添加用户的方法比较简单,但用户的属性配置比较难找。
这里配置了新建用户时,属性-常规中的姓,名,英文缩写,显示名称,描述;
属性-账户中的登录名,密码,密码永不过期,下次登录须修改密码;
属性-隶属于中的组。
1.新建添加用户入参实体
public class ADUserDto
{
/// <summary>
/// 登录名
/// </summary>
public string UserName { get; set; }
/// <summary>
/// 密码
/// </summary>
public string UserPwd { get; set; }
/// <summary>
/// 姓
/// </summary>
public string FirstName { get; set; }
/// <summary>
/// 名
/// </summary>
public string LastName { get; set; }
/// <summary>
/// 英文缩写
/// </summary>
public string Initials { get; set; }
/// <summary>
/// 显示名称
/// </summary>
public string DisplayName { get; set; }
/// <summary>
/// 描述
/// </summary>
public string Description { get; set; }
/// <summary>
/// 密码永不过期
/// </summary>
public bool NeverExpires { get; set; }
/// <summary>
/// 下次登录须修改密码
/// </summary>
public bool NextLogonChangePsw { get; set; }
/// <summary>
/// 是否启用
/// </summary>
public bool IsEnable { get; set; }
/// <summary>
/// 路径名称
/// </summary>
public string PathName { get; set; }
/// <summary>
/// 路径类型
/// </summary>
public string PathType { get; set; }
/// <summary>
/// 组名
/// </summary>
public string[] GroupName { get; set; }
}
2.新建添加用户方法
#region 添加AD用户
/// <summary>
/// 添加AD用户
/// </summary>
/// <param name="dto">ADUserDto</param>
/// <returns></returns>
public async Task<JsonView> AddUser(ADUserDto dto)
{
var result = new JsonView();
using (DirectoryEntry entry = operateADHelper.IsConnected())
{
try
{
if (dto.NeverExpires == true && dto.NextLogonChangePsw == true)
{
result.Code = 1;
result.Msg = "你选择了密码永不过期,下次登陆时无需更改密码";
return result;
}
if (dto.UserName.Any() && dto.UserPwd.Any())
{
string DisplayName;//显示名称
if (dto.DisplayName.Any())
{
DisplayName = dto.DisplayName;
}
else if (dto.FirstName.Any() || dto.LastName.Any() || dto.Initials.Any())
{
DisplayName = dto.FirstName + dto.LastName + dto.Initials;
}
else
{
DisplayName = dto.UserName;
}
//通过参数PathName(PathName你想在哪级目录下添加用户的目录名称)查询路径
string Path = "";
if (dto.PathName.Any() && dto.PathType.Any())
{
Path = "," + GetEntryPath(dto.PathName, dto.PathType);//获取路径
}
//增加账户到域中
string UserPath = "CN=" + DisplayName + Path;
DirectoryEntry NewUser = entry.Children.Add(UserPath, "user");
NewUser.Properties["sAMAccountName"].Add(dto.UserName); //存储帐户名 与登录名保持一致
NewUser.Properties["userPrincipalName"].Value = dto.UserName; //登录名
if (dto.FirstName.Any())
NewUser.Properties["sn"].Value = dto.FirstName;//姓
if (dto.LastName.Any())
NewUser.Properties["givenName"].Value = dto.LastName;//名
if (dto.Initials.Any())
NewUser.Properties["initials"].Value = dto.Initials;//英文缩写
if (dto.DisplayName.Any())
NewUser.Properties["displayName"].Value = DisplayName;//显示名称
if (dto.Description.Any())
NewUser.Properties["description"].Value = dto.Description;//描述
NewUser.CommitChanges();
//设置密码
NewUser.Invoke("SetPassword", new object[] { dto.UserPwd });
if (dto.GroupName.Any())
{
foreach (var name in dto.GroupName)
{
string GroupPath = GetEntryPath(name,"group");
if (GroupPath.Any())
{
DirectoryEntry group = entry.Children.Find(GroupPath, "Group");//
group.Properties["member"].Add(NewUser.Properties["distinguishedName"].Value);//将用户添加到用户组里
group.CommitChanges();
}
else
{
//await DelUser(dto.UserName);//删除用户
result.Code = 1;
result.Msg = "用户添加失败,未找到该用户组请检查用户组名称";
return result;
}
}
}
//必须按照在用户计算机目录的操作先设置密码再设置userAccountControl属性
if (dto.NextLogonChangePsw == true)
{
NewUser.Properties["pwdLastSet"].Value = 0;//用户下次登陆时需修改密码
}
int userAccountControl = 0;//userAccountControl多个属性
if (dto.NeverExpires == true && dto.NextLogonChangePsw == false)
{
userAccountControl = userAccountControl + (int)ADUserEnum.ADS_UF_DONT_EXPIRE_PASSWD;//密码永不过期
}
if (dto.IsEnable == true)
{
userAccountControl = userAccountControl + (int)ADUserEnum.NORMAL_ACCOUNT;//启用账户
}
if (dto.IsEnable == false)
{
userAccountControl = userAccountControl + (int)ADUserEnum.ADS_UF_ACCOUNTDISABLE;//禁用账户
}
NewUser.Properties["userAccountControl"].Value = userAccountControl;
NewUser.CommitChanges();
result.Code = 0;
result.Msg = "用户添加成功";
return result;
}
else
{
await DelUser(dto.UserName);//删除用户
result.Code = 1;
result.Msg = "用户添加失败,用户名称和密码不能为空";
return result;
}
}
catch (DirectoryServicesCOMException ex)
{
await DelUser(dto.UserName);//删除用户
result.Code = 1;
result.Msg = "用户添加失败," + ex.Message.ToString();
return result;
}
}
}
#endregion