using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Collections;
using System.Data;
using System.DirectoryServices;
using NJZF.SCDM.DAL.Database;
using System.Data.SqlClient;
using NJZF.SCDM.DAL.DBUtility;
using NJZF.SCDM.BLL.Tools;
using NJZF.SCDM.DataModel;
namespace NJZF.SCDM.BLL.User
{
public class AdHelper
{
/// <summary>
/// 定义域控配置结构
/// </summary>
public struct DomainConfig
{
public string LdapPath;
public string AdUser;
public string AdPwd;
public string DomainName;
}
/// <summary>
/// 初始化域控配置结构
/// </summary>
/// <returns></returns>
public static DomainConfig GetConfig()
{
DomainConfig Config = new DomainConfig();
SqlParameter [] Parameter={new SqlParameter
("@Type",SqlDbType.Int,4)};
Parameter[0].Value=1;
DataSet ds = DbHelperSQL.RunProcedure("SCDM_Config_GetModel",
Parameter, "SCDM_Config");
if (ds.Tables[0].Rows.Count > 0)
{
Config.LdapPath = ds.Tables[0].Rows[0][1].ToString();
Config.AdUser = ds.Tables[0].Rows[0][2].ToString();
Config.AdPwd = ds.Tables[0].Rows[0][3].ToString();
string DomainName = "";
string[] DomainNameArr = StringTools.GetSafeStr(ds.Tables
[0].Rows[0][5].ToString()).Split(new char[] { '.' });
if (DomainNameArr.Length > 0)
{
foreach (string arrname in DomainNameArr)
{
string DC1 = "DC=" + arrname + ",";
DomainName += DC1;
}
}
DomainName = DomainName.Remove(DomainName.LastIndexOf(','));
Config.DomainName = DomainName;
}
return Config;
} http://www.pj518.net http://www.jstianshuo.com http://www.pj365.net http://www.jscxkeji.com
/// <summary>
/// 获取数据库中跟节点的名称
/// </summary>
/// <returns></returns>
public static string GetRootName()
{
SqlParameter[] Parameter = { new SqlParameter("@Type",
SqlDbType.Int, 4) };
Parameter[0].Value = 1;
DataSet ds = DbHelperSQL.RunProcedure("SCDM_Config_GetModel",
Parameter, "SCDM_Config");
if (ds.Tables[0].Rows.Count > 0)
{
return ds.Tables[0].Rows[0][1].ToString();
}
else
{
return "";
}
}
/// <summary>
/// 域的名称
/// </summary>
#region MyRegion
///用户属性定义标志
public enum ADS_USER_FLAG_ENUM
{
///
///登录脚本标志。如果通过 ADSI LDAP 进行读或写操作时,该标志失效
。如果通过 ADSI WINNT,该标志为只读。
///
ADS_UF_SCRIPT = 0X0001,
///
///用户帐号禁用标志
///
ADS_UF_ACCOUNTDISABLE = 0X0002,
///
///主文件夹标志
///
ADS_UF_HOMEDIR_REQUIRED = 0X0008,
///
///过期标志
///
ADS_UF_LOCKOUT = 0X0010,
///
///用户密码不是必须的
///
ADS_UF_PASSWD_NOTREQD = 0X0020,
///
///密码不能更改标志
///
ADS_UF_PASSWD_CANT_CHANGE = 0X0040,
///
///使用可逆的加密保存密码
///
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,
///
///本地帐号标志
///
ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,
///
///普通用户的默认帐号类型
///
ADS_UF_NORMAL_ACCOUNT = 0X0200,
///
///跨域的信任帐号标志
///
ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,
///
///工作站信任帐号标志
///
ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,
///
///服务器信任帐号标志
///
ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,
///
///密码永不过期标志
///
ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,
///
/// MNS 帐号标志
///
ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,
///
///交互式登录必须使用智能卡
///
ADS_UF_SMARTCARD_REQUIRED = 0X40000,
///
///当设置该标志时,服务帐号(用户或计算机帐号)将通过 Kerberos 委
托信任
///
ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000,
///
///当设置该标志时,即使服务帐号是通过 Kerberos 委托信任的,敏感帐
号不能被委托
///
ADS_UF_NOT_DELEGATED = 0X100000,
///
///此帐号需要 DES 加密类型
///
ADS_UF_USE_DES_KEY_ONLY = 0X200000,
///
///不要进行 Kerberos 预身份验证
///
ADS_UF_DONT_REQUIRE_PREAUTH = 0X4000000,
///用户密码过期标志
ADS_UF_PASSWORD_EXPIRED = 0X800000,
///用户帐号可委托标志
ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0X1000000
}
#endregion
#region 获取域上的所有的用户列表
/// 获取域上的所有的用户列表
/// </summary>
/// <returns>用户集合</returns>
public static ArrayList GetUsers()
{
ArrayList users = new ArrayList();
DirectoryEntry de = GetObjectByAdmin();
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)
(objectClass=user)))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResultCollection results = deSearch.FindAll();
for (int i = 0; i < results.Count; i++)
{
DirectoryEntry des = results[i].GetDirectoryEntry();
users.Add(des);
}
return users;
}
catch (Exception e)
{
return null;
}
}
#endregion
#region 获取域上的所有用户组列表
/// 获取域上的所有用户组列表
/// </summary>
/// <returns>用户集合</returns>
public static ArrayList GetGroups()
{
ArrayList groups = new ArrayList();
DirectoryEntry de = GetObjectByAdmin();
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(objectCategory=group)";
deSearch.SearchScope = SearchScope.Subtree;
SearchResultCollection results;
try
{
results = deSearch.FindAll();
foreach (SearchResult sr in results)
{
DirectoryEntry directoryentry = sr.GetDirectoryEntry();
groups.Add(directoryentry);
}
return groups;
}
catch (Exception e)
{
return null;
}
}
#endregion
#region 根据用户组的名称查找该组下的用户成员
/// 根据用户组的名称查找该组下的用户成员
/// </summary>
/// <param name="groupName">用户组名称</param>
/// <returns>用户集合</returns>
public static ArrayList GetUsersByGroup(string groupName)
{
ArrayList users = new ArrayList();
DirectoryEntry SearchRoot = GetObjectByAdmin();
DirectorySearcher directorySearch = new DirectorySearcher
(SearchRoot);
directorySearch.Filter = "(&(objectClass=group)(SAMAccountName="
+ groupName + "))";
SearchResult results = directorySearch.FindOne();
try
{
if (results != null)
{
DirectoryEntry dirEntry = new DirectoryEntry
(results.Path,GetConfig().AdUser, GetConfig().AdPwd);
System.DirectoryServices.PropertyCollection
propertyCollection = dirEntry.Properties;
int count = propertyCollection["member"].Count;
for (int i = 0; i < count; i++)
{
string respath = results.Path;
string[] pathnavigate = respath.Split
("CN".ToCharArray());
respath = pathnavigate[0];
string objpath = propertyCollection["member"]
[i].ToString();
string path = respath + objpath;
DirectoryEntry user = new DirectoryEntry(path,
GetConfig().AdUser, GetConfig().AdPwd);
users.Add(user);
}
}
return users;
}
catch (Exception e)
{
return null;
}
}
#endregion
#region 根据用户组查找对应的用户
/// 根据用户组查找对应的用户
/// </summary>
/// <returns>ArrayList用户集合</returns>
public static ArrayList GetUsersByUserGroup(string GroupName)
{
ArrayList users = new ArrayList();
DirectoryEntry SearchRoot = GetObjectByAdmin();
DirectorySearcher directorySearch = new DirectorySearcher
(SearchRoot);
directorySearch.Filter = "(&(objectClass=group)(SAMAccountName="
+ GroupName + "))";
SearchResult results = directorySearch.FindOne();
try
{
if (results != null)
{
DirectoryEntry dirEntry = new DirectoryEntry
(results.Path, GetConfig().AdUser,GetConfig().AdPwd);
System.DirectoryServices.PropertyCollection
propertyCollection = dirEntry.Properties;
int count = propertyCollection["member"].Count;
for (int i = 0; i < count; i++)
{
string respath = results.Path;
string[] pathnavigate = respath.Split
("CN".ToCharArray());