問題描述

我正在尋找一種方法來創建 Active Directory 用戶并設置他們的密碼，最好不授予我的應用程序/服務域管理員權限.

I'm looking for a way to create Active Directory users and set their password, preferably without giving my application/service Domain Admin privileges.

我嘗試了以下方法:

DirectoryEntry newUser = _directoryEntry.Children.Add("CN=" + fullname, USER);
newUser.Properties["samAccountName"].Value = username;
newUser.Properties["userPassword"].Value = password;
newUser.Properties["mail"].Value = email;
newUser.CommitChanges();

用戶已創建，但似乎從未在用戶上設置密碼.

The user is created, but it seems the password is never set on the user.

有沒有人知道如何在創建用戶時最初設置用戶密碼?我知道

Does anyone have an idea on how to set the user's password initially when creating the user? I know about

.Invoke("SetPassword", new object[] { password })

但這需要我的代碼以域管理員權限運行.因為我真的沒有看到授予我的代碼域管理員權限的意義，只是為了設置初始密碼(我也允許用戶密碼重置，但那些在該特定用戶的上下文中運行)，我希望有人有一個聰明的不需要我這樣做的解決方案.

But that requires my code to be run with Domain Admin privileges. As I don't really see the point to grant my code Domain Admin privileges, just to set the initial password (I also allow user password resets, but those run in the context of that particular user), I am hoping someone has a clever solution that doesn't require me to do so.

提前致謝！

推薦答案

現在您可以使用 System.DirectoryServices.AccountManagement 更輕松地完成整個過程(只要您使用的是 .Net 3.5):

You can do this whole process much easier now with System.DirectoryServices.AccountManagement (long as you're on .Net 3.5):

請參閱此處了解完整概要

以下是您的具體案例的快速示例:

Here's a quick example of your specific case:

using(var pc = new PrincipalContext(ContextType.Domain))
{
  using(var up = new UserPrincipal(pc))
  {
    up.SamAccountName = username;
    up.EmailAddress = email;
    up.SetPassword(password);
    up.Enabled = true;
    up.ExpirePasswordNow();
    up.Save();
  }
}

這篇關于在 C# 中使用密碼創建 Active Directory 用戶的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！