System/Microsoft SharePoint
Active directory how to
sunyruru
2007. 9. 6. 16:54
아 AD, LDAP... 죽일넘들 ㅡㅡ;;
아래 참고 링크들은 모두 사라졌네요. (클릭해도 안떠요 ㅠ)
- How to create a file share using .Net framework
- How to add a user to file access permissions
- How to get file security information using DirectoryServices
- How to get list of groups user is member of
- How to get list of domains in Active Directory
- How to get members of a windows group.
- How to get user SID using DirectoryServices classes
- How to add a new user account in your machine or domain?
- How to get full name of logged in user.
- How to display schema information of Active Directory object using Directory Services in ASP.Net
- How to use Active Directory classes in ASP.Net to enumerate AD Users
- How to use Active Directory classes in ASP.Net to enumerate AD Groups
- How To Enumerate Web Application Directories in IIS Using DirectoryServices
In our previous article, How to get full name of logged in user, we showed how you can get full name of a user in a given domain or machine. You can extend that idea to obtain any information you want for a given user. This artcile will describe how you can add a new user account into your domain or machine using .Net DirectoryServices classes. We will be using WinNT provider for illustrations in this article. But you can extend the examples to use LDAP or AD providers.Here are the key steps that you will need to perform to create new account.- Create a new
DirectoryEntryobject and specify the machine name as the path. - User accounts are created as nodes corrresponding to User schema class in Active Directory. Therefore we will add a new
DirectoryEntryobject inChildrencollection of the machine. The key thing to rememeber will be that when you add new entry, make sure that the schema class name is User. - When you add a new node in
Childrencollection, it will return you the newly created object. At this stage the information has not been added to your machine or active directory tree. - Now you can set all the values that you need to set for a given account. Following is the list of property names that you can set for the account.
UserFlagsMaxStoragePasswordAgePasswordExpiredLoginHoursFullNameDescriptionBadPasswordAttemptsLastLoginHomeDirectoryLoginScriptProfileHomeDirDriveParametersPrimaryGroupIDNameMinPasswordLengthMaxPasswordAgeMinPasswordAgePasswordHistoryLengthAutoUnlockIntervalLockoutObservationIntervalMaxBadPasswordsAllowedRasPermissionsobjectSid
- You must have noticed from the above list that there is no property to set or get user password value. Operating system does not give access to clear text password value. So we can't expect and property or method to get it. In ADSI,
IAdsUserinterface providesSetPasswordmethod to set a user's password. This is whereInvokemethod ofDirectoryEntryclass comes handy. So we callInvoketo set the password value. TheInvokemethod can be used to call native methods on underlying active directory objects. There is one important thing to remeber when you set a user's password value. If you are using LDAP provider, then the user account should already have been created in the system by callingCommitChangesorSetInfomethod. But WinNT provider does not have this restriction. You can set password value without commiting the changes first. - The last step would be to actually create the account in the machine or domain. This is done by calling
CommitChangesmethod on newly addedDirectoryEntryobject.
- Create a new
- private void AddUser(string strDoamin, string strLogin, string strPwd) { DirectoryEntry obDirEntry = null; try { obDirEntry = new DirectoryEntry("WinNT://" + strDoamin); DirectoryEntries entries = obDirEntry.Children; DirectoryEntry obUser = entries.Add(strLogin, "User"); obUser.Properties["FullName"].Add("Amigo"); object obRet = obUser.Invoke("SetPassword", strPwd); obUser.CommitChanges(); } catch (Exception ex) { Trace.Warn(ex.Message); } }
- Details