摘要:以前弄个了用于AD OU、帐号和组等对象的几个类(见《活动目录操作类更新》),现在对这个再进行一点改进和增加一些功能。貌似gotdotnet workspace已经无法使用,过些日子我把更新后的类库发布在codeplex上再发布个具体链接出来。
修改/增加的地方:
1、权限机制:摒弃在配置文件中配置域管理员帐号密码的方式,而采用重新用COM+安全身份来执行整个AD操作。
2、用户:修正Lock/UnLock和Enabled/Disabled,Mail-Enabled/Mailbox-Enabled的用法。
3、组:修正创建组时无法指定Group Scope/Group Type的问题,增加对各类型组的创建支持。同时支持更改组Owner,和设置管理Membership list的属性。
其中更新Membership list属性的更改比较有意思。因为在AD中并没有一个属性与之对应,只能通过修改访问规则来设置:
ActiveDirectorySecurity ads = myGroup.ObjectSecurity;ActiveDirectoryAccessRule accessRule = new ActiveDirectoryAccessRule( new NTAccount(Domain, samAccountName), ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, new Guid("bf9679c0-0de6-11d0-a285-00aa003049e2"));
ads.AddAccessRule(accessRule);myGroup.ObjectSecurity = ads;myGroup.CommitChanges();
4、Mail相关:增加了对Exchange Server/StoreGroup/MailStore/Mailbox的各类操作(相关见《枚举Exchange Server, StoreGroups, MailStore》)。同时支持对proxyAddresses等属性的修改设置。
其中更新proxyAddresseses并设置 Primary proxyAddress也比较有意思,摘出供参考:
private void UpdateProxyAddresses(DirectoryEntry userEntry, ArrayList emailAddresses) { PropertyCollection properties = userEntry.Properties; PropertyValueCollection proxyAddresses = userEntry.Properties["proxyAddresses"];
if (proxyAddresses != null) { for (int i = 0; i < emailAddresses.Count; i++) { string emailType = emailTypes[i]; string emailAddress = emailAddresses[i].ToString(); int schemaIndex = Array.IndexOf(emailTypes, emailType);
if (schemaIndex > -1) { // Is it the primary address if (schemaIndex == 0) userEntry.Properties["mail"].Value = emailAddress.ToString();
string emailPrefix = emailPrefixes[schemaIndex]; ......[
阅读全文]