xiaolizi007
11/25/2016 - 2:12 AM

重置AD域用户的密码, 设置AD用户头像和缩略图 必须使用管理员权限才可以,普通用户的时候,系统会拒绝访问

重置AD域用户的密码 #csharp #ad

  public bool ResetPwdByNewPassword(DirectoryEntry userEntry, String originPassword, String newPassword)
        {
            var sAMAccountName = String.Empty;
            var result = false;
            try
            {
                if (userEntry.Properties.Contains("sAMAccountName"))
                {
                    sAMAccountName = userEntry.Properties["sAMAccountName"][0].ToString();
                    DirectoryEntry tempEntry = CheckLogin(sAMAccountName, originPassword);
                    if (tempEntry != null)
                    {
                        //只能调用具有权限的管理员来更改用户密码
                        DirectorySearcher searcher = new DirectorySearcher(_root);
                        searcher.Filter = "(sAMAccountName=" + sAMAccountName + ")";
                        DirectoryEntry userNewEntry = searcher.FindOne().GetDirectoryEntry();
                        userNewEntry.Invoke("SetPassword", new object[] { "" + newPassword + "" });
                        userNewEntry.CommitChanges();
                        if (userNewEntry.Properties.Contains("mobile"))
                        {
                            var mobile = userNewEntry.Properties["mobile"][0].ToString();
                            SendMsg(mobile, newPassword);
                        }
                        result = true;
                    }
                }
            }
            catch(Exception ex)
            {
                result = false;
            }
            return result;
        }
    class Program
    {
        static void Main(string[] args)
        {
            //userRoot是用户登录后,才能使用的root
            DirectoryEntry userRoot = new DirectoryEntry("LDAP://test.com", "administrator", "P@ssw0rd");
            DirectorySearcher searcher = new DirectorySearcher(userRoot);
            searcher.Filter = "(sAMAccountName=" + "man" + ")";
            DirectoryEntry userEntry = searcher.FindOne().GetDirectoryEntry();
            var thumbnailAbsolutePath = @"E:\code\01.ADMgr项目文件\03.开发文件\avatar.jpg";
            byte[] imgData = System.IO.File.ReadAllBytes(thumbnailAbsolutePath);
            userEntry.Properties["jpegPhoto"].Clear();
            userEntry.Properties["jpegPhoto"].Add(imgData);
            userEntry.CommitChanges();
            var thumbnailAbsolutePath2 = @"E:\code\01.ADMgr项目文件\03.开发文件\avatar75.jpg";
            byte[] imgData2 = System.IO.File.ReadAllBytes(thumbnailAbsolutePath2);
            userEntry.Properties["thumbnailPhoto"].Clear();
            userEntry.Properties["thumbnailPhoto"].Add(imgData2);
            userEntry.CommitChanges();
            userEntry.Dispose();
            Console.ReadKey();

        }
    }
//DirectorySearcher
DirectorySearcher search = new DirectorySearcher(entry);
 search.Filter = "(&(objectClass=group)(cn=" + groupName + "))";
  search.SearchScope = SearchScope.Subtree;
   SearchResult result = search.FindOne(); 
   1.SearchScope 取值說明﹕
    SearchScope.Base﹕ 只搜索对象中的属性,至多可以得到一个对象。
     SearchScope.OneLevel﹕ 表示在基对象的子集合中继续搜索。基对象本身是不搜索的 
     SearchScope.Subtree﹕ 在子树中搜索 
     2.部分方法說明 
     FindOne() 执行搜索并返回第一项
      FindAll() 执行搜索并返回项目集合 
      3.DirectoryEntry类型的对象entry为搜索的根目录 
      DirectorySearcher (DirectoryEntry, String, String[], SearchScope) 参
      数分别为:搜索根目录、搜索筛选条件、要获取的属性和搜索范围,初始化 DirectorySearcher类别


//
using System.DirectoryServices;
DirectoryEntry group = new DirectoryEntry("LDAP://CN=MyGroup,DC=test,DC=com");
DirectorySearcher src = new DirectorySearcher(group "(&(objectClass=user)(objectCategory=Person))"); //& 表示同时满足多个条件
src.AttributeScopedQuery = "member"; // 仅查询组织
src.PropertiesToLoad.Add("sn");
src.PropertiesToLoad.Add("givenName");
src.PropertiesToLoad.Add("telephoneNumber");
foreach(SearchResult res in src.FindAll())
{
      Console.WriteLine("…");
}
 public bool ModifyAdUserAvatarThumbnailPhoto(DirectoryEntry userEntry, byte[] imgData)
        {
            try
            {
                string sAMAccountName = String.Empty;
                #region sAMAccountName
                if (userEntry.Properties.Contains("sAMAccountName"))
                {
                    sAMAccountName = userEntry.Properties["sAMAccountName"][0].ToString();
                    DirectorySearcher searcher = new DirectorySearcher(_root);
                    searcher.Filter = "(sAMAccountName=" + sAMAccountName + ")";
                    DirectoryEntry userNewEntry = searcher.FindOne().GetDirectoryEntry();
                    userNewEntry.Properties["thumbnailPhoto"].Clear();
                    userNewEntry.Properties["thumbnailPhoto"].Add(imgData);
                    userNewEntry.CommitChanges();
                    return true;
                }
                else
                {
                    return false;
                }
                #endregion
            }
            catch (Exception ex)
            {
                return false;
            }
        }
        #endregion
// 重置AD域用户的密码,设置AD用户头像和缩略图必须使用管理员权限才可以,普通用户的时候,系统会拒绝访问   

public bool ModifyAdUserAvatarJpegPhoto(DirectoryEntry userEntry,byte[] imgData)
        {
            try
            {
                string sAMAccountName = String.Empty;
                #region sAMAccountName
                if (userEntry.Properties.Contains("sAMAccountName"))
                {
                    sAMAccountName = userEntry.Properties["sAMAccountName"][0].ToString();
                    DirectorySearcher searcher = new DirectorySearcher(_root);
                    searcher.Filter = "(sAMAccountName=" + sAMAccountName + ")";
                    DirectoryEntry userNewEntry = searcher.FindOne().GetDirectoryEntry();
                    userNewEntry.Properties["jpegPhoto"].Clear();
                    userNewEntry.Properties["jpegPhoto"].Add(imgData);
                    userNewEntry.CommitChanges();
                    return true;
                }
                else
                {
                    return false;
                }
                #endregion
            }
            catch (Exception ex)
            {
                return false;
            }
        }