我已经搜索了很长一段时间如何设置/更改密码以及撤销/恢复用户,但尚未找到真正适合我的解决方案。
我开始倾向于将跨域作为问题所在,尽管我可以通过编程方式创建/删除/更新甚至连接/断开用户与组的连接。
基本上,我尝试了以下方法:
DirectoryEntry account = new DirectoryEntry("LDAP://" + adHostname + "/" + dn, adUserName, adPassword);
account.Invoke("SetPassword", "Password1");
account.Properties["LockOutTime"].Value = 0;
account.CommitChanges();
还有
account.Invoke("SetPassword", new object[] { "Password1" });
他们最终都抛出错误“一个或多个输入参数无效\r\n”
然后我尝试使用使用主体上下文的 .NET 3.5 方法。
using (var context = new PrincipalContext(ContextType.Domain, adHostname, myContainer, ContextOptions.SimpleBind, adUserName, adPassword))
{
using (var user = UserPrincipal.FindByIdentity(context, account.Properties["sAMAccountName"].Value.ToString()))
{
user.SetPassword(password);
}
}
这种方法也会抛出与上述相同的错误。如果我改变一些东西(我似乎不记得我尝试过的所有组合),它有时会抛出“发生本地错误”COM 异常。
非常感谢任何帮助。
## 使用工作解决方案进行编辑 ##
using System.DirectoryServices.Protocols;
LdapDirectoryIdentifier identifier = new LdapDirectoryIdentifier(_adHostname, 636);
NetworkCredential credential = new NetworkCredential(_adUserName, _adPassword);
string password = "MyRandomComplexPassword";
using (LdapConnection connection = new LdapConnection(identifier, credential))
{
connection.SessionOptions.SecureSocketLayer = true;
connection.SessionOptions.VerifyServerCertificate += delegate { return true; };
connection.AuthType = AuthType.Basic;
connection.Bind(credential);
DirectoryAttributeModification modPwd = new DirectoryAttributeModification();
modPwd.Operation = DirectoryAttributeOperation.Replace;
modPwd.Name = "unicodePwd";
modPwd.Add(Encoding.Unicode.GetBytes("\"" + password + "\""));
DirectoryAttributeModification[] dMods = new DirectoryAttributeModification[1];
dMods[0] = modPwd;
ModifyRequest modReq = new ModifyRequest(accountDN, dMods);
DirectoryResponse pwdModResponse;
pwdModResponse = connection.SendRequest(modReq);
}
最佳答案
“new DirectoryEntry”不绑定(bind)用户账号。需要搜索用户设置密码。像这样:
DirectoryEntry account = new DirectoryEntry("LDAP://" + adHostname + "/" + dn, null, null, AuthenticationTypes.Secure | AuthenticationTypes.Sealing | AuthenticationTypes.Signing);
DirectorySearcher search = new DirectorySearcher(account);
search.Filter = "(&(objectClass=user)(sAMAccountName=" + adUserName + "))";
account = search.FindOne().GetDirectoryEntry();
account.Invoke("SetPassword", "Password1");
account.Properties["LockOutTime"].Value = 0;
account.CommitChanges();
关于c# - 如何使用 C# .NET 跨域设置/更改 Active Directory 用户密码?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22261176/