密码更改Active Directory用户时出错
您好我正在尝试重置Active Directory用户的密码但我收到错误,以下是我的代码:
public string ChangePassword(string Identity,string OldPassword, string Password) { string success = "Success"; try { DirectoryEntry UserEntry = null; DirectoryEntry entry = new DirectoryEntry("LDAP://.../DC=Domain,DC=COM", Identity, OldPassword); DirectorySearcher search = new DirectorySearcher(entry); SearchResult resultsearch = search.FindOne(); if (resultsearch == null) { success = "User Not Found In This Domain"; } else { success = "find"; UserEntry = resultsearch.GetDirectoryEntry(); UserEntry.Username = @"Domain\Administrator"; UserEntry.Password = "password"; UserEntry.AuthenticationType = AuthenticationTypes.None; if (UserEntry == null) success = "User Not Found In This Domain"; else { try { success = UserEntry.Username.ToString(); UserEntry.Invoke("ChangePassword", new object[] { OldPassword, Password }); UserEntry.CommitChanges(); } catch (Exception ex) { success = ex.ToString(); } } } } catch (Exception ex) { success = ex.ToString(); } 所以我在UserEntry.Invoke中收到错误(“ChangePassword”,new object [] {OldPassword,Password}); UserEntry.CommitChanges();
错误:
System.Runtime.InteropServices.COMException (0x80020006): Unknown name. (Exception from HRESULT: 0x80020006 (DISP_E_UNKNOWNNAME)) at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args) at WebService.ChangePassword(String Identity, String OldPassword, String Password) in c:\inetpub\wwwroot\WebSite1\App_Code\WebService.cs:line 370
如果您使用的是.NET Framework 3.5或更高版本,则以下代码将解决该问题。 类定义被省略。
using System.DirectoryServices.AccountManagement; public static string ChangePassword(string adminUser, string adminPassword, string domain, string container, string userName, string newPassword) { try { PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, domain, container, adminUser, adminPassword); UserPrincipal user = UserPrincipal.FindByIdentity(principalContext, userName); if (user == null) return "User Not Found In This Domain"; user.SetPassword(newPassword); return user.Name; } catch (Exception ex) { return ex.Message; } }
用法:
ChangePassword(@"DOMAIN\Administrator", "password", "DOMAIN", "DC=Domain,DC=COM", userName, newPassword);
编辑:添加了.NET 2.0框架的版本。
.NET 2.0的更改密码方法:
public static string ChangePassword20(string adminUser, string adminPassword, string container, string domainController, string userName, string newPassword) { const AuthenticationTypes authenticationTypes = AuthenticationTypes.Secure | AuthenticationTypes.Sealing | AuthenticationTypes.ServerBind; DirectoryEntry searchRoot = null; DirectorySearcher searcher = null; DirectoryEntry userEntry = null; try { searchRoot = new DirectoryEntry(String.Format("LDAP://{0}/{1}", domainController, container), adminUser, adminPassword, authenticationTypes); searcher = new DirectorySearcher(searchRoot); searcher.Filter = String.Format("sAMAccountName={0}", userName); searcher.SearchScope = SearchScope.Subtree; searcher.CacheResults = false; SearchResult searchResult = searcher.FindOne(); ; if (searchResult == null) return "User Not Found In This Domain"; userEntry = searchResult.GetDirectoryEntry(); userEntry.Invoke("SetPassword", new object[] { newPassword }); userEntry.CommitChanges(); return "New password set"; } catch (Exception ex) { return ex.ToString(); } finally { if (userEntry != null) userEntry.Dispose(); if (searcher != null) searcher.Dispose(); if (searchRoot != null) searchRoot.Dispose(); } }
用法:
ChangePassword20(@"DOMAIN\Administrator", "password", "DC=Domain,DC=COM", "domainControllerName", "userName", "newPassword");
一些事情:
- 您不应该在
UserEntry上设置用户名,密码或AuthN类型。 - 你的成功=
UserEntry.Username...应该是obj foo = UserEntry.NativeObject;。 如果通过,您有一个有效的DE。 - 您不需要在此处调用
CommitChanges()。 - 您可以在用户的上下文中调用ChangePassword,而不是管理员。 这将正确地通过
GetDirectoryEntry()调用。
- 在ASP.NET webapp中,FindByIdentity因PricipalOperationException而失败
- 使用C#向Active Directory注册更改通知
- c #Active Directory服务findAll()仅返回1000个条目
- PrincipalContext.ValidateCredentials始终返回FALSE
- Active Directory服务:PrincipalContext – “容器”对象的DN是什么?
- 限制LDAP查询中返回的属性
- 将启用的计算机添加到Active Directory OU
- 如何将AcquireTokenAsync中收到的令牌与Active Directory一起存储
- 获取AD OU列表