通过代码添加 Active Directory 帐户所需的权限

发布于 2024-12-02 04:04:24 字数 622 浏览 1 评论 0 原文

我正在尝试编写一个程序，该程序将使用来自外部数据源的数据自动创建活动目录帐户。我遇到的问题是我总是收到 UnAuthorizedAccessException 但我一生都想不出要应用哪些权限。我什至一直走到根对象并给予我自己的帐户完全控制权，这似乎没有任何区别。我知道我可以访问服务器，因为 OrganizationUnit 和 de 对象已正确填充。

 DirectoryEntry de = new DirectoryEntry("LDAP://MYLOCALADDRESS");            
 de.Password = "thePassword";
 de.Username = "theUserName"; 
 de.AuthenticationType = AuthenticationTypes.Secure ;
 DirectoryEntry organizationalUnit = de.Parent;
 DirectoryEntry newUser = organizationalUnit.Children.Add("TESTADD  ", de.SchemaClassName);

 //Exception happens on this line
 newUser.CommitChanges();

任何帮助将不胜感激！

原文

I'm attempting to write a program that would automatically create active directory accounts using data from an external data source. The problem that I am running into is that I am always getting an UnAuthorizedAccessException but I for the life of me can't think of what permissions to apply. I've even gone all the way to the root object and given my own account full control which doesn't seem to make any difference. I know that I can access the server since the organizationUnit and de objects are populated correctly.

 DirectoryEntry de = new DirectoryEntry("LDAP://MYLOCALADDRESS");            
 de.Password = "thePassword";
 de.Username = "theUserName"; 
 de.AuthenticationType = AuthenticationTypes.Secure ;
 DirectoryEntry organizationalUnit = de.Parent;
 DirectoryEntry newUser = organizationalUnit.Children.Add("TESTADD  ", de.SchemaClassName);

 //Exception happens on this line
 newUser.CommitChanges();

Any help would be appreciated!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

七颜 2024-12-09 04:04:24

乍一看，我会说你的“TESTADD”需要以“CN =”开头

对于活动目录，我从这个代码项目：

public string CreateUserAccount(string ldapPath, string userName, 
    string userPassword)
{
    try
    {
        string oGUID = string.Empty;
        string connectionPrefix = "LDAP://" + ldapPath;
        DirectoryEntry dirEntry = new DirectoryEntry(connectionPrefix);
        DirectoryEntry newUser = dirEntry.Children.Add
            ("CN=" + userName, "user");
        newUser.Properties["samAccountName"].Value = userName;
        newUser.CommitChanges();
        oGUID = newUser.Guid.ToString();

        newUser.Invoke("SetPassword", new object[] { userPassword });
        newUser.CommitChanges();
        dirEntry.Close();
        newUser.Close();
    }
    catch (System.DirectoryServices.DirectoryServicesCOMException E)
    {
        //DoSomethingwith --> E.Message.ToString();

    }
    return oGUID;
}

At a glance I'd say your "TESTADD " needs to start with "CN="

For active directory I get all my samples from this codeproject:

public string CreateUserAccount(string ldapPath, string userName, 
    string userPassword)
{
    try
    {
        string oGUID = string.Empty;
        string connectionPrefix = "LDAP://" + ldapPath;
        DirectoryEntry dirEntry = new DirectoryEntry(connectionPrefix);
        DirectoryEntry newUser = dirEntry.Children.Add
            ("CN=" + userName, "user");
        newUser.Properties["samAccountName"].Value = userName;
        newUser.CommitChanges();
        oGUID = newUser.Guid.ToString();

        newUser.Invoke("SetPassword", new object[] { userPassword });
        newUser.CommitChanges();
        dirEntry.Close();
        newUser.Close();
    }
    catch (System.DirectoryServices.DirectoryServicesCOMException E)
    {
        //DoSomethingwith --> E.Message.ToString();

    }
    return oGUID;
}

回复收藏 0 原文

~没有更多了~