LDAP：如何将新用户添加到 OU 内的组

发布于 2024-10-01 07:13:32 字数 966 浏览 2 评论 0原文

我有一些代码使用 DirectoryEntry 通过 LDAP 操作本地 Active Directory。目前，我找到一个特定的 OU，向其中添加用户，更新用户的属性，然后提交所有更改：

DirectoryEntry ldapRoot = new DirectoryEntry(ldapString, user, password);
DirectoryEntry userGroup = ldapRoot.Children.Find("OU=OUGroup");
DirectoryEntry newUser = userGroup.Children.Add("CN=" + userName, "user");
newUser.Properties["displayName"].Value = displayName;

...

newUser.CommitChanges();
userGroup.Close();
ldapRoot.Close();

ldapString 类似于 LDAP:\\DC=company,DC= local，基本上它只是获取根条目。

我更改了几个属性，但一切正常。但是，我有另一个名为 SharePoint_Groups 的 OU，其中有一个名为 Internal 的组。我想将新用户添加为该组的成员，但我不知道如何执行此操作。我尝试了以下方法：

DirectoryEntry spGroup = ldapRoot.Children.Find("OU=Sharepoint_Groups");
DirectoryEntry internal = spGroup.Children.Find("CN=Internal");

它不起作用，并且我不确定应该如何解决 Internal - CN= 是否正确或者我应该使用其他规范？

而且，一旦我有了正确的组，如何将现有用户添加到其中？

提前致谢

原文

I have some code using DirectoryEntry to manipulate the local Active Directory via LDAP. Currently I find a specific OU, add a user to it, update the properties of the user and then commit all changes:

DirectoryEntry ldapRoot = new DirectoryEntry(ldapString, user, password);
DirectoryEntry userGroup = ldapRoot.Children.Find("OU=OUGroup");
DirectoryEntry newUser = userGroup.Children.Add("CN=" + userName, "user");
newUser.Properties["displayName"].Value = displayName;

...

newUser.CommitChanges();
userGroup.Close();
ldapRoot.Close();

ldapString is something akin to LDAP:\\DC=company,DC=local, basically it's just fetching the root entry.

I change several Properties, but it's all working fine. However, I have another OU called SharePoint_Groups, which has a group inside called Internal. I want to add the new user as a member of this group, but I'm at a loss of how to do it. I tried the following:

DirectoryEntry spGroup = ldapRoot.Children.Find("OU=Sharepoint_Groups");
DirectoryEntry internal = spGroup.Children.Find("CN=Internal");

It does not work and I am not sure how I should address Internal - is CN= correct or should I use some other specification?

And, once I have the correct group, how do I add the existing user to it?

Thanks in advance

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

漆黑的白昼 2024-10-08 07:13:32

基本上，要将用户添加到现有组，您需要绑定到该组并使用用户的完全限定可分辨名称更新其 member 属性：

DirectoryEntry deGroup = new DirectoryEntry("LDAP://CN=Internal,OU=Sharepoint_Groups,DC=Company,DC=local");

string userDN = newUser.Properties["distinguishedName"][0].ToString();

deGroup.Properties["member"].Add(userDN);
deGroup.CommitChanges();

CodeProject 文章是此类内容的绝佳资源如何使用 C# 在 Active Directory 中执行几乎所有操作 - 许多有用的代码示例！

Basically, to add a user to an existing group, you need to bind to that group and update it's member property, using the user's fully qualified distinguished name:

DirectoryEntry deGroup = new DirectoryEntry("LDAP://CN=Internal,OU=Sharepoint_Groups,DC=Company,DC=local");

string userDN = newUser.Properties["distinguishedName"][0].ToString();

deGroup.Properties["member"].Add(userDN);
deGroup.CommitChanges();

A great resource for stuff like this is the CodeProject article How to do just about everything in Active Directory using C# - lots of useful code samples!

回复收藏 0 原文

~没有更多了~