英文:
AD user is created in the wrong OU
问题
我将使用C#创建一个AD用户,但用户未在正确的组织单位(OU)中创建!
每个用户都创建在公司的"users OU"中,而不是例如Users/HR/company.lan中。
我的代码如下:
string ouPath = $"OU=Users,OU={selectedDepartment},OU={selectedLocation},DC=vollmer,DC=lan";
string fullPath = $"LDAP://{ouPath}";
using (DirectoryEntry ouEntry = new DirectoryEntry(fullPath))
{
using (UserPrincipal newUser = new UserPrincipal(context))
{
newUser.SamAccountName = username;
newUser.GivenName = firstName;
newUser.Surname = lastName;
newUser.SetPassword(password);
newUser.Enabled = true;
newUser.Save();
}
}
在调试中,fullPath 也是正确的:
OU=Users,OU=HR,OU=Biberach,DC=company,DC=lan
我还尝试过不加LDAP://,但也没有成功。
英文:
I will create a AD User with C# but the user isn't creating in the right OU!
Every user is created in the users OU in company.lan and not for example in Users/HR/company.lan.
My code is:
string ouPath = $"OU=Users,OU={selectedDepartment},OU={selectedLocation},DC=vollmer,DC=lan";
string fullPath = $"LDAP://{ouPath}";
using (DirectoryEntry ouEntry = new DirectoryEntry(fullPath))
{
using (UserPrincipal newUser = new UserPrincipal(context))
{
newUser.SamAccountName = username;
newUser.GivenName = firstName;
newUser.Surname = lastName;
newUser.SetPassword(password);
newUser.Enabled = true;
newUser.Save();
}
}
In debugging the fullPath locks also right
OU=Users,OU=HR,OU=Biberach,DC=company,DC=lan
I also try without LDAP:// but it also doesn't work.
答案1
得分: 2
你在ouEntry中创建了对OU的引用,但后来并没有使用它。相反,你使用new UserPrincipal(context)来创建用户。用户的创建位置将取决于你如何定义context。
你混合了使用System.DirectoryServices命名空间(例如DirectoryEntry)和System.DirectoryServices.AccountManagement命名空间(UserPrincipal)。我建议你坚持使用其中一个。因此,你应该要么:
- 摆脱
DirectoryEntry的引用,然后更改如何定义context,以便它指向正确的OU。 - 不要使用
UserPrincipal,而是使用ouEntry.Children.Add()。
可能会像这样:
var newUser = ouEntry.Children.Add($"CN={username}", "user");
newUser.Properties["samAccountName"].Value = username;
newUser.Properties["givenName"].Value = firstName;
newUser.Properties["sn"].Value = lastName;
newUser.Properties["unicodePwd"].Value = Encoding.Unicode.GetBytes($"\"{password}\"");
newUser.CommitChanges();
设置unicodePwd将取决于你的连接是否加密。如果你是从加入同一域的计算机上运行这个代码,你可以使用:
var ouEntry = new DirectoryEntry(fullPath, null, null, AuthenticationTypes.Secure | AuthenticationTypes.Sealing);
否则,你需要在端口636上使用LDAPS(SSL上的LDAP),这可能需要更复杂的设置。
string fullPath = $"LDAP://vollmer.lan:636/{ouPath}";
var ouEntry = new DirectoryEntry(fullPath);
英文:
You're creating a reference to the OU in ouEntry, but then you don't use it. You're instead using new UserPrincipal(context) to create the user. Where the user is created will depend on how you defined context.
You're mixing use of the System.DirectoryServices namespace (i.e. DirectoryEntry) with the System.DirectoryServices.AccountManagement namespace (UserPrincipal). I would suggest that you stick to one or the other. So you should either:
- Get rid of the
DirectoryEntryreference and change how you definecontextso that it points to the right OU. - Don't use
UserPrincipaland useouEntry.Children.Add()instead.
That could look something like this:
var newUser = ouEntry.Children.Add($"CN={username}", "user");
newUser.Properties["samAccountName"].Value = username;
newUser.Properties["givenName"].Value = firstName;
newUser.Properties["sn"].Value = lastName;
newUser.Properties["unicodePwd"].Value = Encoding.Unicode.GetBytes($"\"{password}\"");
newUser.CommitChanges();
Setting unicodePwd will depend on if your connection is encrypted. If you're running this from a computer joined to the same domain, you can use:
var ouEntry = new DirectoryEntry(fullPath, null, null, AuthenticationTypes.Secure | AuthenticationTypes.Sealing);
Otherwise, you'd have to use LDAPS (LDAP over SSL) on port 636, which may or may not be more complicated to setup.
string fullPath = $"LDAP://vollmer.lan:636/{ouPath}";
var ouEntry = new DirectoryEntry(fullPath);
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论