一个简单的操作活动目录的类(ADHelper)

最新推荐文章于 2019-09-03 18:07:00 发布
最新推荐文章于 2019-09-03 18:07:00 发布
阅读量4.1k 收藏 1
点赞数 1
分类专栏: Active Directory VS 文章标签: 活动 string function integer user object

http://www.cnblogs.com/freemantc/archive/2006/07/05/443008.html

'-----------------------------------------------------------------------------

' 说明:操作AD用到了两种协议,WinNT和LDAP
'
'       WinNT —— 可以以较高的权限进行操作,但可操作的对象比较少。
'                  一般用来添加(删除)用户和组、修改密码、添加用户到组。
'
'       LDAP ——  以树形结构对AD进行访问,操作对象多,且更为灵活。
'                  但权限方面不如WinNT开放。
'
'-----------------------------------------------------------------------------


Imports System
Imports System.DirectoryServices


''' -----------------------------------------------------------------------------
''' Project     : ADService
''' Class     : ADHelper
''' 
''' -----------------------------------------------------------------------------
''' <summary>
''' 一个简单的操作活动目录的类
''' </summary>
''' -----------------------------------------------------------------------------
Public Class ADHelper


#Region "私有成员变量"
    'AD控制器的机器名(NetBIOS名称)
    Private ADServer As String
    'LDAP的访问路径(域的名字)
    Private ADPath As String
#End Region


#Region "帐户选项"
    'Identifier = Hexadecimal value
    Public Enum AccountOption
        ADS_UF_SCRIPT = &H1                             '执行登录脚本
        ADS_UF_ACCOUNTDISABLE = &H2                     '用户帐号禁用
        ADS_UF_HOMEDIR_REQUIRED = &H8                   '主目录是必需的
        ADS_UF_LOCKOUT = &H10                           '该帐户当前被锁定
        ADS_UF_PASSWD_NOTREQD = &H20                    '用户密码不是必须的
        ADS_UF_PASSWD_CANT_CHANGE = &H40                '用户不能改变密码(只读,不能设置)
        ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = &H80   '使用者允许发送加密的口令
        ADS_UF_TEMP_DUPLICATE_ACCOUNT = &H100           '本地帐号标志
        ADS_UF_NORMAL_ACCOUNT = &H200                   '默认帐号类型
        ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = &H800        '跨域的信任帐号
        ADS_UF_WORKSTATION_TRUST_ACCOUNT = &H1000       '工作站信任帐号
        ADS_UF_SERVER_TRUST_ACCOUNT = &H2000            '服务器信任帐号
        ADS_UF_DONT_EXPIRE_PASSWD = &H10000             '密码永不过期
        ADS_UF_MNS_LOGON_ACCOUNT = &H20000              'MNS登录帐号
        ADS_UF_SMARTCARD_REQUIRED = &H40000             '必须使用智能卡登录
        ADS_UF_TRUSTED_FOR_DELEGATION = &H80000         '服务帐号(用户或计算机帐号)将通过Kerberos委托信任
        ADS_UF_NOT_DELEGATED = &H100000                 '即使服务帐号是通过Kerberos委托信任的,敏感帐号不能被委托
        ADS_UF_USE_DES_KEY_ONLY = &H200000              '为此帐号使用DES加密类型
        ADS_UF_DONT_REQUIRE_PREAUTH = &H400000          '不要求Kerberos预身份验证
        ADS_UF_PASSWORD_EXPIRED = &H800000              '密码过期
        ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = &H1000000   '该帐号可委派其他帐号


    End Enum
#End Region


#Region "构造函数"
    Public Sub New(ByVal sADServer As String, ByVal sADPath As String)
        ADServer = "WinNT://" & sADServer & ",computer"
        ADPath = sADPath
    End Sub
#End Region


#Region "公共接口"
    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 检查组织单位(OU)是否存在
    ''' </summary>
    ''' <param name="sOU">组织单位名称</param>
    ''' <returns>成功返回True,否则返回False</returns>
    ''' -----------------------------------------------------------------------------
    Public Function CheckOU(ByVal sOU As String) As Boolean
        Try
            Dim de As DirectoryEntry = GetDirectoryObject()
            Dim deSearch As New DirectorySearcher
            deSearch.SearchRoot = de
            deSearch.Filter = "(&(objectClass=organizationalUnit)(ou=" & sOU & "))"
            deSearch.SearchScope = SearchScope.Subtree
            Dim results As SearchResult = deSearch.FindOne
            If Not results Is Nothing Then
                Return True
            Else
                Return False
            End If
        Catch
            Return False
        End Try
    End Function


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 添加一个组织单位(OU)
    ''' </summary>
    ''' <param name="sOU">组织单位名称(iOffice.net Users)</param>
    ''' <returns>添加后的OU对象</returns>
    ''' -----------------------------------------------------------------------------
    Public Function AddOU(ByVal sOU As String, ByVal sDescription As String) As DirectoryEntry
        Dim de As DirectoryEntry = GetDirectoryObject()
        Dim deOU As DirectoryEntry = de.Children.Add("ou=" & sOU, "organizationalUnit")
        deOU.Properties("Description").Value = sDescription
        deOU.CommitChanges()
        Return deOU
    End Function


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 添加一个新组(WinNT)
    ''' </summary>
    ''' <param name="sGroupName">组名称</param>
    ''' <param name="sDescripion">描述</param>
    ''' <returns>返回创建组的DirecotryEntry对象</returns>
    ''' -----------------------------------------------------------------------------
    Public Function AddGroup(ByVal sGroupName As String, ByVal sDescripion As String) As DirectoryEntry
        Dim AD As New DirectoryEntry(ADServer)
        Dim deGroup As DirectoryEntry
        deGroup = AD.Children.Add(sGroupName, "group")
        deGroup.Invoke("Put", New Object() {"Description", sDescripion})
        deGroup.CommitChanges()
        Return deGroup
    End Function


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 添加一个新组(LDAP)
    ''' </summary>
    ''' <param name="sLDAPDN">位置(例如:sLDAPDN="OU=组织单位")</param>
    ''' <param name="sGroupName">组名称</param>
    ''' <param name="sDescripion">描述</param>
    ''' <returns>返回创建组的DirecotryEntry对象</returns>
    ''' -----------------------------------------------------------------------------
    Public Function AddGroup(ByVal sLDAPDN As String, ByVal sGroupName As String, ByVal sDescripion As String) As DirectoryEntry
        Dim AD As DirectoryEntry = GetDirectoryObject()
        Dim subEntry As DirectoryEntry = AD.Children.Find(sLDAPDN)
        Dim deGroup As DirectoryEntry = subEntry.Children.Add("CN=" + sGroupName, "group")
        deGroup.Properties("sAMAccountName").Value = sGroupName
        deGroup.Properties("Description").Value = sDescripion
        deGroup.CommitChanges()
        Return deGroup
    End Function


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 删除组
    ''' </summary>
    ''' <param name="sGroupName">组名称</param>
    ''' -----------------------------------------------------------------------------
    Public Sub DeleteGroup(ByVal sGroupName As String)
        Dim AD As New DirectoryEntry(ADServer)
        Dim group As DirectoryEntry
        AD.Children.Remove(group)
        AD.Close()
    End Sub


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 添加一个新用户(WinNT)
    ''' </summary>
    ''' <remark>
    ''' 利用WinNT协议只能将用户添加到Users节点下面,
    ''' 即:相当于LDAP中的CN=Users
    ''' </remark>
    ''' <param name="sUserName">用户名</param>
    ''' <param name="sPassword">密码</param>
    ''' <returns>返回创建用户的DirecotryEntry对象</returns>
    ''' -----------------------------------------------------------------------------
    Public Function AddUser(ByVal sUserName As String, ByVal sPassword As String) As DirectoryEntry
        Dim AD As New DirectoryEntry(ADServer)
        Dim deUser As DirectoryEntry
        deUser = AD.Children.Add(sUserName, "user")
        deUser.Invoke("SetPassword", New Object() {sPassword})
        deUser.CommitChanges()
        Return deUser
    End Function


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 添加一个新用户(LDAP)
    ''' </summary>
    ''' <remark>
    ''' 利用LDAP协议添加用户到指定位置。
    ''' 例如:sLDAPDN = "OU=组织单位名称"(或者"CN=Users")。
    ''' 注意:添加后的用户默认是账户禁用状态。
    ''' </remark>
    ''' <param name="sLDAPDN">位置</param>
    ''' <param name="sUserName">用户名</param>
    ''' <param name="sPassword">密码</param>
    ''' <returns>返回创建用户的DirecotryEntry对象</returns>
    ''' -----------------------------------------------------------------------------
    Public Function AddUser(ByVal sLDAPDN As String, ByVal sUserName As String, ByVal sPassword As String) As DirectoryEntry
        Dim AD As DirectoryEntry = GetDirectoryObject()
        Dim subEntry As DirectoryEntry = AD.Children.Find(sLDAPDN)
        Dim deUser As DirectoryEntry = subEntry.Children.Add("CN=" + sUserName, "user")
        '添加帐号是必须的
        deUser.Properties("sAMAccountName").Value = sUserName
        deUser.CommitChanges()
        SetUserPassword(sUserName, sPassword)
        Return deUser
    End Function


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 在组织单位中添加用户
    ''' </summary>
    ''' <param name="sOU">组织单位名称</param>
    ''' <param name="sUserName">用户名</param>
    ''' <param name="sPassword">密码</param>
    ''' <returns></returns>
    ''' -----------------------------------------------------------------------------
    Public Function AddUserIntoOU(ByVal sOU As String, ByVal sUserName As String, ByVal sPassword As String) As DirectoryEntry
        Dim ldapDN As String = "OU=" & sOU
        Return AddUser(sUserName, sPassword, sOU)
    End Function


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 设置用户密码
    ''' </summary>
    ''' <param name="oUser"></param>
    ''' <param name="sPassword"></param>
    ''' -----------------------------------------------------------------------------
    Public Sub SetUserPassword(ByVal sUserName As String, ByVal sPassword As String)
        Dim AD As New DirectoryEntry(ADServer)
        Dim oUser As DirectoryEntry
        oUser = AD.Children.Find(sUserName, "user")
        oUser.Invoke("SetPassword", New Object() {sPassword})
        oUser.CommitChanges()
        oUser.Close()
    End Sub


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 添加用户到组
    ''' </summary>
    ''' <param name="oUserName">用户对象</param>
    ''' <param name="sGroupName">组名</param>
    ''' -----------------------------------------------------------------------------
    Public Sub AddUserToGroup(ByVal sUserName As String, ByVal sGroupName As String)
        Dim AD As New DirectoryEntry(ADServer)
        Dim oUser As DirectoryEntry = AD.Children.Find(sUserName, "user")
        Dim group As DirectoryEntry = AD.Children.Find(sGroupName, "group")
        If Not oUser Is Nothing Then
            group.Invoke("Add", New Object() {oUser.Path})
            group.CommitChanges()
        End If
        oUser.Close()
        group.Close()
    End Sub


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 从组中移除用户
    ''' </summary>
    ''' <param name="oUserName">用户名</param>
    ''' <param name="sGroupName">组名</param>
    ''' -----------------------------------------------------------------------------
    Public Sub RemoveUserFromGroup(ByVal sUserName As String, ByVal sGroupName As String)
        Dim AD As New DirectoryEntry(ADServer)
        Dim group As DirectoryEntry = AD.Children.Find(sGroupName, "group")
        Dim oUser As DirectoryEntry = AD.Children.Find(sUserName, "user")
        If Not oUser Is Nothing Then
            group.Invoke("Remove", New Object() {oUser.Path})
            group.CommitChanges()
        End If
        oUser.Close()
        group.Close()
    End Sub


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 删除用户
    ''' </summary>
    ''' <param name="sUserName">用户名</param>
    ''' <returns>成功返回True,否则返回False</returns>
    ''' -----------------------------------------------------------------------------
    Public Sub DeleteUser(ByVal sUserName As String)
        Dim AD As New DirectoryEntry(ADServer)
        Dim User As DirectoryEntry = AD.Children.Find(sUserName, "user")
        AD.Children.Remove(User)
        AD.Close()
    End Sub


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 根据用户名返回相应的DirectoryEntry对象
    ''' </summary>
    ''' <remarks>
    ''' 如果用户存在,则返回相应的对象,否则返回空对象(Nothing)
    ''' </remarks>
    ''' <param name="sUserName">用户名</param>
    ''' <returns>DirectoryEntry类的对象</returns>
    ''' -----------------------------------------------------------------------------
    Public Function GetUser(ByVal sUserName As String) As DirectoryEntry
        Try
            Dim de As DirectoryEntry = GetDirectoryObject()
            Dim deSearch As New DirectorySearcher
            deSearch.SearchRoot = de
            deSearch.Filter = "(&(objectClass=user)(cn=" & sUserName & "))"
            deSearch.SearchScope = SearchScope.Subtree
            Dim results As SearchResult = deSearch.FindOne
            If Not results Is Nothing Then
                Return New DirectoryEntry(results.Path)
            Else
                Return Nothing
            End If
        Catch
            Return Nothing
        End Try
    End Function


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 验证帐户是否禁用
    ''' </summary>
    ''' <param name="oDE">用户对象</param>
    ''' <returns>成功返回True,否则返回False</returns>
    ''' -----------------------------------------------------------------------------
    Public Function IsAccountDisable(ByVal oDE As DirectoryEntry) As Boolean
        Dim userAccountControl As Integer = Convert.ToInt32(oDE.Properties("userAccountControl")(0))
        Return Not IsAccountActive(userAccountControl)
    End Function


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 设置用户帐号可用
    ''' </summary>
    ''' <param name="oDE">用户对象</param>
    ''' -----------------------------------------------------------------------------
    Public Sub EnableUserAccount(ByRef oDE As DirectoryEntry)
        oDE.Properties("userAccountControl")(0) = AccountOption.ADS_UF_NORMAL_ACCOUNT _
                                               Or AccountOption.ADS_UF_DONT_EXPIRE_PASSWD
        oDE.CommitChanges()
    End Sub


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 设置用户帐号不可用
    ''' </summary>
    ''' <param name="oDE">用户对象</param>
    ''' -----------------------------------------------------------------------------
    Public Sub DisableUserAccount(ByRef oDE As DirectoryEntry)
        oDE.Properties("userAccountControl")(0) = AccountOption.ADS_UF_NORMAL_ACCOUNT _
                                               Or AccountOption.ADS_UF_DONT_EXPIRE_PASSWD _
                                               Or AccountOption.ADS_UF_ACCOUNTDISABLE
        oDE.CommitChanges()
    End Sub


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 设置属性值
    ''' </summary>
    ''' <param name="oDE">用户对象</param>
    ''' <param name="sPropertyName">属性名称</param>
    ''' <param name="sPropertyValue">属性值</param>
    ''' -----------------------------------------------------------------------------
    Public Sub SetProperty(ByRef oDE As DirectoryEntry, ByVal sPropertyName As String, ByVal sPropertyValue As String)
        If sPropertyValue <> String.Empty Then
            If oDE.Properties.Contains(sPropertyName) Then
                oDE.Properties(sPropertyName)(0) = sPropertyValue
            Else
                oDE.Properties(sPropertyName).Add(sPropertyValue)
            End If
        End If
    End Sub


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 提交更改
    ''' </summary>
    ''' <param name="oDE"></param>
    ''' -----------------------------------------------------------------------------
    Public Sub CommitChanges(ByRef oDE As DirectoryEntry)
        oDE.CommitChanges()
    End Sub


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 得到属性值
    ''' </summary>
    ''' <remarks>
    ''' 如果没有这个属性则返回空值(string.Empty)
    ''' </remarks>
    ''' <param name="oDE">用户对象</param>
    ''' <param name="sPropertyName">属性名称</param>
    ''' <returns>属性值</returns>
    ''' -----------------------------------------------------------------------------
    Public Function GetProperty(ByVal oDE As DirectoryEntry, ByVal sPropertyName As String) As String
        If oDE.Properties.Contains(sPropertyName) Then
            Return Convert.ToString(oDE.Properties(sPropertyName)(0))
        Else
            Return String.Empty
        End If
    End Function


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 得到用户信息
    ''' </summary>
    ''' <param name="oDE">用户对象</param>
    ''' <returns>包含用户属性信息的DataTable</returns>
    ''' -----------------------------------------------------------------------------
    Public Function GetUserInfo(ByVal oDE As DirectoryEntry) As DataTable
        Dim dt As DataTable = New DataTable
        Dim dr As DataRow
        Dim dc As DataColumn
        dc = New DataColumn("PropertyName", Type.GetType("System.String"))
        dt.Columns.Add(dc)
        dc = New DataColumn("Value", Type.GetType("System.String"))
        dt.Columns.Add(dc)


        Dim id As IDictionaryEnumerator = oDE.Properties.GetEnumerator
        While (id.MoveNext())
            dr = dt.NewRow()
            dr.Item("PropertyName") = id.Key
            dr.Item("Value") = oDE.Properties(id.Key)(0)
            dt.Rows.Add(dr)
        End While
        Return dt
    End Function


    ''' -----------------------------------------------------------------------------
    ''' <summary>
    ''' 得到用户信息
    ''' </summary>
    ''' <param name="sUserName">用户名</param>
    ''' <returns>包含用户属性信息的DataTable</returns>
    ''' -----------------------------------------------------------------------------
    Public Function GetUserInfo(ByVal sUserName As String) As DataTable
        Dim oDE As DirectoryEntry = GetUser(sUserName)
        Return GetUserInfo(oDE)
    End Function


#End Region


#Region "私有方法"
    '创建DE对象
    '根据ADUser和ADPassword创建的一个有相当权限(可以管理AD)的DE对象
    Private Function GetDirectoryObject() As DirectoryEntry
        Return New DirectoryEntry(ADPath)
    End Function


    '判断用户帐号是否激活
    '返回FALSE说明用户帐号被禁用
    Private Function IsAccountActive(ByVal userAccountControl As Integer) As Boolean
        Dim flagExists As Integer = userAccountControl And AccountOption.ADS_UF_ACCOUNTDISABLE
        If flagExists > 0 Then
            Return False
        Else
            Return True
        End If
    End Function
#End Region


End Class
SAP乞丐
关注
  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
C#编写的活动动目录辅助操作 ADHelper
02-21
活动目录辅助。封装一系列活动目录操作相关的方法。包括用户登录验证及用户帐户属性修改等相关操作的方法
C# 域用户操作
ljsql的专栏
02-17 1679
using System; using System.DirectoryServices; namespace SystemFrameworks.Helper { /// ///活动目录辅助。封装一系列活动目录操作相关的方法。 /// public
ADHelper,一个好用的AD操作
01-06 1357
public class ADHelper { private static string ADLdapInfo = System.Configuration.ConfigurationManager.AppSettings["ADLdapInfo"].ToString(); ///扮演实例 private static Identity...
操作ADHelper
weixin_34034261的博客
10-29 227
但是我测试了总是弹出 登录失败: 未知的用户名或错误密码。 存在于588行 关闭后,进入DC查看用户已经添加但是是被禁用的~也就说启用用户这个方法没有写对?还是咋的原因! 代码如下: using System; using System.Collections.Generic; using System.Linq; using System.Te...
ADhelper[参考].pdf
10-11
ADhelper[参考].pdf
ADhelper.cs
01-22
AD域操,增删改查及管理ou,稍改参数就能用
ADHelper.cs
09-18
This class contains functions for Active Directory support
Ad操作测试项目
04-20
里边是AD开发的测试项目,主要是ADHelper起作用,其余就是测试了
AD Helper 操作
05-10
AD操作,.net操作AD的方法User添加删除
ADHelper 活动目录用户操作
angang6606的博客
04-12 84
using System; using System.DirectoryServices;namespace SystemFrameworks.Helper{ /// /// 活动目录辅助。封装一系列活动目录操作相关的方法。 /// public sealed class ADHelper...
Asp.net MVC 集成AD域认证
weixin_30883271的博客
09-03 613
1.首先WebApi 应用下Web.config要配置域认证服务器节点,如下 <!--LDAP地址 用于项目AD系统账号密码验证--> <!--0:关闭域认证;1:开启域认证--> <add key="EnableADCheck" value="0"/> <add key="LDAPAPI" value="域认证服务器的api地址...
windows server2012 AD域相关操作
钻石
04-01 4926
AD域主要作用就是集中管理,限制域内用户或计算机的所有操作,主要管理公司员工,就像通讯录一样,还能管理了电脑,打印机等, 权限管理,ADhelper 可以实现WEB方式的AD域管理,方便、快捷。其余不懂得还是直接上例子其余自己科普。 实操 AD域 VMA、VMB虚拟机配置为主辅域,域名为szpdc.com; VMA做为GC、Schema Master、Domain Naming Ma...
ADHelper 活动目录用户操作 (c#)
weixin_34186128的博客
05-29 198
如果你在一个基于Windows服务器的网路里工作,那么你很有可能正在使用微软的活动目录(Active Directory)。活动目录的目的是减少网络里目录和命名空间的数量,并为复杂的网络提供了一个统一的视图。 在这个环境里开发应用程序的话,你将不可避免地要访问目录。本周,我们将探讨一些使用活动目录的方法,并告诉你可以如何操控数据。 活动目录基础知识 在正式探讨.NET集成之前,让我们先从活动...
ad
小牛
07-28 858
 using System;using System.DirectoryServices; namespace SystemFrameworks.Helper...{     /**////      /// 活动目录辅助。封装一系列活动目录操作相关的方法。     ///      public sealed class ADHelper     ...{         /**///
ADHelper与扩展应用
ass2112128的博客
07-18 129
using System; using System.Collections.Generic; using System.Text; using System.DirectoryServices; using System.Security.Principal; using System.Runtime.InteropServices; using System.Data...
活动目录辅助。封装一系列活动目录操作相关的方法
徐虎的专栏
03-16 3082
using System;using System.DirectoryServices; namespace SystemFrameworks.Helper{     ///      /// 活动目录辅助。封装一系列活动目录操作相关的方法。     ///      public sealed class ADHelper     {         ///          /// 域名  
ADHELPER
maseccc的专栏
09-02 625
 using System.DirectoryServices;using System.Net;using System.Text;using CDOEXM;namespace ExchangeMailTest{/// /// 实现AD操作的一些常用功能/// public class ADHelper{private const string LDAP_IDENTITY = "LDAP://"

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值