于是用c#批量建立用户,发现这样两个比较棘手的问题:
1. 如何设置用户名初始密码
2. 如何设置“用户下次登陆时须更改密码”不选中(缺省选中)
最终的测试建立用户的代码如下:
DirectoryEntry AD = new DirectoryEntry("LDAP://dc=cnblogs,dc=com", "administrator", "pa$$word", AuthenticationTypes.Secure);
DirectorySearcher searcher = new DirectorySearcher(AD);
searcher.Filter = String.Format("ou={0}", "Blogs");
SearchResult result = searcher.FindOne();
if (result != null)
{
string saMaccountName = "tester";
string displayName = "测试创建";
DirectoryEntry userEntry = result.GetDirectoryEntry().Children.Add(String.Format("CN={0}", samAccountName), "User");
userEntry.Properties["sAMAccountName"].Add(samAccountName);
userEntry.Properties["displayName"].Add(displayName);
userEntry.Properties["UserPassword"].Add("pa$$word");
userEntry.Properties["userAccountControl"].Value = 544;
userEntry.Properties["pwdLastSet"].Value = -1;
userEntry.CommitChanges();
userEntry.Invoke("SetPassword", new object[] { "pa$$word" });
}
注意两点:
1. userEntry.Invoke("SetPassword",new object[] {"pa$$word"}); 一定要在userEntry.CommitChanges();之后才能成功调用;
2.userEntry.Properties["pwdLastSet"].Value = -1; 设置“用户下次登陆时须更改密码”不选中,参考一下链接
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/modifying_user_cannot_change_password_ldap_provider.asp