安装AD
1.开始-运行-dcpromo 详情参见 http://www.docin.com/p-191729140.html
操作AD
ActiveDirectoryService.cs
public class ActiveDirectoryService
{
public static DirectoryEntry CreateNewDirectoryEntry(string ldapPath)
{
DirectoryEntry de = new DirectoryEntry(ldapPath);
return de;
}
/// 类似
/// DomainName = "LDAP://devlab.com/DC=devlab,DC=com"
/// AdminUser = "cmpadmin"
/// AdminPwd = "[email protected]"
/// <summary>
/// 获取 AD 地址
/// </summary>
/// <param name="path">地址</param>
/// <returns></returns>
public static DirectoryEntry GetPath()
{
string path = GetDomainPath();
DirectoryEntry de = CreateNewDirectoryEntry(path);
return de;
}
/// <summary>
/// 获取 AD 用户
/// </summary>
/// <param name="account">用户</param>
/// <param name="path">地址</param>
/// <returns></returns>
public static DirectoryEntry GetUser(string account)
{
string path = GetDomainPath();
DirectoryEntry de = CreateNewDirectoryEntry(path);
DirectorySearcher ds = new DirectorySearcher();
ds.SearchRoot = de;
ds.Filter = "(&(objectClass=user)(cn=" + account + "))";
ds.SearchScope = SearchScope.Subtree;
SearchResult result = ds.FindOne();
if (result != null)
{
return CreateNewDirectoryEntry(result.Path);
}
else
{
return null;
}
}
/// <summary>
/// 获取OU
/// </summary>
/// <param name="this.ADConfiguration.LDAP"></param>
/// <param name="this.ADConfiguration.ADUserName"></param>
/// <param name="this.ADConfiguration.ADPassword"></param>
/// <param name="ou"></param>
/// <returns></returns>
public static DirectoryEntry GetOU(string ou)
{
DirectoryEntry de = GetPath();
DirectorySearcher ds = new DirectorySearcher();
ds.SearchRoot = de;
ds.Filter = "(&(objectClass=organizationalUnit)(ou=" + ou + "))";
ds.SearchScope = SearchScope.Subtree;
SearchResult result = ds.FindOne();
if (result != null)
{
return CreateNewDirectoryEntry(result.Path);
}
else
{
return null;
}
}
#region OU
/// <summary>
/// 创建OU
/// </summary>
/// <param name="account"ou名称</param>
/// <param name="displayName">显示名称</param>
/// <param name="domainname">url</param>
public static void CreateOU(string ou, string displayName, string domainname)
{
if (GetOU(ou) == null)//获取OU
{
DirectoryEntry direE = GetPath();
if (direE == null) return;
DirectoryEntry de = direE.Children.Add("OU=" + ou, "organizationalUnit");
de.Properties[ActiveDirectoryAttributes.Name].Add(ou);
de.Properties[ActiveDirectoryAttributes.DisplayName].Add(displayName);
de.Properties[ActiveDirectoryAttributes.Url].Add(domainname);
de.CommitChanges();
de.Close();
direE.Close();
}
}
/// <summary>
/// 修改OU用户
/// </summary>
/// <param name="ou"></param>
public static void UpdateOU(string ou, string displayname)
{
DirectoryEntry de = GetOU(ou);
if (de != null)
{
de.Properties[ActiveDirectoryAttributes.DisplayName].Value = displayname;//修改显示名称
de.CommitChanges();
de.Close();
}
}
/// <summary>
/// 删除OU用户
/// </summary>
/// <param name="ou"></param>
public static void DeleteOU(string ou)
{
DirectoryEntry de = GetOU(ou); //获取OU
if (de != null)
{
de.Parent.Children.Remove(de);
de.CommitChanges();
de.Close();
}
}
#endregion
#region AD
/// <summary>
/// 创建 AD
/// </summary>
/// <param name="ou">OU名称</param>
/// <param name="account">用户名</param>
/// <param name="userPwd">密码</param>
/// <param name="displaName">显示名称</param>
/// <param name="company">公司</param>
/// <param name="department">部门</param>
/// <param name="title">职务</param>
/// <param name="phone">电话</param>
/// <param name="mobile">手机号码</param>
/// <param name="address">地址</param>
/// <param name="upn">UPN</param>
public static void CreateUser(string ou, string account, string userPwd, string displaName, string company, string department, string title, string phone, string mobile, string address, string upn)
{
if (GetUser(account) == null)//获取AD用户
{
DirectoryEntry direE = GetOU(ou);
if (direE == null) return;
DirectoryEntry de = direE.Children.Add("CN=" + account, "user");
de.Properties[ActiveDirectoryAttributes.Name].Add(account);
de.CommitChanges();
//设置密码
de.Invoke(ActiveDirectoryAttributes.SetPassword, new object[] { userPwd });//SetPassword
de.Properties[ActiveDirectoryAttributes.UserAccountControl][0] = AccountOptions.ADS_UF_NORMAL_ACCOUNT;
de.CommitChanges();
de.Properties[ActiveDirectoryAttributes.UserPrincipalName].Add(upn);
de.CommitChanges();
//显示名称
if (!RegexLib.IsNullOrEmpty(displaName)) de.Properties[ActiveDirectoryAttributes.DisplayName].Add(displaName);
//公司
if (!RegexLib.IsNullOrEmpty(company)) de.Properties[ActiveDirectoryAttributes.Company].Add(company);
//部门
if (!RegexLib.IsNullOrEmpty(department)) de.Properties[ActiveDirectoryAttributes.Department].Add(department);
//职务
if (!RegexLib.IsNullOrEmpty(title)) de.Properties[ActiveDirectoryAttributes.Title].Add(title);
//电话
if (!RegexLib.IsNullOrEmpty(phone)) de.Properties[ActiveDirectoryAttributes.TelephoneNumber].Add(phone);
//手机
if (!RegexLib.IsNullOrEmpty(mobile)) de.Properties[ActiveDirectoryAttributes.Mobile].Add(mobile);
//地址
if (!RegexLib.IsNullOrEmpty(address)) de.Properties[ActiveDirectoryAttributes.StreetAddress].Add(address);
de.CommitChanges();
de.Close();
direE.Close();
}
}
/// <summary>
/// 修改密码
/// </summary>
/// <param name="account"></param>
/// <param name="userOldPwd"></param>
public static void UpdatePwd(string ou, string account, string userOldPwd, string userNewPwd)
{
DirectoryEntry de = GetUser(account); //获取用户
if (de != null)
{
var pwd = new object[] { userOldPwd, userNewPwd };
de.Invoke(ActiveDirectoryAttributes.ChangePassword, new Object[] { userOldPwd, userNewPwd });//ChangePassword
de.Properties[ActiveDirectoryAttributes.UserAccountControl][0] = AccountOptions.ADS_UF_NORMAL_ACCOUNT;
//普通用户的默认帐号类型。即激活状态标志。
de.CommitChanges();
de.Close();
}
}
/// <summary>
/// 删除AD
/// </summary>
/// <param name="account"></param>
public static void DeleteUser(string account)
{
DirectoryEntry de = GetUser(account); //获取用户
if (de != null)
{
de.Parent.Children.Remove(de);
de.CommitChanges();
de.Close();
}
}
/// <summary>
/// 激活
/// </summary>
/// <param name="account">用户名</param>
/// <param name="enable">激活、禁用</param>
public static void EnableUser(string account, bool enable)
{
DirectoryEntry de = GetUser(account); //获取用户
if (de != null)
{
if (enable)
{
de.Properties[ActiveDirectoryAttributes.UserAccountControl][0] = AccountOptions.ADS_UF_NORMAL_ACCOUNT;
}
else
{
de.Properties[ActiveDirectoryAttributes.UserAccountControl][0] = AccountOptions.ADS_UF_ACCOUNTDISABLE;
}
de.CommitChanges();
de.Close();
}
}
/// <summary>
/// 禁用User
/// </summary>
/// <param name="account"></param>
public static void DisableUser(string account)
{
DirectoryEntry de = GetUser(account); //获取用户
if (de != null)
{
de.Properties[ActiveDirectoryAttributes.UserAccountControl][0] = AccountOptions.ADS_UF_ACCOUNTDISABLE;
de.CommitChanges();
de.Close();
}
}
/// <summary>
/// 设置密码
/// </summary>
/// <param name="ou"></param>
/// <param name="account"></param>
/// <param name="userNewPwd"></param>
public static void SetUserPwd(string ou, string account, string userNewPwd)
{
DirectoryEntry de = GetUser(account); //获取用户
if (de != null)
{
var pwd = new object[] { userNewPwd };
de.Invoke(ActiveDirectoryAttributes.SetPassword, pwd);//ChangePassword
de.Properties[ActiveDirectoryAttributes.UserAccountControl].Value = AccountOptions.ADS_UF_NORMAL_ACCOUNT;
//普通用户的默认帐号类型。即激活状态标志。
de.CommitChanges();
de.Close();
}
}
/// <summary>
/// 更新AD
/// </summary>
/// <param name="ou">OU名称</param>
/// <param name="account">用户名</param>
/// <param name="displaName">显示名称</param>
/// <param name="company">公司</param>
/// <param name="department">部门</param>
/// <param name="title">职务</param>
/// <param name="phone">电话</param>
/// <param name="mobile">手机号码</param>
/// <param name="address">地址</param>
public static void UpdateUser(string ou, string account, string displaName, string company, string department, string title, string phone, string mobile, string address)
{
DirectoryEntry de = GetUser(account);
if (de != null)
{
//显示名称
de.Properties[ActiveDirectoryAttributes.DisplayName].Value = displaName;
//公司
de.Properties[ActiveDirectoryAttributes.Company].Value = company;
//部门
de.Properties[ActiveDirectoryAttributes.Department].Value = department;
//职务
de.Properties[ActiveDirectoryAttributes.Title].Value = title;
//电话
de.Properties[ActiveDirectoryAttributes.TelephoneNumber].Value = phone;
//手机
de.Properties[ActiveDirectoryAttributes.Mobile].Value = mobile;
//地址
de.Properties[ActiveDirectoryAttributes.StreetAddress].Value = address;
de.CommitChanges();
de.Close();
}
}
#endregion
#region UPN
public static void InsertNewUPN(string upn)
{
// string partitionsPath = "LDAP://CN=Partitions,CN=Configuration,DC=wx,DC=local";
string partitionsPath = GetUpnLdapPath();
DirectoryEntry partitionsContainer = CreateNewDirectoryEntry(partitionsPath);
partitionsContainer.Properties["upnSuffixes"].Add(upn);
partitionsContainer.CommitChanges();
}
public static List<string> RetrieveUPNs()
{
string partitionsPath = GetUpnLdapPath();
DirectoryEntry partitionsContainer = CreateNewDirectoryEntry(partitionsPath);
DirectorySearcher mySearcher = new DirectorySearcher(partitionsContainer);
mySearcher.PropertiesToLoad.Add("uPNSuffixes");
List<string> result = new List<string>();
foreach (SearchResult searchResults in mySearcher.FindAll())
{
foreach (string propertyName in searchResults.Properties.PropertyNames)
{
if (propertyName == "upnsuffixes")
{
foreach (Object retEntry in searchResults.Properties[propertyName])
{
result.Add(retEntry.ToString());
}
}
}
}
return result;
}
#endregion
public static string GetDomainPath()
{
string str = DomainConfiguration.DomainPath;
string[] dc = str.Split('.');
string ldap = "LDAP://" + "OU=" + DomainConfiguration.TopOU + ",";
for (int i = 0; i < dc.Length; i++)
{
if (i == (dc.Length - 1))
{
ldap = ldap + "DC=" + dc[i];
}
else
{
ldap = ldap + "DC=" + dc[i] + ",";
}
}
return ldap;
}
public static string GetUpnLdapPath()
{
string str = DomainConfiguration.DomainPath;
string[] dc = str.Split('.');
string ldap = "LDAP://CN=Partitions,CN=Configuration,";
for (int i = 0; i < dc.Length; i++)
{
if (i == (dc.Length - 1))
{
ldap = ldap + "DC=" + dc[i];
}
else
{
ldap = ldap + "DC=" + dc[i] + ",";
}
}
return ldap;
}
}
AccountOptions.cs
public enum AccountOptions
{
/// <summary>
/// 登录脚本标志。如果通过 ADSI LDAP 进行读或写操作时,该标志失效。如果通过 ADSI WINNT,该标志为只读。
/// </summary>
ADS_UF_SCRIPT = 0X0001,
/// <summary>
/// 用户帐号禁用标志
/// </summary>
ADS_UF_ACCOUNTDISABLE = 0X0002,
/// <summary>
/// 主文件夹标志
/// </summary>
ADS_UF_HOMEDIR_REQUIRED = 0X0008,
/// <summary>
/// 过期标志
/// </summary>
ADS_UF_LOCKOUT = 0X0010,
/// <summary>
/// 用户密码不是必须的
/// </summary>
ADS_UF_PASSWD_NOTREQD = 0X0020,
/// <summary>
/// 密码不能更改标志
/// </summary>
ADS_UF_PASSWD_CANT_CHANGE = 0X0040,
/// <summary>
/// 使用可逆的加密保存密码
/// </summary>
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,
/// <summary>
/// 本地帐号标志
/// </summary>
ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,
/// <summary>
/// 普通用户的默认帐号类型。即激活状态标志。
/// </summary>
ADS_UF_NORMAL_ACCOUNT = 0X0200,
/// <summary>
/// 跨域的信任帐号标志
/// </summary>
ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,
/// <summary>
/// 工作站信任帐号标志
/// </summary>
ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,
/// <summary>
/// 服务器信任帐号标志
/// </summary>
ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,
/// <summary>
/// 密码永不过期标志
/// </summary>
ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,
/// <summary>
/// MNS 帐号标志
/// </summary>
ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,
/// <summary>
/// 交互式登录必须使用智能卡
/// </summary>
ADS_UF_SMARTCARD_REQUIRED = 0X40000,
/// <summary>
/// 当设置该标志时,服务帐号(用户或计算机帐号)将通过 Kerberos 委托信任
/// </summary>
ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000,
/// <summary>
/// 当设置该标志时,即使服务帐号是通过 Kerberos 委托信任的,敏感帐号不能被委托
/// </summary>
ADS_UF_NOT_DELEGATED = 0X100000,
/// <summary>
/// 此帐号需要 DES 加密类型
/// </summary>
ADS_UF_USE_DES_KEY_ONLY = 0X200000,
/// <summary>
/// 不要进行 Kerberos 预身份验证
/// </summary>
ADS_UF_DONT_REQUIRE_PREAUTH = 0X400000,
/// <summary>
/// 用户密码过期标志
/// </summary>
ADS_UF_PASSWORD_EXPIRED = 0X800000,
/// <summary>
/// 用户帐号可委托标志
/// </summary>
ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0X1000000
}
ActiveDirectoryAttributes.cs
public class ActiveDirectoryAttributes
{
public const string AccountName = "sAMAccountName";
public const string UserAccountControl = "userAccountControl";
public const string UserPrincipalName = "userPrincipalName";
public const string DisplayName = "displayName";
public const string TelephoneNumber = "telephoneNumber";
public const string Mobile = "mobile";
public const string Mail = "mail";
public const string Title = "title";
public const string Department = "department";
public const string StreetAddress = "streetAddress";
public const string Name = "name";
public const string SetPassword = "setPassword";
public const string ChangePassword = "changePassword";
public const string UserPwd = "userPassword";
public const string ObjectGuid = "objectGUID";
public const string ObjectSid = "objectSid";
public const string CommonName = "cn";
public const string HomePhone = "homePhone";
public const string CanonicalName = "canonicalName";
public const string Country = "co";
public const string Company = "company";
public const string Description = "description";
public const string FirstName = "givenName";
public const string MiddleInitial = "initials";
public const string City = "l";
public const string Email = "mail";
public const string PostalCode = "postalCode";
public const string LastName = "sn";
public const string StateProvince = "st";
public const string Member = "member";
public const string MemberOf = "memberOf";
public const string DistinguishedName = "distinguishedName";
public const string ManagedBy = "managedBy";
public const string PostalAddress = "postalAddress";
public const string HomePostalAddress = "homePostalAddress";
public const string FacsimileTelephoneNumber = "facsimileTelephoneNumber";
public const string Url = "url";
public const string IPPhone = "ipPhone";
public const string Pager = "pager";
public const string OtherIPPhone = "otherIpPhone";
public const string Street = "street";
public const string ExtensionName = "extensionName";
public const string Info = "info";
public const string GroupScope = "groupType";
public const string AccountType = "sAMAccountType";
public const string ExtensionAttribute1 = "extensionAttribute1";
public const string ExtensionAttribute2 = "extensionAttribute2";
public const string ExtensionAttribute3 = "extensionAttribute3";
public const string ExtensionAttribute4 = "extensionAttribute4";
public const string ExtensionAttribute5 = "extensionAttribute5";
public const string ExtensionAttribute6 = "extensionAttribute6";
public const string ExtensionAttribute7 = "extensionAttribute7";
public const string ExtensionAttribute8 = "extensionAttribute8";
public const string ExtensionAttribute9 = "extensionAttribute9";
public const string ExtensionAttribute10 = "extensionAttribute10";
}
DomainConfiguration.cs
public class DomainConfiguration
{
//DC的LDAP地址
public static string DomainPath = "DEVLAB.COM";
public static string TopOU = "CETZCLOUD";
//上述域控制信息的配置是否初始化。
public static bool IsInit = true;
}