C# active-directory directoryservices attributes

如何确定用户帐户是否启用或禁用

发布于 2024-08-17 00:39:12 字数 904 浏览 9 评论 0原文

我正在编写一个快速的 C# win 表单应用程序来帮助解决重复性的文书工作。

我已在 AD 中搜索所有用户帐户，并将它们添加到带有复选框的列表视图中。

我想默认 listviewitems 的默认检查状态取决于帐户的启用/禁用状态。

string path = "LDAP://dc=example,dc=local";
DirectoryEntry directoryRoot = new DirectoryEntry(path);
DirectorySearcher searcher = new DirectorySearcher(directoryRoot,
    "(&(objectClass=User)(objectCategory=Person))");
SearchResultCollection results = searcher.FindAll();
foreach (SearchResult result in results)
{
    DirectoryEntry de = result.GetDirectoryEntry();
    ListViewItem lvi = new ListViewItem(
        (string)de.Properties["SAMAccountName"][0]);
    // lvi.Checked = (bool) de.Properties["AccountEnabled"]
    lvwUsers.Items.Add(lvi);
}

我正在努力寻找正确的属性来解析以从 DirectoryEntry 对象获取帐户的状态。我搜索了 AD 用户属性，但没有找到任何有用的内容。

任何人都可以提供任何指示吗？

原文

I am throwing together a quick C# win forms app to help resolve a repetitive clerical job.

I have performed a search in AD for all user accounts and am adding them to a list view with check boxes.

I would like to default the listviewitems' default check state to depend upon the enabled/disabled state of the account.

string path = "LDAP://dc=example,dc=local";
DirectoryEntry directoryRoot = new DirectoryEntry(path);
DirectorySearcher searcher = new DirectorySearcher(directoryRoot,
    "(&(objectClass=User)(objectCategory=Person))");
SearchResultCollection results = searcher.FindAll();
foreach (SearchResult result in results)
{
    DirectoryEntry de = result.GetDirectoryEntry();
    ListViewItem lvi = new ListViewItem(
        (string)de.Properties["SAMAccountName"][0]);
    // lvi.Checked = (bool) de.Properties["AccountEnabled"]
    lvwUsers.Items.Add(lvi);
}

I'm struggling to find the right attribute to parse to get the state of the account from the DirectoryEntry object. I've searched for AD User attributes, but not found anything useful.

Can anyone offer any pointers?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

愛上了 2024-08-24 00:39:12

这里的代码应该可以工作...

private bool IsActive(DirectoryEntry de)
{
  if (de.NativeGuid == null) return false;

  int flags = (int)de.Properties["userAccountControl"].Value;

  return !Convert.ToBoolean(flags & 0x0002);
}

this code here should work...

private bool IsActive(DirectoryEntry de)
{
  if (de.NativeGuid == null) return false;

  int flags = (int)de.Properties["userAccountControl"].Value;

  return !Convert.ToBoolean(flags & 0x0002);
}

回复收藏 0 原文

╰◇生如夏花灿烂 2024-08-24 00:39:12

使用 System.DirectoryServices.AccountManagement：
域名和用户名必须是域名和用户名的字符串值。

using (var domainContext = new PrincipalContext(ContextType.Domain, domainName))
{
    using (var foundUser = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, username)) 
    {
        if (foundUser.Enabled.HasValue) 
        {
            return (bool)foundUser.Enabled;
        }
        else
        {
            return true; //or false depending what result you want in the case of Enabled being NULL
        }
    }
}

Using System.DirectoryServices.AccountManagement:
domainName and username must be the string values of the domain and username.

using (var domainContext = new PrincipalContext(ContextType.Domain, domainName))
{
    using (var foundUser = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, username)) 
    {
        if (foundUser.Enabled.HasValue) 
        {
            return (bool)foundUser.Enabled;
        }
        else
        {
            return true; //or false depending what result you want in the case of Enabled being NULL
        }
    }
}

回复收藏 0 原文

メ斷腸人バ 2024-08-24 00:39:12

没有人问过，但这里有一个 java 版本（因为我最终在这里寻找一个）。空检查留给读者作为练习。

private Boolean isActive(SearchResult searchResult) {
    Attribute userAccountControlAttr = searchResult.getAttributes().get("UserAccountControl");
    Integer userAccountControlInt = new Integer((String) userAccoutControlAttr.get());
    Boolean disabled = BooleanUtils.toBooleanObject(userAccountControlInt & 0x0002);
    return !disabled;
}

Not that anyone asked, but here's a java version (since I ended up here looking for one). Null checking is left as an exercise for the reader.

private Boolean isActive(SearchResult searchResult) {
    Attribute userAccountControlAttr = searchResult.getAttributes().get("UserAccountControl");
    Integer userAccountControlInt = new Integer((String) userAccoutControlAttr.get());
    Boolean disabled = BooleanUtils.toBooleanObject(userAccountControlInt & 0x0002);
    return !disabled;
}

回复收藏 0 原文

悲念泪 2024-08-24 00:39:12

您可以使用如下内容：

    ADUserAccountControl flags;
    Enum.TryParse(de.Properties["userAccountControl"].Value.ToString(), out flags);

    if(flags.HasFlag(ADUserAccountControl.ACCOUNTDISABLE)
    {
        // account is disabled
    }

这是所有可能标志的完整列表：

    /// <summary>
    /// Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
    /// </summary>
   [Flags]
   public enum ADUserAccountControl : long
   {            
        SCRIPT = 0x0001,
        ACCOUNTDISABLE = 0x0002,
        HOMEDIR_REQUIRED = 0x0008,
        LOCKOUT = 0x0010,
        PASSWD_NOTREQD = 0x0020,
        PASSWD_CANT_CHANGE = 0x0040,
        ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080,
        TEMP_DUPLICATE_ACCOUNT = 0x0100,
        NORMAL_ACCOUNT = 0x0200,
        INTERDOMAIN_TRUST_ACCOUNT = 0x0800,
        WORKSTATION_TRUST_ACCOUNT = 0x1000,
        SERVER_TRUST_ACCOUNT = 0x2000,
        DONT_EXPIRE_PASSWORD = 0x10000,
        MNS_LOGON_ACCOUNT = 0x20000,
        SMARTCARD_REQUIRED = 0x40000,
        TRUSTED_FOR_DELEGATION = 0x80000,
        NOT_DELEGATED = 0x100000,
        USE_DES_KEY_ONLY = 0x200000,
        DONT_REQ_PREAUTH = 0x400000,
        PASSWORD_EXPIRED = 0x800000,
        TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000,
        PARTIAL_SECRETS_ACCOUNT = 0x04000000,
    }

You can use something like this:

    ADUserAccountControl flags;
    Enum.TryParse(de.Properties["userAccountControl"].Value.ToString(), out flags);

    if(flags.HasFlag(ADUserAccountControl.ACCOUNTDISABLE)
    {
        // account is disabled
    }

Here is a complete list of all possible flags:

    /// <summary>
    /// Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
    /// </summary>
   [Flags]
   public enum ADUserAccountControl : long
   {            
        SCRIPT = 0x0001,
        ACCOUNTDISABLE = 0x0002,
        HOMEDIR_REQUIRED = 0x0008,
        LOCKOUT = 0x0010,
        PASSWD_NOTREQD = 0x0020,
        PASSWD_CANT_CHANGE = 0x0040,
        ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080,
        TEMP_DUPLICATE_ACCOUNT = 0x0100,
        NORMAL_ACCOUNT = 0x0200,
        INTERDOMAIN_TRUST_ACCOUNT = 0x0800,
        WORKSTATION_TRUST_ACCOUNT = 0x1000,
        SERVER_TRUST_ACCOUNT = 0x2000,
        DONT_EXPIRE_PASSWORD = 0x10000,
        MNS_LOGON_ACCOUNT = 0x20000,
        SMARTCARD_REQUIRED = 0x40000,
        TRUSTED_FOR_DELEGATION = 0x80000,
        NOT_DELEGATED = 0x100000,
        USE_DES_KEY_ONLY = 0x200000,
        DONT_REQ_PREAUTH = 0x400000,
        PASSWORD_EXPIRED = 0x800000,
        TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000,
        PARTIAL_SECRETS_ACCOUNT = 0x04000000,
    }

回复收藏 0 原文

枫林﹌晚霞¤ 2024-08-24 00:39:12

我来这里寻找答案，但它只是针对DirectoryEntry。因此，这里有一个适用于 SearchResult / SearchResultCollection 的代码，供遇到相同问题的人使用：

private bool checkIfActive(SearchResult sr)
{
    var vaPropertiy = sr.Properties["userAccountControl"];

    if (vaPropertiy.Count > 0) 
    {
        if (vaPropertiy[0].ToString() == "512" || vaPropertiy[0].ToString() == "66048") 
        {
            return true;
        } 
        
        return false;
    }

    return false;
}

I came here looking for an answer, but it was only for DirectoryEntry. So here is a code that works for SearchResult / SearchResultCollection, for people who had the same problem:

private bool checkIfActive(SearchResult sr)
{
    var vaPropertiy = sr.Properties["userAccountControl"];

    if (vaPropertiy.Count > 0) 
    {
        if (vaPropertiy[0].ToString() == "512" || vaPropertiy[0].ToString() == "66048") 
        {
            return true;
        } 
        
        return false;
    }

    return false;
}

回复收藏 0 原文

~没有更多了~