问题描述
我正在尝试使用 .NET System.DirectoryServices 命名空间在我的开发活动目录服务器上创建一个新用户.
I'm trying to create a new user on my development active directory server using .NET System.DirectoryServices namespace.
我尝试使用以下代码:
DirectoryEntry dirEntry = new DirectoryEntry(path, "TESTDOM\Administrator", "2109password", AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);
object o = dirEntry.NativeObject;
DirectoryEntry newUser = dirEntry.Children.Add("CN=NewUser4", "user");
newUser.Properties["samAccountName"].Value = "NewUser4";
newUser.Properties["Description"].Add("User Description");
newUser.Invoke("SetPassword", new object[] {"2109password"} );
newUser.CommitChanges();
我也尝试使用
newUser.CommitChanges();
在我调用 Invoke 设置密码之前.我总是得到一个 TargetInvocationException 包装:
before I call the Invoke to set the password. I always get a TargetInvocationException wrapping:
InnerException {"The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)"} System.Exception {System.Runtime.InteropServices.COMException}
只有在我调用时才会抛出异常
The exception is always only thrown when I call
newUser.Invoke("SetPassword", new object[] {"2109password"} );
如果我在尝试使用 SetPassword 调用 Invoke 之前调用 newUser.CommitChanges(),则会在域上创建新用户.然后我可以手动转到 AD 机器并设置相同的密码,没有问题(因此密码字符串违反规则不是问题).我注意到网上有很多关于这个的帖子,但没有找到解决方案.
If I call newUser.CommitChanges() before I try to call Invoke with SetPassword, the new user is created on the domain. I can then go manually to the AD machine and set the same password with no problems (so it's not a problem with the password string being against the rules). I've notice many post online about this but found no solution.
我认为这可能与运行代码的机器不是域中的成员这一事实有关.尽管用户 TESTDOMAdministrator 是 TESTDOM 域上的管理员、域管理员、架构管理员和企业管理员组的成员.
I think it might have something to do with the fact that the machine running the code is not a member in the domain. Although the user TESTDOMAdministrator is a member of the: administrators, domain admins, schema admin and enterprise admins groups on the TESTDOM domain.
请注意,我无法使用 System.DirectoryServices.AccountManagement 命名空间,因为我正在使用 .NET 2关于我能做些什么来解决这个问题的任何想法?我绝望了
Notice that I can't use System.DirectoryServices.AccountManagement namespace as I'm working with .NET 2 Any ideas on what can I do to solve this? I am desperate
推荐答案
好的,我搞定了:
dirEntry = new DirectoryEntry(ldapPath, domainAdminUser, domainAdminPassword);
dirEntry.Invoke("SetPassword", new object[] { newPassword });
dirEntry.Properties["LockOutTime"].Value = 0; //unlock account
ldapPath 应该包含我们尝试更改的用户的完整 DN,因此它应该类似于:
ldapPath should include the full DN of the user we're trying to change , so it should look something like:
string ldapPath = "LDAP://ad.domain.com:389/CN=username,OU=Users,DC=ad,DC=domain,DC=com"
这篇关于尝试创建新的 Active Directory 用户时,Invoke(“SetPassword",pwd) 抛出“RPC 服务器不可用"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!