摘要:以前弄个了用于AD OU、帐号和组等对象的几个类（见《活动目录操作类更新》），现在对这个再进行一点改进和增加一些功能。貌似gotdotnet workspace已经无法使用，过些日子我把更新后的类库发布在codeplex上再发布个具体链接出来。 修改/增加的地方： 1、权限机制：摒弃在配置文件中配置域管理员帐号密码的方式，而采用重新用COM+安全身份来执行整个AD操作。 2、用户：修正Lock/UnLock和Enabled/Disabled，Mail-Enabled/Mailbox-Enabled的用法。 3、组：修正创建组时无法指定Group Scope/Group Type的问题，增加对各类型组的创建支持。同时支持更改组Owner，和设置管理Membership list的属性。 其中更新Membership list属性的更改比较有意思。因为在AD中并没有一个属性与之对应，只能通过修改访问规则来设置： ActiveDirectorySecurity ads = myGroup.ObjectSecurity;ActiveDirectoryAccessRule accessRule = new ActiveDirectoryAccessRule(          new NTAccount(Domain, samAccountName),          ActiveDirectoryRights.WriteProperty,          AccessControlType.Allow,          new Guid("bf9679c0-0de6-11d0-a285-00aa003049e2")); ads.AddAccessRule(accessRule);myGroup.ObjectSecurity = ads;myGroup.CommitChanges(); 4、Mail相关：增加了对Exchange Server/StoreGroup/MailStore/Mailbox的各类操作（相关见《枚举Exchange Server, StoreGroups, MailStore》）。同时支持对proxyAddresses等属性的修改设置。 其中更新proxyAddresseses并设置 Primary proxyAddress也比较有意思，摘出供参考：        private void UpdateProxyAddresses(DirectoryEntry userEntry, ArrayList emailAddresses)        {            PropertyCollection properties = userEntry.Properties;            PropertyValueCollection proxyAddresses = userEntry.Properties["proxyAddresses"];             if (proxyAddresses != null)            {                for (int i = 0; i < emailAddresses.Count; i++)                {                    string emailType = emailTypes[i];                    string emailAddress = emailAddresses[i].ToString();                    int schemaIndex = Array.IndexOf(emailTypes, emailType);                     if (schemaIndex > -1)                    {                        // Is it the primary address                        if (schemaIndex == 0)                            userEntry.Properties["mail"].Value = emailAddress.ToString();                         string emailPrefix = emailPrefixes[schemaIndex];                       ......[阅读全文]