C# 操作域 用管理员登录修改选定账户密码

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Configuration;

using System.DirectoryServices;

using System.Security.Principal;

using System.Runtime.InteropServices;

namespace Common

{    

public class DomainManage    

{        

#region 定义相关参数        

///        

///域名        

/// private static string DomainName = "UFIDA";        

private static string DomainName = ConfigurationManager.AppSettings["DomainName"].ToString();

 

///        

/// LDAP绑定路径        

/// private static string ADPath = LDAP://192.168.8.199;        

private static string ADPath = "LDAP://" + ConfigurationManager.AppSettings["ADPath"].ToString();

 ///        

///登录帐号        

/// private static string ADUser = "administrator";        

private static string ADUser = ConfigurationManager.AppSettings["ADUser"].ToString();

       

///        

///登录密码        

///        

private static string ADPassword = ConfigurationManager.AppSettings["ADPassword"].ToString();

       

#endregion

#region 相关方法        

///        

///获得DirectoryEntry对象实例,以管理员登陆AD        

///        

private static DirectoryEntry GetDirectoryObject()        

{            

DirectoryEntry entry = new DirectoryEntry(ADPath, ADUser, ADPassword, AuthenticationTypes.Secure);            

return entry;        

}

       

///        

///根据用户帐号称取得用户的 对象        

///用户帐号名        

///如果找到该用户，则返回用户的 对象；否则返回 null        

public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName)        

{            

DirectoryEntry de = GetDirectoryObject();            

DirectorySearcher deSearch = new DirectorySearcher(de);            

deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";            

deSearch.SearchScope = SearchScope.Subtree;

           

try            

{                

SearchResult result = deSearch.FindOne();                

de = new DirectoryEntry(result.Path);                

return de;            

}            

catch           

  {                

return null;            

}        

}

       

///        

///设置帐号密码，管理员可以通过它来修改指定帐号的密码。        

///        

///用户帐号        

///用户新密码        

public static void SetPasswordByAccount(string sAMAccountName, string newPassword)        

{            

DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);

           

// 模拟超级管理员，以达到有权限修改用户密码            

IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPassword, DomainName);            

impersonate.BeginImpersonate();            

de.Invoke("SetPassword", new object[] { newPassword });            

impersonate.StopImpersonate();            

de.Close();        

}        

#endregion

   

}

   

#region 用户模拟角色类。实现在程序段内进行用户角色模拟。    

///    

///用户模拟角色类。实现在程序段内进行用户角色模拟。    

///    

public class IdentityImpersonation    

{        

[DllImport("advapi32.dll", SetLastError = true)]        

public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

 [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]        

public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);

       

[DllImport("kernel32.dll", CharSet = CharSet.Auto)]        

public extern static bool CloseHandle(IntPtr handle);

       

// 要模拟的用户的用户名、密码、域(机器名)        

private String _sImperUsername;        

private String _sImperPassword;        

private String _sImperDomain;        

// 记录模拟上下文        

private WindowsImpersonationContext _imperContext;        

private IntPtr _adminToken;        

private IntPtr _dupeToken;        

// 是否已停止模拟         private Boolean _bClosed;

       

///构造函数        

///所要模拟的用户的用户名        

///所要模拟的用户的密码        

///所要模拟的用户所在的域        

public IdentityImpersonation(String impersonationUsername, String impersonationPassword, String impersonationDomain)        

{            

_sImperUsername = impersonationUsername;            

_sImperPassword = impersonationPassword;            

_sImperDomain = impersonationDomain;

           

_adminToken = IntPtr.Zero;            

_dupeToken = IntPtr.Zero;            

_bClosed = true;        

}

       

///        

///析构函数        

///        

~IdentityImpersonation()        

{            

if (!_bClosed)            

{                

StopImpersonate();            

}        

}

       

///        

///开始身份角色模拟。        

///        

///        

public Boolean BeginImpersonate()        

{            

Boolean bLogined = LogonUser(_sImperUsername, _sImperDomain, _sImperPassword, 9, 0, ref _adminToken);

           

if (!bLogined)             {                 return false;             }

           

Boolean bDuped = DuplicateToken(_adminToken, 2, ref _dupeToken);

           

if (!bDuped)             {                 return false;             }

           

WindowsIdentity fakeId = new WindowsIdentity(_dupeToken);            

_imperContext = fakeId.Impersonate();

           

_bClosed = false;

           

return true;        

}

       

///        

///停止身分角色模拟。        

///        

public void StopImpersonate()        

{            

_imperContext.Undo();            

CloseHandle(_dupeToken);          

   CloseHandle(_adminToken);            

_bClosed = true;        

}    

}    

#endregion

}

转载于:https://www.cnblogs.com/publicpublic/p/3286898.html