using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.DirectoryServices;
/// <summary>
///ADUtil 的摘要說明
/// </summary>
public class ADUtil
{
// LDAP地址 例如:LDAP://my.com.cn
private const string LDAP_HOST = "LDAP://my.com.cn";
// 具有LDAP管理權限的特殊帳號
private const string USER_NAME = "account";
// 具有LDAP管理權限的特殊帳號的密碼
private const string PASSWORD = "password";
public ADUtil()
{
//
//TODO: 在此處添加構造函數邏輯
//
}
/**
* 向某個組添加人員
* groupName 組名稱
* userName 人員域帳號
**/
public static void addGroupMember(string groupName, string userName)
{
DirectoryEntry group = getGroupByName(groupName);
group.Username = USER_NAME;
group.Password = PASSWORD;
group.Properties["member"].Add(getUserDNByName(userName));
group.CommitChanges();
}
/**
* 從某個組移出指定的人員
* groupName 組名稱
* userName 人員域帳號
**/
public static void removeGroupMember(string groupName, string userName)
{
DirectoryEntry group = getGroupByName(groupName);
group.Username = USER_NAME;
group.Password = PASSWORD;
group.Properties["member"].Remove(getUserDNByName(userName));
group.CommitChanges();
}
/**
* 獲取指定人員的域信息
* name 人員域帳號
**/
public static object getUserDNByName(string name)
{
DirectorySearcher userSearch = new DirectorySearcher(LDAP_HOST);
userSearch.SearchRoot = new DirectoryEntry(LDAP_HOST, USER_NAME, PASSWORD);
userSearch.Filter = "(SAMAccountName=" + name + ")";
SearchResult user = userSearch.FindOne();
if (user == null)
{
throw new Exception("請確認域用戶是否正確");
}
return user.Properties["distinguishedname"][0];
}
/**
* 獲取指定域組的信息
* name 組名稱
**/
public static DirectoryEntry getGroupByName(string name)
{
DirectorySearcher search = new DirectorySearcher(LDAP_HOST);
search.SearchRoot = new DirectoryEntry(LDAP_HOST, USER_NAME, PASSWORD);
search.Filter = "(&(cn=" + name + ")(objectClass=group))";
search.PropertiesToLoad.Add("objectClass");
SearchResult result = search.FindOne();
DirectoryEntry group;
if (result != null)
{
group = result.GetDirectoryEntry();
}
else {
throw new Exception("請確認AD組列表是否正確");
}
return group;
}
}