程序如何读取超过1500人的通讯组成员
由于域控的LDAP策略导致一次最多能请求1500人的通讯组,解决方法就是遍历LDAP所有的员工,然后获取员工的memberof字段,在这里判断是否为自己需要的通讯组,以此方法,便可实现获取指定通讯组的所有成员,并获取每个成员的详情
下面我们贴出代码:
Program.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using LDAP;
using System.Configuration;
using System.DirectoryServices;
using System.Data;
using DB;
using LOG;
using MAIL;
using System.IO;
namespace 全体员工
{
class Program
{
static void Main(string[] args)
{
DateTime dt1 = System.DateTime.Now;
Log.info("开始查询LDAP数据");
string keyword = "CN=公司全体员工,OU=通讯组,OU=******";
List<Person> all = find_all_in_group(keyword);
Log.info(string.Format("{0}共有{1}个成员", keyword, all.Count));
Log.info("对比完成,保存结果");
save("ldap_compare_oa.txt", ret1);
Console.ReadLine();
}
static bool save(string filename, string data)
{
try
{
StreamWriter sw = new StreamWriter(filename, false);
sw.Write(data);
sw.Close();
return true;
}
catch (Exception)
{
return false;
}
}
static List<Person> find_all_in_group(string keyword)
{
AD ad = new AD();
List<Person> all = new List<Person>();
ad.login("LDAP://" + Global.ldap, Global.usr, Global.pwd);
ad.dir("OU=******");
SearchResultCollection des = ad.GetDirectoryEntryAllSearch();
foreach (SearchResult sr in des)
{
DirectoryEntry de = new DirectoryEntry(sr.Path, Global.usr, Global.pwd, AuthenticationTypes.Secure | AuthenticationTypes.Sealing);
if (de.Properties["memberof"] != null)
{
foreach (var item in de.Properties["memberof"])
{
if (item.ToString().Contains(keyword))
{
Person p = new Person();
p.name = de.Properties["cn"].Value.ToString();
p.path = de.Path;
p.username = de.Properties["sAMAccountName"].Value.ToString();
p.desc = de.Properties["description"] == null ? "" : de.Properties["description"].Value.ToString();
int control=Convert.ToInt32(de.Properties["userAccountControl"].Value.ToString());
p.isEnable=!ad.IsDisabled(control);
all.Add(p);
//Console.WriteLine("发现一个成员");
//Log.info(string.Format("发现:{0}\t{1}\t{2}\t{3}\t", p.name, p.desc, p.username, p.isEnable));
break;
}
}
}
else
continue;
}
return all;
}
}
class Person
{
public string name, desc, path, username;
public bool isEnable=true;
}
}
Global.cs
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
using System.Text;
namespace 全体员工
{
class Global
{
public static string ldap = ConfigurationManager.AppSettings["ldap"];
public static string usr = ConfigurationManager.AppSettings["user"];
public static string pwd = ConfigurationManager.AppSettings["pwd"];
public static string baseDN = ConfigurationManager.AppSettings["ou"];
App.config
<configuration>
<appSettings>
<add key="user" value="******@domain.cn"/>
<add key="ldap" value="domain.cn"/>
<add key="ou" value="OU=******"/>
<add key="pwd" value="******"/>
<add key="mailto" value="******@domain.cn"/>
</appSettings>
</configuration>
AD.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.DirectoryServices;
using System.Data;
using System.DirectoryServices.Protocols;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using 全体员工;
namespace LDAP
{
class AD
{
//ADname :是域名,一般格式是:"LDAP://****";****为域的名字(一般是大写的英文字符串)
//Loginname: 登录域的用户名(保存在域中的名字,一般是中文名字的拼音)
//Loginpwd: 用户名对应的登录密码
//连接到域
public static DirectoryEntry entry;
public static DirectoryEntry root;
//public DirectoryEntry current;
//public static IdentityImpersonation impersonate = new IdentityImpersonation("administrator", "Mail20080318!", "hs.com");
public enum ADS_USER_FLAG_ENUM
{
///
///登录脚本标志。如果通过 ADSI LDAP 进行读或写操作时,该标志失效。如果通过 ADSI WINNT,该标志为只读。
///
ADS_UF_SCRIPT = 0X0001,
///
///用户帐号禁用标志
///
ADS_UF_ACCOUNTDISABLE = 0X0002,
///
///主文件夹标志
///
ADS_UF_HOMEDIR_REQUIRED = 0X0008,
///
///过期标志
///
ADS_UF_LOCKOUT = 0X0010,
///
///用户密码不是必须的
///
ADS_UF_PASSWD_NOTREQD = 0X0020,
///
///密码不能更改标志
///
ADS_UF_PASSWD_CANT_CHANGE = 0X0040,
///
///使用可逆的加密保存密码
///
ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,
///
///本地帐号标志
///
ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,
///
///普通用户的默认帐号类型
///
ADS_UF_NORMAL_ACCOUNT = 0X0200,
///
///跨域的信任帐号标志
///
ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,
///
///工作站信任帐号标志
///
ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,
///
///服务器信任帐号标志
///
ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,
///
///密码永不过期标志
///
ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,
///
/// MNS 帐号标志
///
ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,
///
///交互式登录必须使用智能卡
///
ADS_UF_SMARTCARD_REQUIRED = 0X40000,
///
///当设置该标志时,服务帐号(用户或计算机帐号)将通过 Kerberos 委托信任
///
ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000,
///
///当设置该标志时,即使服务帐号是通过 Kerberos 委托信任的,敏感帐号不能被委托
///
ADS_UF_NOT_DELEGATED = 0X100000,
///
///此帐号需要 DES 加密类型
///
ADS_UF_USE_DES_KEY_ONLY = 0X200000,
///
///不要进行 Kerberos 预身份验证
///
ADS_UF_DONT_REQUIRE_PREAUTH = 0X4000000,
///
///用户密码过期标志
///
ADS_UF_PASSWORD_EXPIRED = 0X800000,
///
///用户帐号可委托标志
///
ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0X1000000
}
public bool ServerCallback(LdapConnection connection, X509Certificate certificate)
{
return true;
}
public void login(string url, string username, string password)
{
//LdapConnection con = new LdapConnection(new LdapDirectoryIdentifier(url));
//con.SessionOptions.SecureSocketLayer = true;
//con.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
//con.Credential = new NetworkCredential(username, password);
//con.AuthType = AuthType.Basic;
//con.Bind();
entry = new DirectoryEntry(url, username, password,AuthenticationTypes.Secure|AuthenticationTypes.ServerBind);
// entry = new DirectoryEntry(ladp, username, password, AuthenticationTypes.Secure | AuthenticationTypes.Sealing);
root = entry;
}
public void login(string ladp)
{
entry = new DirectoryEntry(ladp);
root = entry;
}
public void dir(string path)
{
entry = entry.Children.Find(path);
}
public DirectoryEntry findDupOu(DirectoryEntry entry, string name)
{
DirectoryEntry sub_entry = GetDirectoryEntryByOU(entry, "姓名重复");
if (sub_entry != null)
{
if (checkIsNameDuplicate(sub_entry, name))
{
return findDupOu(sub_entry, name);
}
else
{
return sub_entry;
}
}
else
{
return GreateOU(entry, "姓名重复");
}
}
public DirectoryEntry GreateOU(DirectoryEntry entry, string ouname)
{
DirectoryEntry OU = entry.Children.Add("OU=" + ouname, "organizationalUnit");
OU.CommitChanges();//执行这步出错,错误提示有一个命名冲突。 (异常来自 HRESULT:0x80072037)
return OU;
}
public void addusers(DataTable dt, List<String> selected)
{
foreach (DataRow row in dt.Rows)
{
//if (row[8].ToString().Equals("帐号已存在") || row[8].ToString().Equals("OU内姓名重复"))
//string[] arr = selected.ToArray();
if (!selected.Contains(row[1].ToString()))
{
continue;
}
if (row[8].ToString().Equals("帐号已存在"))
{
DirectoryEntry ou_usr = GetOuEntryByAccount(entry, row[1].ToString());
if (ou_usr != null)
{
return;
}
DirectoryEntry usr = GetDirectoryEntryByAccount(root, row[1].ToString());
string old_ou = usr.Properties["distinguishedName"].Value.ToString();
usr.MoveTo(entry);
usr.CommitChanges();
SetPasswordByEntry(usr, row[4].ToString());
EnableUser(usr);
usr.Close();
//Log.writeline(row[0].ToString() + "(" + row[1].ToString() + ") 用户是已经存在的用户,已经从[" + old_ou + "]到目标OU[" + entry.Properties["distinguishedName"].Value.ToString() + "]并设置了初始密码与启用状态");
continue;
}
DirectoryEntry user;
if (row[8].ToString().Equals("OU内姓名重复"))
{
//1.查找有没有姓名重复单位,有返回进入这个单位重新检查里面有没有与当前姓名重复项,如果重复就再查询有没有姓名重复单位,如果有则进入这个单位继续查询直到找到一个没有重名的姓名重复单位,没有就创建一个姓名重复单位,最后返回单位
//2.在这个单位里创建这个新的用户。
DirectoryEntry dup_ou = findDupOu(entry, row[0].ToString());
user = dup_ou.Children.Add("CN=" + row[0].ToString(), "user");
user.Properties["sAMAccountName"].Value = row[1].ToString();
user.Properties["displayName"].Value = row[2].ToString();
user.Properties["description"].Value = row[3].ToString();
//user.Properties["displayName"].Value = row[4];
user.Properties["mail"].Value = row[5].ToString();
user.Properties["userPrincipalName"].Value = row[1].ToString() + "@hs.handsome.com.cn";
user.Properties["mobile"].Value = row[6].ToString();
user.Properties["physicalDeliveryOfficeName"].Value = row[7].ToString();
user.Properties["department"].Value = row[7].ToString();
//user.Properties["userAccountControl"].Value = ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT;
user.CommitChanges();
SetPasswordByAccount(row[1].ToString(), row[4].ToString());
EnableUser(user);
user.Close();
//Log.writeline(row[0].ToString() + "(" + row[1].ToString() + ") 重名用户成功导入");
}
else
{
user = entry.Children.Add("CN=" + row[0].ToString(), "user");
user.Properties["sAMAccountName"].Value = row[1].ToString();
user.Properties["displayName"].Value = row[2].ToString();
user.Properties["description"].Value = row[3].ToString();
//user.Properties["displayName"].Value = row[4];
user.Properties["mail"].Value = row[5].ToString();
user.Properties["userPrincipalName"].Value = row[1].ToString() + "@hs.handsome.com.cn";
user.Properties["mobile"].Value = row[6].ToString();
user.Properties["physicalDeliveryOfficeName"].Value = row[7].ToString();
user.Properties["department"].Value = row[7].ToString();
//user.Properties["userAccountControl"].Value = ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT;
user.CommitChanges();
SetPasswordByAccount(row[1].ToString(), row[4].ToString());
EnableUser(user);
user.Close();
//Log.writeline(row[0].ToString() + "(" + row[1].ToString() + ") 正常用户成功导入");
}
}
}
public void EnableUser(DirectoryEntry de)
{ //impersonate.BeginImpersonate();
de.Properties["userAccountControl"].Value = ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT;
//de.Properties["pwdLastSet"].Value = 0;
de.CommitChanges();
//impersonate.StopImpersonate();
de.Close();
}
public void UnlockUser(DirectoryEntry de)
{ //impersonate.BeginImpersonate();
de.Properties["userAccountControl"].Value = ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT;
de.Properties["lockoutTime"].Clear();
de.Properties["lockoutTime"].Add(0);
//de.Properties["pwdLastSet"].Value = 0;
de.CommitChanges();
//impersonate.StopImpersonate();
de.Close();
}
public void SetPasswordByAccount(string sAMAccountName, string newPassword)
{
DirectoryEntry de = GetDirectoryEntryByAccount(root, sAMAccountName);
// 模拟超级管理员,以达到有权限修改用户密码
//IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);
//impersonate.BeginImpersonate();
//userEntry.Properties["UserPassword"].Add("pa$$word")
de.Invoke("SetPassword", new object[] { newPassword });
de.Properties["pwdLastSet"].Clear();
de.Properties["pwdLastSet"].Add(0);
de.CommitChanges();
//impersonate.StopImpersonate();
de.Close();
}
public void SetPasswordByEntry(DirectoryEntry usr, string newPassword)
{
DirectoryEntry de = usr;
// 模拟超级管理员,以达到有权限修改用户密码
//IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);
//impersonate.BeginImpersonate();
//de.Properties["UserPassword"].Add(newPassword);
//de.Properties["userAccountControl"].Value = 544;
//ActiveDs.LargeInteger li=new ActiveDs.LargeInteger();
//li.LowPart=0;
//li.HighPart=0;
de.Invoke("SetPassword", new object[] { newPassword });
de.Properties["pwdLastSet"].Clear();
de.Properties["pwdLastSet"].Add(0);
de.CommitChanges();
//impersonate.StopImpersonate();
de.Close();
}
public DirectoryEntry GetContactGroupByAccount(string sAMAccountName)
{
DirectoryEntry de = entry;
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(objectClass=Group)(sAMAccountName=" + sAMAccountName + "))";
deSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path, Global.usr, Global.pwd, AuthenticationTypes.Secure | AuthenticationTypes.Sealing);
return de;
}
catch
{
return null;
}
}
public DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName)
{
DirectoryEntry de = entry;
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
deSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path, Global.usr, Global.pwd, AuthenticationTypes.Secure | AuthenticationTypes.Sealing);
return de;
}
catch
{
return null;
}
}
public DirectoryEntry GetDirectoryEntryByNo(string No)
{
DirectoryEntry de = entry;
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(description=" + No + "*))";
deSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path, Global.usr, Global.pwd, AuthenticationTypes.Secure | AuthenticationTypes.Sealing);
return de;
}
catch
{
return null;
}
}
public SearchResultCollection GetDirectoryEntryAllSearch()
{
DirectoryEntry de = entry;
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user)))";
deSearch.PageSize = 1000000;
deSearch.SizeLimit = 1000000;
deSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree;
try
{
SearchResultCollection result = deSearch.FindAll();
//List<DirectoryEntry> des=new List<DirectoryEntry>();
//de = new DirectoryEntry(result.);
//return de;
return result;
}
catch
{
return null;
}
}
public DirectoryEntry GetDirectoryEntryByAccount(DirectoryEntry entry, string sAMAccountName)
{
DirectoryEntry de = entry;
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
deSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path, Global.usr, Global.pwd, AuthenticationTypes.Secure | AuthenticationTypes.Sealing);
return de;
}
catch
{
return null;
}
}
public DirectoryEntry GetOuEntryByAccount(DirectoryEntry entry, string sAMAccountName)
{
DirectoryEntry de = entry;
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
deSearch.SearchScope = System.DirectoryServices.SearchScope.OneLevel;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path, Global.usr, Global.pwd, AuthenticationTypes.Secure | AuthenticationTypes.Sealing);
return de;
}
catch
{
return null;
}
}
public DirectoryEntry GetDirectoryEntryByOU(DirectoryEntry entry, string ou)
{
DirectoryEntry de = entry;
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(objectClass=organizationalUnit)(ou=" + ou + "))";
deSearch.SearchScope = System.DirectoryServices.SearchScope.OneLevel;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path, Global.usr, Global.pwd, AuthenticationTypes.Secure | AuthenticationTypes.Sealing);
return de;
}
catch
{
return null;
}
}
public DataSet query()
{
DataSet ds = new DataSet();
ds.Tables.Add(new DataTable());
ds.Tables[0].Columns.AddRange(new DataColumn[] {
new DataColumn("c1", Type.GetType("System.String")),
new DataColumn("c2", Type.GetType("System.String")),
new DataColumn("c3", Type.GetType("System.String")),
new DataColumn("c4", Type.GetType("System.String")),
new DataColumn("c5", Type.GetType("System.String")),
new DataColumn("c6", Type.GetType("System.String")),
new DataColumn("c7", Type.GetType("System.String")),
new DataColumn("c8", Type.GetType("System.String")),
new DataColumn("c9", Type.GetType("System.String"))});
string strFilter = "(&(objectCategory=person)(objectClass=user))";
DirectorySearcher objSearcher = new DirectorySearcher(entry, strFilter);
//排序
objSearcher.Sort = new SortOption("name", SortDirection.Ascending);
SearchResultCollection src = objSearcher.FindAll();
foreach (SearchResult sr in src)
{
DataRow row = ds.Tables[0].NewRow();
row[0] = sr.Properties["name"][0].ToString();
row[1] = sr.Properties["sAMAccountName"][0].ToString();
row[2] = sr.Properties["displayName"][0].ToString();
row[3] = sr.Properties["description"].Count > 0 ? sr.Properties["description"][0] : "无";
row[4] = "******";
row[5] = sr.Properties["mail"].Count > 0 ? sr.Properties["mail"][0] : "无";
row[6] = sr.Properties["mobile"].Count > 0 ? sr.Properties["mobile"][0] : "无";
//try
//{
row[7] = sr.Properties["physicalDeliveryOfficeName"].Count > 0 ? sr.Properties["physicalDeliveryOfficeName"][0] : "无";
//}
//catch (Exception e2)
//{
// row[7] = "";
//}
//row.AcceptChanges();
ds.Tables[0].Rows.Add(row);
}
return ds;
}
//public static string convertToaccount(string name, string no)
//{
// string account = "";
// if (name.Length <= 2)
// {
// account = PingYinHelper.ConvertToAllSpell(name) + no;
// }
// else
// {
// account = PingYinHelper.ConvertToAllSpell(name.Substring(0, 1)) + PingYinHelper.GetFirstSpell(name.Substring(1, name.Length - 1)) + no;
// }
// return account;
//}
public static string convertTopassword(string id)
{
string password = "";
if (!string.IsNullOrEmpty(id))
{
password = "hs@" + id.Substring(id.Length - 8, 8);
}
return password;
}
public bool checkIsNameDuplicate(string name)
{
DirectoryEntry de = entry;
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + name + "))";
deSearch.SearchScope = System.DirectoryServices.SearchScope.OneLevel;
try
{
SearchResult result = deSearch.FindOne();
//de = new DirectoryEntry(result.Path);
if (result != null)
return true;
}
catch
{
return false;
}
return false;
}
public bool checkIsNameDuplicate(DirectoryEntry sub_entry, string name)
{
DirectoryEntry de = sub_entry;
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + name + "))";
deSearch.SearchScope = System.DirectoryServices.SearchScope.OneLevel;
try
{
SearchResult result = deSearch.FindOne();
//de = new DirectoryEntry(result.Path);
if (result != null)
return true;
}
catch
{
return false;
}
return false;
}
public bool checkIsNoDuplicate(string no)
{
DirectoryEntry de = root;
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + no + "))";
deSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
//de = new DirectoryEntry(result.Path);
if (result != null)
return true;
}
catch
{
return false;
}
return false;
}
public DateTime ConvertFromLong(ActiveDs.LargeInteger time)
{
System.Type type = time.GetType();
int highPart = time.HighPart;
int lowPart = time.LowPart;
long t = (long)highPart << 32 | (uint)lowPart;
//long t = (long)highPart;
try
{
if (t != 0)
return System.DateTime.FromFileTime(t);
else
return System.DateTime.MinValue;
}
catch
{
return System.DateTime.MinValue;
}
}
public bool IsDisabled(int userAccContr)
{
if (userAccContr >= 16777216) //TRUSTED_TO_AUTH_FOR_DELEGATION - 允许该帐户进行委派
{
userAccContr = userAccContr - 16777216;
}
if (userAccContr >= 8388608) //PASSWORD_EXPIRED - (Windows 2000/Windows Server 2003) 用户的密码已过期
{
userAccContr = userAccContr - 8388608;
}
if (userAccContr >= 4194304) //DONT_REQ_PREAUTH
{
userAccContr = userAccContr - 4194304;
}
if (userAccContr >= 2097152) //USE_DES_KEY_ONLY - (Windows 2000/Windows Server 2003) 将此用户限制为仅使用数据加密标准 (DES) 加密类型的密钥
{
userAccContr = userAccContr - 2097152;
}
if (userAccContr >= 1048576) //NOT_DELEGATED - 设置此标志后,即使将服务帐户设置为信任其进行 Kerberos 委派,也不会将用户的安全上下文委派给该服务
{
userAccContr = userAccContr - 1048576;
}
if (userAccContr >= 524288) //TRUSTED_FOR_DELEGATION - 设置此标志后,将信任运行服务的服务帐户(用户或计算机帐户)进行 Kerberos 委派。任何此类服务都可模拟请求该服务的客户端。若要允许服务进行 Kerberos 委派,必须在服务帐户的 userAccountControl 属性上设置此标志
{
userAccContr = userAccContr - 524288;
}
if (userAccContr >= 262144) //SMARTCARD_REQUIRED - 设置此标志后,将强制用户使用智能卡登录
{
userAccContr = userAccContr - 262144;
}
if (userAccContr >= 131072) //MNS_LOGON_ACCOUNT - 这是 MNS 登录帐户
{
userAccContr = userAccContr - 131072;
}
if (userAccContr >= 65536) //DONT_EXPIRE_PASSWORD-密码永不过期
{
userAccContr = userAccContr - 65536;
}
if (userAccContr >= 2097152) //MNS_LOGON_ACCOUNT - 这是 MNS 登录帐户
{
userAccContr = userAccContr - 2097152;
}
if (userAccContr >= 8192) //SERVER_TRUST_ACCOUNT - 这是属于该域的域控制器的计算机帐户
{
userAccContr = userAccContr - 8192;
}
if (userAccContr >= 4096) //WORKSTATION_TRUST_ACCOUNT - 这是运行 Microsoft Windows NT 4.0 Workstation、Microsoft Windows NT 4.0 Server、Microsoft Windows 2000 Professional 或 Windows 2000 Server 并且属于该域的计算机的计算机帐户
{
userAccContr = userAccContr - 4096;
}
if (userAccContr >= 2048) //INTERDOMAIN_TRUST_ACCOUNT - 对于信任其他域的系统域,此属性允许信任该系统域的帐户
{
userAccContr = userAccContr - 2048;
}
if (userAccContr >= 512) //NORMAL_ACCOUNT - 这是表示典型用户的默认帐户类型
{
userAccContr = userAccContr - 512;
}
if (userAccContr >= 256) //TEMP_DUPLICATE_ACCOUNT - 此帐户属于其主帐户位于另一个域中的用户。此帐户为用户提供访问该域的权限,但不提供访问信任该域的任何域的权限。有时将这种帐户称为“本地用户帐户”
{
userAccContr = userAccContr - 256;
}
if (userAccContr >= 128) //ENCRYPTED_TEXT_PASSWORD_ALLOWED - 用户可以发送加密的密码
{
userAccContr = userAccContr - 128;
}
if (userAccContr >= 64) //PASSWD_CANT_CHANGE - 用户不能更改密码。可以读取此标志,但不能直接设置它
{
userAccContr = userAccContr - 64;
}
if (userAccContr >= 32) //PASSWD_NOTREQD - 不需要密码
{
userAccContr = userAccContr - 32;
}
if (userAccContr >= 16) //LOCKOUT
{
userAccContr = userAccContr - 16;
}
if (userAccContr >= 8) //HOMEDIR_REQUIRED - 需要主文件夹
{
userAccContr = userAccContr - 8;
}
//if (userAccContr >= 2) //ACCOUNTDISABLE - 禁用用户帐户
//{
// userAccContr = userAccContr - 2;
//}
//if (userAccContr >= 1) //SCRIPT - 将运行登录脚本
//{
// userAccContr = userAccContr - 1;
//}
if (userAccContr >= 2)
{
return true;
}
return false;
}
}
}