C # Operations Active Directory (AD) detailed

. NET provides specialized class action AD, this article details how to operate AD using C #.

First, the system environment

System environment: Windows Server R2, VS2010,. Net Framework 4.0

Server IP for AD Server:ldap

Basic dn:ou=user,dc=company,dc=com

Administrator to log in: Peter

Password: ab#cd%1234

Second, the procedure

1. Reference

. NET to manipulate ad classes under namespace System.DirectoryServices, you need to refer to that class.

2. Connection

To operate the ad, you first need to connect to the ad, just like you want to manipulate the data before connecting to the database.

<summary>////        Get DirectoryEntry object instance, login AD///</summary>//        <returns></with admin        Returns>        private static DirectoryEntry GetDirectoryObject ()        {            DirectoryEntry entry = null;            Try            {                entry = new DirectoryEntry ("ldap://10.10.10.16", "Peter", "ab#cd%1234", authenticationtypes.secure);            }            catch (Exception ex)            {            }            return entry;        }

3. Inquire

Get specific users based on a variety of criteria. The following example gets an object based on a public name.

<summary>/////        for user's object according to user's public name///</summary>//        <param name= "commonname" > User public Name </param>///        <returns> Returns the user's object if the user is found, otherwise returns null</returns> public        static DirectoryEntry Getdirectoryentry (String commonname)        {            DirectoryEntry de = GetDirectoryObject ();            DirectorySearcher desearch = new DirectorySearcher (DE);            Desearch.filter = "(& (& (Objectcategory=person) (Objectclass=user)) (cn=" + commonname.replace ("\ \", "") + "))";            desearch.searchscope = searchscope.subtree;            Try            {                SearchResult result = Desearch.findone ();                de = new DirectoryEntry (result. Path);                Return de;            }            catch (Exception ex)            {                return null;            }        }

4. Modify User

Modify the value of the entity to which you are querying, and then save the modified record to AD. Note There are two ways to save properties. Please refer to help for the specific type of use.

1) Modify properties directly

2) trigger the ad's built-in function via invoke

<summary>///Modify the query to the user///</summary>//<param name= "commonname" > Common name (displayn Ame, the Chinese characters displayed in the system) </param>//<param name= "Account" > username (e.g. Peter) </param>//<param name= "O Rganizename "> Organizational unit name (Information Center) </param>//<param name=" password "> password </param> public static St Ring Changeadaccount (String commonname, string account, string password) {//get the corresponding AD entity Directo            Ryentry user = Getdirectoryentry (commonname);                try {adhelper.setproperty (user, "sAMAccountName", account); User.                Invoke ("SetPassword", new object[] {password});            User.commitchanges ();            } catch (Exception e) {throw e; } return user.        Path;        }///<summary>//Set the specified attribute value///</summary>//<param name= "de" ></param> ///<param name= "PropertyName" > Property name?</param>//<param name= "PropertyValue" > Property values </param> public static void SetProperty (DirectoryEntry de, String propertyname, String propertyvalue) {if (DE .                    Properties.contains (PropertyName)) {if (String.IsNullOrEmpty (PropertyValue)) { De. Properties[propertyname].                RemoveAt (0); } else {de.                Properties[propertyname][0] = PropertyValue; }}} else {if (! String.IsNullOrEmpty (PropertyValue)) {de. Properties[propertyname].                ADD (PropertyValue); }            }        }

5. Modify an OU

1) Get the OU

DirectoryEntry ouentry = new DirectoryEntry (Getorganizenamepath (Ouname), "Peter", "ab#cd%1234", Authenticationtypes.secure);        <summary>///Get OU path///</summary>//        <param name= "organizeunit" >ou name </ param>        //<returns></returns> public static string Getorganizenamepath (String organizeunit)        {            StringBuilder sb = new StringBuilder ();            Sb. Append (ADPath);            Sb. Append ("/");            Return SB. Append (SPLITORGANIZENAMETODN (Organizeunit)). ToString ();        }

2) Modify an OU item

Ouentry.rename ("ou=" + newouname);        Ouentry.commitchanges ();

3) Delete OU

DirectoryEntry ouparent = ouentry.parent;        OUParent.Children.Remove (ouentry);        Ouparent.commitchanges ();

6. Modify Group

1) Get Group

 <summary>//Get ad group///</summary>//<param name= "GroupName" ></param>  <param name= "Organizeunit" ></param>///<returns></returns> public static DirectoryEntry Getadgroupinou (String groupName, String organizeunit) {if (! String.IsNullOrEmpty (GroupName)) {DirectoryEntry de = new DirectoryEntry (Getorganizenamepath (or                Ganizeunit), "Peter", "ab#cd%1234", authenticationtypes.secure);;                DirectorySearcher desearch = new DirectorySearcher (DE);                Desearch.filter = "(& (Objectclass=group) (cn=" + groupname.replace ("\ \", "") + "))";                Desearch.searchscope = Searchscope.subtree;                    try {searchresult result = Desearch.findone (); if (result! = null) {de = new DirectoryEntry (Result). Path, AdminName, AdminPassWord);                    } else {return null;                } return de;                } catch (Exception ex) {return null;            }} else {return null; }        }

2) Management Group members

Group. properties["Member"]. ADD (user. properties["distinguishedname"]. Value); group. properties["Member"]. Remove (user. properties["distinguishedname"]. Value);

Third, view the ad user Properties results

After modifying the user property in the program, we want to check if it has been modified, there are three ways to view the user property in AD:

1. Active Directory Users and Computers

Open Active Directory Users and Computers, select a user, right-click the properties page that the user chooses to display as shown in the properties. Only some of the commonly used properties can be seen on this property page.

2. Exchange Management Console

Open Exchange Management Console, select a user, right-click the user-selected property that appears as shown in the Properties page. Click the Customer Attributes button to view the custom properties.

3. Adsiedit.msc

The properties you see in both of these ways are incomplete, and you need to use the Adsiedit.msc tool to see all the properties.

Open this tool after entering Adsiedit.msc in the Run window. Select a user, right-click the User Selection property displayed as shown in the Properties page.

Category: ASP., operating system Tags: C #, action, Active Directory Green channel: Good text to top concern my collection this article contact me Wang Linbo
Follow-1
Fans-8 + plus attention10(Please comment on the article) «Previous article:. NET project cannot be compiled after adding DLL references
» Next: Borrowing jquery to implement a separator bar in a Web page posted @2012-08-06 17:17 Wang Linbo Read (7422) Comment (8) Edit Collection

C # Operations Active Directory (AD) detailed