将 Active Directory 属性设置为“未设置”的 .Net 代码

发布于 2024-12-13 13:11:50 字数 552 浏览 1 评论 0原文

在 Active Direcotry mmc 管理单元中，您看不到“未设置”的属性。当您使用 ADSIEDIT.MSC 工具时，如果属性值为空，您确实会将它们视为“未设置”。

如何在 .Net 代码中将属性设置为“未设置”？

这是 Powershell 中的答案，但我需要使用一些 .Net 代码 (VB.Net/C#) 来完成此操作。 http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/thread/d6d0bfa1-73da-41ea-a7f5-f622de9f7d1b/

ps msExchHideAddressLists 是罪魁祸首属性，当在此域中无论其对错，它都会阻止用户信息从 AD 复制到 Sharepoint。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

眉黛浅 2024-12-20 13:11:50

在 MSDN 中，您可以找到：

在支持 LDAP 的常用目录中，有一个属性没有值就不存在。当通过更改、替换或追加操作将属性值设置为非空值时，如果该属性尚不存在，则会创建该属性。同样，如果一个属性被修改为没有值（或多个值），则整个属性将被删除。有时您可能希望将属性设置为 null。虽然支持 LDAP 的目录中不存在此概念，但您可以通过完全删除该属性并指定要清除该属性来实现此目的。

以下是使用 System.DirectoryServices 的示例：

/* Connection to Active Directory
 */
DirectoryEntry deBase = new DirectoryEntry("LDAP://192.168.183.220:389/dc=societe,dc=local", "administrateur", "adm");

/* Directory Search
 */
DirectorySearcher dsLookForOUs = new DirectorySearcher(deBase);
dsLookForOUs.Filter = "(objectCategory=organizationalUnit)";
dsLookForOUs.SearchScope = SearchScope.Subtree;
dsLookForOUs.PropertiesToLoad.Add("cn");
dsLookForOUs.PropertiesToLoad.Add("ou");
dsLookForOUs.PropertiesToLoad.Add("telephoneNumber");

SearchResultCollection srcOUs = dsLookForOUs.FindAll();

foreach (SearchResult srOU in srcOUs)
{
  Console.WriteLine("{0}", srOU.Path);
  DirectoryEntry de = srOU.GetDirectoryEntry();
  if (de.Properties["TelephoneNumber"].Value!= null)
  {
    // Both solutions are working. Don't forget to commit

    //de.Properties["TelephoneNumber"].Clear();
    de.Properties["TelephoneNumber"].Value=null;
    de.CommitChanges();
  }
}

In the MSDN you can found :

Within commonly used directories that support LDAP, an attribute without a value does not exist. When the attribute value is set to a non-null value by a change, replace, or append operation, the attribute is created if it does not already exist. Similarly, if an attribute is modified to have no value (or values), the entire attribute is removed. At times you may want to set an attribute to null. While this concept does not exist in directories that support LDAP, you can accomplish this by removing the attribute entirely and specifying that the property is to be cleared.

Here is an example using System.DirectoryServices :

/* Connection to Active Directory
 */
DirectoryEntry deBase = new DirectoryEntry("LDAP://192.168.183.220:389/dc=societe,dc=local", "administrateur", "adm");

/* Directory Search
 */
DirectorySearcher dsLookForOUs = new DirectorySearcher(deBase);
dsLookForOUs.Filter = "(objectCategory=organizationalUnit)";
dsLookForOUs.SearchScope = SearchScope.Subtree;
dsLookForOUs.PropertiesToLoad.Add("cn");
dsLookForOUs.PropertiesToLoad.Add("ou");
dsLookForOUs.PropertiesToLoad.Add("telephoneNumber");

SearchResultCollection srcOUs = dsLookForOUs.FindAll();

foreach (SearchResult srOU in srcOUs)
{
  Console.WriteLine("{0}", srOU.Path);
  DirectoryEntry de = srOU.GetDirectoryEntry();
  if (de.Properties["TelephoneNumber"].Value!= null)
  {
    // Both solutions are working. Don't forget to commit

    //de.Properties["TelephoneNumber"].Clear();
    de.Properties["TelephoneNumber"].Value=null;
    de.CommitChanges();
  }
}

回复收藏 0 原文

~没有更多了~