ITdaan
搜索本文相关内容

如何在C#中的其他Active Directory域中添加用户?

[英]How to add a user in a different Active Directory Domain in C#?

本文翻译自  LeeMobile  查看原文  2008/11/24  3949    c#/ cross-domain/ active-directory           

So my goal is to be able to add a user from one Active Directory Domain to another group in a separate Active Directory Domain.

因此,我的目标是能够将用户从一个Active Directory域添加到单独的Active Directory域中的另一个组。

I'd like to do this in C#. I know there is a System.DirectoryServices namespace with classes to communicate with AD, but I can't find any information on adding users across domains.

我想在C#中这样做。我知道有一个System.DirectoryServices命名空间,其中包含与AD通信的类,但我找不到有关跨域添加用户的任何信息。

In the environment there are two domain controllers with the same parent forest. There is a transient trust between the 2 domains, let's call them domains A and B.

在环境中,有两个具有相同父林的域控制器。两个域之间存在暂时信任,我们称之为域A和B.

I'm able to add a user from B to a Domain Local or Universal group inside of domain A with the Active Directory tool.

我可以使用Active Directory工具将B中的用户添加到域A内的域本地或通用组。

Does anyone know how I can do this programmatically using C#?

有谁知道如何使用C#以编程方式执行此操作?

2 个解决方案

#1

1  

What worked for me when I wrote code to do this a couple years back:

几年前我编写代码时对我有用的东西:

  1. Get a DirectoryEntry for the group to which you want to add a member.

    2. 获取要添加成员的组的DirectoryEntry。

  2. Call Invoke on the group DirectoryEntry passing arguments "Add" as the method name and the ADsPath of the member in an array.

    3. 在DirectoryEntry组上调用Invoke,将参数“Add”作为方法名称和数组中成员的ADsPath传递。

Some sample code off the top of my head:

一些示例代码在我的头顶:

DirectoryEntry group = new DirectoryEntry(@"LDAP://CN=foo,DC=domainA");
string memberADsPath = @"LDAP://CN=bar,DC=domainB";
group.Invoke("Add", new Object[] {memberADsPath});

#2

0  

You need to create a DirectoryEntry object to the Group. Then you add the DN off the user you want to add to the group to the member attribute on the group. For example:

您需要为Group创建DirectoryEntry对象。然后,将要添加到组中的用户的DN添加到组中的成员属性。例如:

DirectoryEntry group = new DirectoryEntry("LDAP://child.domain.com/cn=group,ou=sample,dc=child,dc=domain,dc=com");

string userDN = "cn=user,ou=sample,dc=domain,dc=com";

group.Properties["member"].Add(userDN);
group.CommitChanges();

Probably your having issues getting bound to the group DirectoryEntry. Make sure you can read attributes off that DE before you try adding a group to make sure your successfully binding.

可能是您遇到绑定到DirectoryEntry组的问题。在尝试添加组以确保成功绑定之前,请确保您可以从该DE读取属性。

智能推荐

注意!

本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:http://www.silva-art.net/blog/2008/11/24/e72307a803c5fff3734c5e7beab0384e.html



猜您在找
我可以在.NET中模拟其他Active Directory域上的用户吗? - Can I impersonate a user on a different Active Directory domain in .NET? 如何在c#中获取当前用户的活动目录细节 - How to get the current user's Active Directory details in C# 使用C#中的密码创建Active Directory用户 - Creating Active Directory user with password in C# 在.NET中创建Active Directory用户(C#) - Create Active Directory user in .NET (C#) 如何在SQL Server中添加活动目录用户组作为登录 - How to add Active Directory user group as login in SQL Server
智能推荐
 
© 2014-2019 ITdaan.com 粤ICP备14056181号  

赞助商广告