如何设置“用户不能更改密码” AD属性

发布于 01-06 18:18 字数 1165 浏览 3 评论 0原文

我试图弄清楚如何使用 VB.NET 设置 AD 的“用户无法更改密码”属性。

我最初希望使用此处找到的 UserAccountControl 标志 http://support.microsoft.com/kb/305144 但我意识到你不能像人们期望的那样设置 PASSWD_CANT_CHANGE 标志。这导致我看到这篇文章 Active Directory 用户使用 DirectoryServices 更改其密码，但我无法进行保存。

这是我现在的代码。

        Dim domainContext As PrincipalContext = New PrincipalContext(ContextType.Domain)
        Dim user As UserPrincipal = UserPrincipal.FindByIdentity(domainContext, "user5")
        user.UserCannotChangePassword = True
        user.Save(domainContext)

每次我尝试对此进行保存时，都会收到 InvalidOperationException。此文档也没有太大帮助： http://msdn.microsoft .com/en-us/library/bb335863.aspx

对我来说奇怪的是，如果我设置 UserPrincipal 对象的不同属性（例如 SamAccountName），则保存有效很好，但是一旦我引入 UserCannotChangePassword 属性，保存就会失败。

我已经验证我用来执行此操作的用户具有适当的权限，但我不确定从这里开始......有什么想法吗？

原文

I'm trying to figure out how to set the "User cannot change password" attribute of AD using VB.NET.

I was originally hoping to use the UserAccountControl Flags found here http://support.microsoft.com/kb/305144 but I realized you cannot set the PASSWD_CANT_CHANGE flag like one would expect. This lead me to this posting Preventing an Active Directory user from changing his/her password using DirectoryServices but I cannot get the saving working.

Here's the code I have right now.

        Dim domainContext As PrincipalContext = New PrincipalContext(ContextType.Domain)
        Dim user As UserPrincipal = UserPrincipal.FindByIdentity(domainContext, "user5")
        user.UserCannotChangePassword = True
        user.Save(domainContext)

Every time I try to do a save on this I get an InvalidOperationException. The documentation for this isn't too helpful either: http://msdn.microsoft.com/en-us/library/bb335863.aspx

What's strange to me is that if I set a different attribute of that UserPrincipal object, like the SamAccountName, saving works fine, but once I introduce that UserCannotChangePassword attribute, saving fails.

I've verified that the user I am using to perform this action has proper privileges, but I'm not to sure where to go from here... Any ideas?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

梦途2025-01-13 18:18:24

找到了一种老式的方法来做到这一点，感谢您为我指明了正确的方向@juergen d。我想我得解决了。

        Dim objThisUser As IADs
        Dim intUserFlags As Integer

        ' Bind to the user object with the current credentials.
        objThisUser = GetObject("WinNT://" + gstrDomain + "/" + "user5")

        intUserFlags = objThisUser.Get("userFlags")

        'can't change
        intUserFlags = intUserFlags Or ADS_UF_PASSWD_CANT_CHANGE

        ' Modify the userFlags property.
        objThisUser.Put("userFlags", intUserFlags)

        ' Commit the changes
        objThisUser.SetInfo()

我一直很接近找到一个完美的解决方案，但就是无法让节省发挥作用。我想这工作得很好。使用它只是意味着多了几行代码，并且适应性稍差一些。

Found an old school way to do this, thanks for pointing me in the right direction @juergen d. Guess I'll have to settle.

        Dim objThisUser As IADs
        Dim intUserFlags As Integer

        ' Bind to the user object with the current credentials.
        objThisUser = GetObject("WinNT://" + gstrDomain + "/" + "user5")

        intUserFlags = objThisUser.Get("userFlags")

        'can't change
        intUserFlags = intUserFlags Or ADS_UF_PASSWD_CANT_CHANGE

        ' Modify the userFlags property.
        objThisUser.Put("userFlags", intUserFlags)

        ' Commit the changes
        objThisUser.SetInfo()

I was close the whole time to having a perfect solution, but just couldn't get the saving to work. This works fine I guess. Using this just means a few more lines of code, and a bit less adaptability.

回复收藏 0 原文

~没有更多了~