从.NET Active Directory组添加和删除用户用户、NET、Active、Directory
我写了下面的方法来添加和删除Active Directory用户在C#。
无效AddUserToGroup(字符串userid,字符串组名);
无效RemoveUserFromGroup(字符串userid,字符串组名);
如何最好地实现这些方法?
下面是$ C $的CProject一些code。我看不到的地方,虽然被指定在这些例子中,AD服务器? (它是隐式由.NET框架使用LDAP协议时提供的?)。难道这些例子值得仿效?
公共无效AddToGroup(字符串用户DN,串groupDn)
{
尝试
{
的DirectoryEntry dirEntry =新的DirectoryEntry(LDAP://+ groupDn);
。dirEntry.Properties [成员]添加(用户DN);
dirEntry.CommitChanges();
dirEntry.Close();
}
赶上(System.DirectoryServices.DirectoryServicesCOMException E)
{
// doSomething的与E.Message.ToString();
}
}
公共无效RemoveUserFromGroup(字符串用户DN,串groupDn)
{
尝试
{
的DirectoryEntry dirEntry =新的DirectoryEntry(LDAP://+ groupDn);
。dirEntry.Properties [成员]删除(用户DN);
dirEntry.CommitChanges();
dirEntry.Close();
}
赶上(System.DirectoryServices.DirectoryServicesCOMException E)
{
// doSomething的与E.Message.ToString();
}
}
解决方案
唉。 LDAP。如果你正在使用.NET Framework 3.5或以上,我强烈建议使用System.DirectorServices.AccountManagement命名空间。这使得事情的这样的容易多了。
公共无效AddUserToGroup(字符串userid,字符串组名)
{
尝试
{
使用(PrincipalContext PC =新PrincipalContext(ContextType.Domain,本公司))
{
GroupPrincipal组= GroupPrincipal.FindByIdentity(PC,组名);
group.Members.Add(PC,IdentityType.UserPrincipalName,用户id);
group.Save();
}
}
赶上(System.DirectoryServices.DirectoryServicesCOMException E)
{
// doSomething的与E.Message.ToString();
}
}
公共无效RemoveUserFromGroup(字符串userid,字符串组名)
{
尝试
{
使用(PrincipalContext PC =新PrincipalContext(ContextType.Domain,本公司))
{
GroupPrincipal组= GroupPrincipal.FindByIdentity(PC,组名);
group.Members.Remove(PC,IdentityType.UserPrincipalName,用户id);
group.Save();
}
}
赶上(System.DirectoryServices.DirectoryServicesCOMException E)
{
// doSomething的与E.Message.ToString();
}
}
I am writing the following methods to add and remove users from active directory in C#.
void AddUserToGroup(string userId, string groupName);
void RemoveUserFromGroup(string userId, string groupName);
How best to implement these methods?
Here is some code from CodeProject. I can't see where the AD server is specified in these examples though? (is it implicitly supplied by the .NET framework when using the LDAP protocol?). Are these examples worth following?
public void AddToGroup(string userDn, string groupDn)
{
try
{
DirectoryEntry dirEntry = new DirectoryEntry("LDAP://" + groupDn);
dirEntry.Properties["member"].Add(userDn);
dirEntry.CommitChanges();
dirEntry.Close();
}
catch (System.DirectoryServices.DirectoryServicesCOMException E)
{
//doSomething with E.Message.ToString();
}
}
public void RemoveUserFromGroup(string userDn, string groupDn)
{
try
{
DirectoryEntry dirEntry = new DirectoryEntry("LDAP://" + groupDn);
dirEntry.Properties["member"].Remove(userDn);
dirEntry.CommitChanges();
dirEntry.Close();
}
catch (System.DirectoryServices.DirectoryServicesCOMException E)
{
//doSomething with E.Message.ToString();
}
}
解决方案
Ugh. LDAP. If you're using the .Net Framework 3.5 or above, I highly recommend using the System.DirectorServices.AccountManagement namespace. That makes things so much easier.
public void AddUserToGroup(string userId, string groupName)
{
try
{
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "COMPANY"))
{
GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, groupName);
group.Members.Add(pc, IdentityType.UserPrincipalName, userId);
group.Save();
}
}
catch (System.DirectoryServices.DirectoryServicesCOMException E)
{
//doSomething with E.Message.ToString();
}
}
public void RemoveUserFromGroup(string userId, string groupName)
{
try
{
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "COMPANY"))
{
GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, groupName);
group.Members.Remove(pc, IdentityType.UserPrincipalName, userId);
group.Save();
}
}
catch (System.DirectoryServices.DirectoryServicesCOMException E)
{
//doSomething with E.Message.ToString();
}
}
