在 c# 中使用 Systems.directoryservices.AccountManagement 解锁 Active-Directory 帐户
我在 AD 上解锁锁定帐户时遇到一些问题。
我会保持非常简单。我假设该帐户当前已被锁定。
UserPrincipal oUserPrincipal = ADMethods.GetUser("test.user");
oUserPrincipal.UnlockAccount();
oUserPrincipal.Save();`
oUserPrincipal 通过现在的PrincipalContext 使用TEST AD 上的管理员帐户返回
..
oUserPrincipal.UnlockAccount();正在生成异常
System.UnauthorizedAccessException
在检查“测试 AD 服务器”上的日志时,它返回失败的协商,指出“test.user”已被锁定。由于我使用管理员帐户返回用户主体,为什么unlockAccount 方法会生成错误?
将不胜感激您的帮助。
异常情况如下。
System.UnauthorizedAccessException: Access is denied.
at System.DirectoryServices.Interop.UnsafeNativeMetho ds.IAds.SetInfo()
at System.DirectoryServices.DirectoryEntry.CommitChan ges()
at System.DirectoryServices.AccountManagement.SDSUtil s.WriteAttribute(String dePath, String attribute, Int32 value, NetCred credentials, AuthenticationTypes authTypes)
at System.DirectoryServices.AccountManagement.ADStore Ctx.WriteAttribute(Principal p, String attribute, Int32 value)
at System.DirectoryServices.AccountManagement.ADStore Ctx.UnlockAccount(AuthenticablePrincipal p)
at System.DirectoryServices.AccountManagement.Account Info.UnlockAccount()
at ADMethodsAccountManagement.UnlockUserAccount(Strin g sUserName) in C:\Users\christian.debono\documents\visual studio 2010\Projects\UnlockApp\UnlockApp\ADMethodsAccount Management.cs:line 182
at UnlockApp.Form1.UnlockButton_Click(Object sender, EventArgs e) in C:\Users\christian.debono\documents\visual studio 2010\Projects\UnlockApp\UnlockApp\Form1.cs:line 30
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventAr gs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.O nMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.W ndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
I'm experiencing some problems when unlocking a locked account on AD.
I'll keep it very simple. I'm assuming that the account is currently locked.
UserPrincipal oUserPrincipal = ADMethods.GetUser("test.user");
oUserPrincipal.UnlockAccount();
oUserPrincipal.Save();`
oUserPrincipal is returned using an Admin account on the TEST AD though a PrincipalContext
Now ..
oUserPrincipal.UnlockAccount(); is generating an exception
System.UnauthorizedAccessException
When checking the logs on the "Test AD server", it's returning a failed negotiation stating that "test.user" is locked out. Since I'm returning a user principal using an admin account, why is unlockAccount method generating an error?
Would appreciate your help.
Exception is as follows.
System.UnauthorizedAccessException: Access is denied.
at System.DirectoryServices.Interop.UnsafeNativeMetho ds.IAds.SetInfo()
at System.DirectoryServices.DirectoryEntry.CommitChan ges()
at System.DirectoryServices.AccountManagement.SDSUtil s.WriteAttribute(String dePath, String attribute, Int32 value, NetCred credentials, AuthenticationTypes authTypes)
at System.DirectoryServices.AccountManagement.ADStore Ctx.WriteAttribute(Principal p, String attribute, Int32 value)
at System.DirectoryServices.AccountManagement.ADStore Ctx.UnlockAccount(AuthenticablePrincipal p)
at System.DirectoryServices.AccountManagement.Account Info.UnlockAccount()
at ADMethodsAccountManagement.UnlockUserAccount(Strin g sUserName) in C:\Users\christian.debono\documents\visual studio 2010\Projects\UnlockApp\UnlockApp\ADMethodsAccount Management.cs:line 182
at UnlockApp.Form1.UnlockButton_Click(Object sender, EventArgs e) in C:\Users\christian.debono\documents\visual studio 2010\Projects\UnlockApp\UnlockApp\Form1.cs:line 30
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventAr gs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.O nMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.W ndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您确定您使用的服务用户有权解锁帐户吗?我之前遇到过一种情况,我们有一个具有管理员权限的服务用户,但在解锁帐户时被拒绝,而且如果您要解锁的帐户具有比解锁帐户更高的权限,也无法正常工作,我想最好的方法要测试它,您自己的 AD 帐户是否具有解锁帐户的权限,请首先在 Active Directory 用户和计算机中尝试解锁所述帐户,然后在成功后在您的代码上再次尝试。希望这是有道理的。
Are you sure that the Service User that you are using have rights to unlock accounts? I had experienced a situation before where we have a service user which have admin rights but was declined in unlocking accounts, also if the account you are unlocking have a higher permissions than the one unlocking it that wont work as well , I guess the best way to test it is if your own AD Account have the privilegde of unlocking the account try it first in Active Directory Users and Computer by unlocking the said account then when successful try it again on your code. Hope this makes sense.