LDAP:如何将新用户添加到 OU 内的组

发布于 2024-10-01 07:13:32 字数 966 浏览 7 评论 0原文

我有一些代码使用 DirectoryEntry 通过 LDAP 操作本地 Active Directory。目前,我找到一个特定的 OU,向其中添加用户,更新用户的属性,然后提交所有更改:

DirectoryEntry ldapRoot = new DirectoryEntry(ldapString, user, password);
DirectoryEntry userGroup = ldapRoot.Children.Find("OU=OUGroup");
DirectoryEntry newUser = userGroup.Children.Add("CN=" + userName, "user");
newUser.Properties["displayName"].Value = displayName;

...

newUser.CommitChanges();
userGroup.Close();
ldapRoot.Close();

ldapString 类似于 LDAP:\\DC=company,DC= local,基本上它只是获取根条目。

我更改了几个属性,但一切正常。但是,我有另一个名为 SharePoint_Groups 的 OU,其中有一个名为 Internal 的组。我想将新用户添加为该组的成员,但我不知道如何执行此操作。我尝试了以下方法:

DirectoryEntry spGroup = ldapRoot.Children.Find("OU=Sharepoint_Groups");
DirectoryEntry internal = spGroup.Children.Find("CN=Internal");

它不起作用,并且我不确定应该如何解决 Internal - CN= 是否正确或者我应该使用其他规范?

而且,一旦我有了正确的组,如何将现有用户添加到其中?

提前致谢

I have some code using DirectoryEntry to manipulate the local Active Directory via LDAP. Currently I find a specific OU, add a user to it, update the properties of the user and then commit all changes:

DirectoryEntry ldapRoot = new DirectoryEntry(ldapString, user, password);
DirectoryEntry userGroup = ldapRoot.Children.Find("OU=OUGroup");
DirectoryEntry newUser = userGroup.Children.Add("CN=" + userName, "user");
newUser.Properties["displayName"].Value = displayName;

...

newUser.CommitChanges();
userGroup.Close();
ldapRoot.Close();

ldapString is something akin to LDAP:\\DC=company,DC=local, basically it's just fetching the root entry.

I change several Properties, but it's all working fine. However, I have another OU called SharePoint_Groups, which has a group inside called Internal. I want to add the new user as a member of this group, but I'm at a loss of how to do it. I tried the following:

DirectoryEntry spGroup = ldapRoot.Children.Find("OU=Sharepoint_Groups");
DirectoryEntry internal = spGroup.Children.Find("CN=Internal");

It does not work and I am not sure how I should address Internal - is CN= correct or should I use some other specification?

And, once I have the correct group, how do I add the existing user to it?

Thanks in advance

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

漆黑的白昼 2024-10-08 07:13:32

基本上,要将用户添加到现有组,您需要绑定到该组并使用用户的完全限定可分辨名称更新其 member 属性:

DirectoryEntry deGroup = new DirectoryEntry("LDAP://CN=Internal,OU=Sharepoint_Groups,DC=Company,DC=local");

string userDN = newUser.Properties["distinguishedName"][0].ToString();

deGroup.Properties["member"].Add(userDN);
deGroup.CommitChanges();

CodeProject 文章是此类内容的绝佳资源如何使用 C# 在 Active Directory 中执行几乎所有操作 - 许多有用的代码示例!

Basically, to add a user to an existing group, you need to bind to that group and update it's member property, using the user's fully qualified distinguished name:

DirectoryEntry deGroup = new DirectoryEntry("LDAP://CN=Internal,OU=Sharepoint_Groups,DC=Company,DC=local");

string userDN = newUser.Properties["distinguishedName"][0].ToString();

deGroup.Properties["member"].Add(userDN);
deGroup.CommitChanges();

A great resource for stuff like this is the CodeProject article How to do just about everything in Active Directory using C# - lots of useful code samples!

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文