可以通过LDAP的方式进行操作的。如下代码:
新建AD用户:
System.DirectoryServices.DirectoryEntry myDirectoryEntry = ent.Children.Add("CN=" + usr.SAMAccountName, "user");
ADEntityControls.SetProperty(myDirectoryEntry, "distinguishedName", usr.DistinguishedName);
ADEntityControls.SetProperty(myDirectoryEntry, "name", usr.Name);
ADEntityControls.SetProperty(myDirectoryEntry, "displayName", usr.DisplayName);
ADEntityControls.SetProperty(myDirectoryEntry, "sAMAccountName", usr.SAMAccountName);
ADEntityControls.SetProperty(myDirectoryEntry, "sn", usr.Sn);
ADEntityControls.SetProperty(myDirectoryEntry, "givenName", usr.GivenName);
ADEntityControls.SetProperty(myDirectoryEntry, "physicalDeliveryOfficeName", usr.PhysicalDeliveryOfficeName);
ADEntityControls.SetProperty(myDirectoryEntry, "telephoneNumber", usr.TelephoneNumber);
ADEntityControls.SetProperty(myDirectoryEntry, "description", usr.Description);
ADEntityControls.SetProperty(myDirectoryEntry, "comment", usr.Department);
ADEntityControls.SetProperty(myDirectoryEntry, "Mobile", usr.Mobile);
ADEntityControls.SetProperty(myDirectoryEntry, "mail", usr.Mail);
ADEntityControls.SetProperty(myDirectoryEntry, "objectVersion", usr.ExtensionAttribute1);
ADEntityControls.SetProperty(myDirectoryEntry, "revision", usr.ExtensionAttribute2);
ADEntityControls.SetProperty(myDirectoryEntry, "scriptPath", usr.ExtensionAttribute3);
ADEntityControls.SetProperty(myDirectoryEntry, "roomNumber", usr.ExtensionAttribute4);
ADEntityControls.SetProperty(myDirectoryEntry, "userAccountControl", "544");
myDirectoryEntry.CommitChanges();
SetUserPassword(myDirectoryEntry, password);
myDirectoryEntry.CommitChanges();
myDirectoryEntry.Close();
myDirectoryEntry.Dispose();
移除用户:
DirectoryEntry usrentry = ADEntityControls.GetEntry(ads, "(&(objectClass=user)(objectCategory=Person)(sAMAccountName=" + SAMAccountName + "))", SearchScope.Subtree);
if (usrentry != null)
{
usrentry.Parent.Children.Remove(usrentry);
usrentry.Close();
usrentry.Dispose();
return !ExistUser(ads, SAMAccountName);
}
修改密码:
public static void SetUserPassword(DirectoryEntry oDE, string Password)
{
if (oDE != null)
{
try
{
oDE.Invoke("SetPassword", new object[] { Password });
}
catch (System.Exception)
{
}
}
}