MS.Tech - IT人

AD 用户组类库中增加几个功能

以前弄个了用于AD OU、帐号和组等对象的几个类（见《活动目录操作类更新》），现在对这个再进行一点改进和增加一些功能。貌似gotdotnet workspace已经无法使用，过些日子我把更新后的类库发布在codeplex上再发布个具体链接出来。

修改/增加的地方：

1、权限机制：摒弃在配置文件中配置域管理员帐号密码的方式，而采用重新用COM+安全身份来执行整个AD操作。

2、用户：修正Lock/UnLock和Enabled/Disabled，Mail-Enabled/Mailbox-Enabled的用法。

3、组：修正创建组时无法指定Group Scope/Group Type的问题，增加对各类型组的创建支持。同时支持更改组Owner，和设置管理Membership list的属性。

其中更新Membership list属性的更改比较有意思。因为在AD中并没有一个属性与之对应，只能通过修改访问规则来设置：

ActiveDirectorySecurity ads = myGroup.ObjectSecurity;
ActiveDirectoryAccessRule accessRule = new ActiveDirectoryAccessRule(
          new NTAccount(Domain, samAccountName),
          ActiveDirectoryRights.WriteProperty,
          AccessControlType.Allow,
          new Guid("bf9679c0-0de6-11d0-a285-00aa003049e2"));

ads.AddAccessRule(accessRule);
myGroup.ObjectSecurity = ads;
myGroup.CommitChanges();

4、Mail相关：增加了对Exchange Server/StoreGroup/MailStore/Mailbox的各类操作（相关见《枚举Exchange Server, StoreGroups, MailStore》）。同时支持对proxyAddresses等属性的修改设置。

其中更新proxyAddresseses并设置 Primary proxyAddress也比较有意思，摘出供参考：

       private void UpdateProxyAddresses(DirectoryEntry userEntry, ArrayList emailAddresses)
        {
            PropertyCollection properties = userEntry.Properties;
            PropertyValueCollection proxyAddresses = userEntry.Properties["proxyAddresses"];

            if (proxyAddresses != null)
            {
                for (int i = 0; i < emailAddresses.Count; i++)
                {
                    string emailType = emailTypes[i];
                    string emailAddress = emailAddresses[i].ToString();
                    int schemaIndex = Array.IndexOf(emailTypes, emailType);

                    if (schemaIndex > -1)
                    {
                        // Is it the primary address
                        if (schemaIndex == 0)
                            userEntry.Properties["mail"].Value = emailAddress.ToString();

                        string emailPrefix = emailPrefixes[schemaIndex];
                        bool found = false;

                        for (int j = 0; j < proxyAddresses.Count; j++)
                        {
                            string proxyAddress = proxyAddresses[j].ToString();
                            if (proxyAddress.StartsWith(emailPrefix + ":"))
                            {
                                proxyAddresses[j] = emailPrefix + ":" + emailAddress;
                                found = true;
                            }
                        }

                        if (!found)
                            proxyAddresses.Add(emailPrefix + ":" + emailAddress);
                    }

                    userEntry.Properties["proxyAddresses"].Value = proxyAddresses.Value;
                }
            }
        }

        public void MakePrimaryProxyAddress(DirectoryEntry userEntry, string newMailAddress)
        {
            System.DirectoryServices.PropertyCollection properties = userEntry.Properties;
            PropertyValueCollection proxyAddresses = userEntry.Properties["proxyAddresses"];

            if (proxyAddresses != null)
            {
                bool found = false;

                for (int j = 0; j < proxyAddresses.Count; j++)
                {
                    string proxyadd = proxyAddresses[j].ToString();

                    if (proxyadd.StartsWith("SMTP:"))
                    {
                        found = true;
                        string[] proxyparts = proxyadd.Split(':');
                        proxyAddresses[j] = "smtp:" + proxyparts[1];
                    }
                }

                if (!found)
                {
                    proxyAddresses.Insert(0, "SMTP:" + newMailAddress);

                    userEntry.Properties["proxyAddresses"].Value = proxyAddresses.Value;
                }
            }
        }

BTW, Workflow Foundation又有2篇经典文章值得一品：

• Different Execution Patterns with WF
• Implementing the N of M Pattern in WF

posted on 2007-07-22 03:24:00 by liuhuimiao  评论(3) 阅读(7490)

活动目录操作类更新

以前写了点关于活动目录的文章，收到很多的反馈和问题。由于时间限制，无法一一回应。近期在codeproject上找到了一篇关于活动目录API封装的文章，一时心动，就在其基础上进行了修改扩展（代码使用上除按原作者的要求外，其他可没任何要求）。经过修改扩展后的活动目录操作类，应该可以满足大部分需求了，相信大家使用起来也会比较简便的。下载地址：http://www.gotdotnet.com/Workspaces/Workspace.aspx?id=93001c9d-194c-47ff-bc1a-e5ccd81d7e4a

Sample Code:

    private void button1_Click(object sender, EventArgs e)
    ...{
        // 获取 OU
        ADOrganizationalUnit ou = ADManager.LoadOU("TestOU");
        Console.WriteLine(ou.DistinguishedName);

        // 获取该 OU 下所有用户(包括所有下级OU)
        IList<ADUser> allUsers = ADManager.LoadAllUsers(ou.DistinguishedName, true);
        Console.WriteLine(allUsers.Count.ToString());

        // 获取该 OU 下所有用户(不包括所有下级OU, 仅该OU里)
        IList<ADUser> subUsers = ADManager.LoadAllUsers(ou.DistinguishedName, false);
        Console.WriteLine(subUsers.Count.ToString());

        // 在 OU 下创建用户。并且激活该用户和设置用户帐号密码永不过期。
        ADUser user = ADManager.CreateUser(ou.DistinguishedName, "通用名", "MyAccount", "MyPassword@1", AccountOptions.ADS_UF_NORMAL_ACCOUNT | AccountOptions.ADS_UF_DONT_EXPIRE_PASSWD);

        // 在 OU 下创建组，该组默认为全局安全组。
        ADGroup group = ADManager.CreateGroup(ou.DistinguishedName, "MyGroup");

        // 把用户加入指定组里
        ADManager.AddUserToGroup(user.AccountName, group.Name);

        // 把用户从指定组里移除
        ADManager.RemoveUserFromGroup(user.AccountName, group.Name);

        // 禁用用户
        ADManager.SetUserAccountOptions(user.AccountName, AccountOptions.ADS_UF_ACCOUNTDISABLE);

        // 启用用户并设置用户密码永不过期
        ADManager.SetUserAccountOptions(user.AccountName, AccountOptions.ADS_UF_NORMAL_ACCOUNT | AccountOptions.ADS_UF_DONT_EXPIRE_PASSWD);

        // 获取用户所属的所有用户组
        IList<ADGroup> userGroups = user.Groups;
        foreach (ADGroup userGroup in userGroups)
        ...{
            Console.WriteLine(userGroup.Name);
        }

        // 获取组里所有用户
        IList<ADUser> groupUsers = group.Users;
        foreach (ADUser groupUser in groupUsers)
        ...{
            Console.WriteLine(groupUser.AccountName);
        }

        // 更新用户信息
        user.Company = "User Company";
        user.Department = "Sales";
        user.Email = "myaccount@demo.local";
        user.Mobile = "13333333333";
        user.Url = "http://homepage";
        user.ExtensionAttribute1 = "my custom info";
        user.Title = "CAO";
        // ......
        user.Update();

        // 删除用户和组和OU
        ADManager.DeleteUser(user.AccountName);
        ADManager.DeleteGroup(group.Name);
    }

posted on 2006-09-11 00:27:00 by liuhuimiao  评论(7) 阅读(7765)