手機号碼</param>
/// <param name="address">位址</param>
public static void UpdateUser(string ou, string account, string displaName, string company, string department, string title, string phone, string mobile, string address)
{
DirectoryEntry de = GetUser(account);
if (de != null)
{
//顯示名稱
de.Properties[ActiveDirectoryAttributes.DisplayName].Value = displaName;
//公司
de.Properties[ActiveDirectoryAttributes.Company].Value = company;
//部門
de.Properties[ActiveDirectoryAttributes.Department].Value = department;
//職務
de.Properties[ActiveDirectoryAttributes.Title].Value = title;
//電話
de.Properties[ActiveDirectoryAttributes.TelephoneNumber].Value = phone;
//手機
de.Properties[ActiveDirectoryAttributes.Mobile].Value = mobile;
//位址
de.Properties[ActiveDirectoryAttributes.StreetAddress].Value = address;
de.CommitChanges();
de.Close();
}
}
#endregion
#region UPN
public static void InsertNewUPN(string upn)
{
// string partitionsPath = "LDAP://CN=Partitions,CN=Configuration,DC=wx,DC=local";
string partitionsPath = GetUpnLdapPath();
DirectoryEntry partitionsContainer = CreateNewDirectoryEntry(partitionsPath);
partitionsContainer.Properties["upnSuffixes"].Add(upn);
partitionsContainer.CommitChanges();
}
public static List<string> RetrieveUPNs()
{
string partitionsPath = GetUpnLdapPath();
DirectoryEntry partitionsContainer = CreateNewDirectoryEntry(partitionsPath);
DirectorySearcher mySearcher = new DirectorySearcher(partitionsContainer);
mySearcher.PropertiesToLoad.Add("uPNSuffixes");
List<string> result = new List<string>();
foreach (SearchResult searchResults in mySearcher.FindAll())
{
foreach (string propertyName in searchResults.Properties.PropertyNames)
{
if (propertyName == "upnsuffixes")
{
foreach (Object retEntry in searchResults.Properties[propertyName])
{
result.Add(retEntry.ToString());
}
}
}
}
return result;
}
#endregion
public static string GetDomainPath()
{
string str = DomainConfiguration.DomainPath;
string[] dc = str.Split('.');
string ldap = "LDAP://" + "OU=" + DomainConfiguration.TopOU + ",";
for (int i = 0; i < dc.Length; i++)
{
if (i == (dc.Length - 1))
{
ldap = ldap + "DC=" + dc[i];
}
else
{
ldap = ldap + "DC=" + dc[i] + ",";
}
}
return ldap;
}
public static string GetUpnLdapPath()
{
string str = DomainConfiguration.DomainPath;
string[] dc = str.Split('.');
string ldap = "LDAP://CN=Partitions,CN=Configuration,";
for (int i = 0; i < dc.Length; i++)
{
if (i == (dc.Length - 1))
{
ldap = ldap + "DC=" + dc[i];
}
else
{
ldap = ldap + "DC=" + dc[i] + ",";
}
}
return ldap;
}
}
AccountOptions.cs
public enum AccountOptions
{
/// <summary>
/// 登入腳本标志。如果通過 ADSI LDAP 進行讀或寫操作時,該标志失效。如果通過 ADSI WINNT,該标志為隻讀。
/// </summary>
ADS_UF_SCRIPT = 0X0001,
/// <summary>
/// 使用者帳号禁用标志
/// </summary>
ADS_UF_ACCOUNTDISABLE = 0X0002,
/// <summary>
/// 主檔案夾标志
/// </summary>
ADS_UF_HOMEDIR_REQUIRED = 0X0008,
/// <summary>
/// 過期标志
/// </summary>
ADS_UF_LOCKOUT = 0X0010,
/// <summary>
/// 使用者密碼不是必須的
/// </summary>
ADS_UF_PASSWD_NOTREQD = 0X0020,
/// <summary>
/// 密碼不能更改标志
/// </summary>
ADS_UF_PASSWD_CANT_CHANGE = 0X0040,
/// <summary>
/// 使用可逆的加密儲存密碼
/// </summary>
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,
/// <summary>
/// 本地帳号标志
/// </summary>
ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,
/// <summary>
/// 普通使用者的預設帳号類型。即激活狀态标志。
/// </summary>
ADS_UF_NORMAL_ACCOUNT = 0X0200,
/// <summary>
/// 跨域的信任帳号标志
/// </summary>
ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,
/// <summary>
/// 工作站信任帳号标志
/// </summary>
ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,
/// <summary>
/// 伺服器信任帳号标志
/// </summary>
ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,
/// <summary>
/// 密碼永不過期标志
/// </summary>
ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,
/// <summary>
/// MNS 帳号标志
/// </summary>
ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,
/// <summary>
/// 互動式登入必須使用智能卡
/// </summary>
ADS_UF_SMARTCARD_REQUIRED = 0X40000,
/// <summary>
/// 當設定該标志時,服務帳号(使用者或計算機帳号)将通過 Kerberos 委托信任
/// </summary>
ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000,
/// <summary>
/// 當設定該标志時,即使服務帳号是通過 Kerberos 委托信任的,敏感帳号不能被委托
/// </summary>
ADS_UF_NOT_DELEGATED = 0X100000,
/// <summary>
/// 此帳号需要 DES 加密類型
/// </summary>
ADS_UF_USE_DES_KEY_ONLY = 0X200000,
/// <summary>
/// 不要進行 Kerberos 預身份驗證
/// </summary>
ADS_UF_DONT_REQUIRE_PREAUTH = 0X400000,
/// <summary>
/// 使用者密碼過期标志
/// </summary>
ADS_UF_PASSWORD_EXPIRED = 0X800000,
/// <summary>
/// 使用者帳号可委托标志
/// </summary>
ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0X1000000
}
ActiveDirectoryAttributes.cs
public class ActiveDirectoryAttributes
{
public const string AccountName = "sAMAccountName";
public const string UserAccountControl = "userAccountControl";
public const string UserPrincipalName = "userPrincipalName";
public const string DisplayName = "displayName";
public const string TelephoneNumber = "telephoneNumber";
public const string Mobile = "mobile";
public const string Mail = "mail";
public const string Title = "title";
public const string Department = "department";
public const string StreetAddress = "streetAddress";
public const string Name = "name";
public const string SetPassword = "setPassword";
public const string ChangePassword = "changePassword";
public const string UserPwd = "userPassword";
public const string ObjectGuid = "objectGUID";
public const string ObjectSid = "objectSid";
public const string CommonName = "cn";
public const string HomePhone = "homePhone";
public const string CanonicalName = "canonicalName";
public const string Country = "co";
public const string Company = "company";
public const string Description = "description";
public const string FirstName = "givenName";
public const string MiddleInitial = "initials";
public const string City = "l";
public const string Email = "mail";
public const string PostalCode = "postalCode";
public const string LastName = "sn";
public const string StateProvince = "st";
public const string Member = "member";
public const string MemberOf = "memberOf";
public const string DistinguishedName = "distinguishedName";
public const string ManagedBy = "managedBy";
public const string PostalAddress = "postalAddress";
public const string HomePostalAddress = "homePostalAddress";
public const string FacsimileTelephoneNumber = "facsimileTelephoneNumber";
public const string Url = "url";
public const string IPPhone = "ipPhone";
public const string Pager = "pager";
public const string OtherIPPhone = "otherIpPhone";
public const string Street = "street";
public const string ExtensionName = "extensionName";
public const string Info = "info";
public const string GroupScope = "groupType";
public const string AccountType = "sAMAccountType";
public const string ExtensionAttribute1 = "extensionAttribute1";
public const string ExtensionAttribute2 = "extensionAttribute2";
public const string ExtensionAttribute3 = "extensionAttribute3";
public const string ExtensionAttribute4 = "extensionAttribute4";
public const string ExtensionAttribute5 = "extensionAttribute5";
public const string ExtensionAttribute6 = "extensionAttribute6";
public const string ExtensionAttribute7 = "extensionAttribute7";
public const string ExtensionAttribute8 = "extensionAttribute8";
public const string ExtensionAttribute9 = "extensionAttribute9";
public const string ExtensionAttribute10 = "extensionAttribute10";
}
DomainConfiguration.cs
public class DomainConfiguration
{
//DC的LDAP位址
public static string DomainPath = "DEVLAB.COM";
public static string TopOU = "CETZCLOUD";
//上述域控制資訊的配置是否初始化。
public static bool IsInit = true;
}