gpt4 book ai didi

c# - 如何使用 C# .NET 跨域设置/更改 Active Directory 用户密码?

转载 作者:可可西里 更新时间:2023-11-01 08:29:57 27 4
gpt4 key购买 nike

我已经搜索了很长一段时间如何设置/更改密码以及撤销/恢复用户,但尚未找到真正适合我的解决方案。

我开始倾向于将跨域作为问题所在,尽管我可以通过编程方式创建/删除/更新甚至连接/断开用户与组的连接。

基本上,我尝试了以下方法:

DirectoryEntry account = new DirectoryEntry("LDAP://" + adHostname + "/" + dn, adUserName, adPassword);

account.Invoke("SetPassword", "Password1");
account.Properties["LockOutTime"].Value = 0;
account.CommitChanges();

还有

account.Invoke("SetPassword", new object[] { "Password1" });

他们最终都抛出错误“一个或多个输入参数无效\r\n”

然后我尝试使用使用主体上下文的 .NET 3.5 方法。

using (var context = new PrincipalContext(ContextType.Domain, adHostname, myContainer, ContextOptions.SimpleBind, adUserName, adPassword))
{
using (var user = UserPrincipal.FindByIdentity(context, account.Properties["sAMAccountName"].Value.ToString()))
{
user.SetPassword(password);
}
}

这种方法也会抛出与上述相同的错误。如果我改变一些东西(我似乎不记得我尝试过的所有组合),它有时会抛出“发生本地错误”COM 异常。

非常感谢任何帮助。


## 使用工作解决方案进行编辑 ##

using System.DirectoryServices.Protocols;

LdapDirectoryIdentifier identifier = new LdapDirectoryIdentifier(_adHostname, 636);
NetworkCredential credential = new NetworkCredential(_adUserName, _adPassword);

string password = "MyRandomComplexPassword";


using (LdapConnection connection = new LdapConnection(identifier, credential))
{
connection.SessionOptions.SecureSocketLayer = true;
connection.SessionOptions.VerifyServerCertificate += delegate { return true; };
connection.AuthType = AuthType.Basic;
connection.Bind(credential);

DirectoryAttributeModification modPwd = new DirectoryAttributeModification();
modPwd.Operation = DirectoryAttributeOperation.Replace;
modPwd.Name = "unicodePwd";
modPwd.Add(Encoding.Unicode.GetBytes("\"" + password + "\""));

DirectoryAttributeModification[] dMods = new DirectoryAttributeModification[1];
dMods[0] = modPwd;

ModifyRequest modReq = new ModifyRequest(accountDN, dMods);

DirectoryResponse pwdModResponse;
pwdModResponse = connection.SendRequest(modReq);
}

最佳答案

“new DirectoryEntry”不绑定(bind)用户账号。需要搜索用户设置密码。像这样:

DirectoryEntry account = new DirectoryEntry("LDAP://" + adHostname + "/" + dn, null, null, AuthenticationTypes.Secure | AuthenticationTypes.Sealing | AuthenticationTypes.Signing);

DirectorySearcher search = new DirectorySearcher(account);
search.Filter = "(&(objectClass=user)(sAMAccountName=" + adUserName + "))";
account = search.FindOne().GetDirectoryEntry();

account.Invoke("SetPassword", "Password1");
account.Properties["LockOutTime"].Value = 0;
account.CommitChanges();

关于c# - 如何使用 C# .NET 跨域设置/更改 Active Directory 用户密码?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22261176/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com