本人在網(wǎng)上公開的源代碼上加上了，搜索，修改，刪除。

using System;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using System.Data;

namespace Common
{
??? public class ADHelper
??? {
??????? private static string DomainName = "VMEX";

??????? private static string LDAPDomain = "DC=VMEX,DC=local";

??????? private static string ADPath = " LDAP://DC=VMEX,DC=local ";

??????? //AD管理員帳號
??????? private static string ADUser = "Administrator";

??????? //AD管理員密碼
??????? private static string ADPasssWord = " 1234@abcd ";

??????? private static IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPasssWord, DomainName);

??????? ///
??????? ///用戶登錄驗證結果
??????? ///
??????? public enum LoginResult
??????? {
??????????? ///
??????????? ///正常登錄
??????????? ///
??????????? LOGIN_USER_OK = 0,
??????????? ///
??????????? ///用戶不存在
??????????? ///
??????????? LOGIN_USER_DOESNT_EXIST,
??????????? ///
??????????? ///用戶帳號被禁用
??????????? ///
??????????? LOGIN_USER_ACCOUNT_INACTIVE,
??????????? ///
??????????? ///用戶密碼不正確
??????????? ///
??????????? LOGIN_USER_PASSWORD_INCORRECT
??????? }

??????? ///
??????? ///用戶屬性定義標志
??????? ///
??????? public enum ADS_USER_FLAG_ENUM
??????? {
??????????? ///
??????????? ///登錄腳本標志。如果通過 ADSI LDAP 進行讀或寫操作時，該標志失效。如果通過 ADSI WINNT，該標志為只讀。
??????????? ///
??????????? ADS_UF_SCRIPT = 0X0001,
??????????? ///
??????????? ///用戶帳號禁用標志
??????????? ///
??????????? ADS_UF_ACCOUNTDISABLE = 0X0002,
??????????? ///
??????????? ///主文件夾標志
??????????? ///
??????????? ADS_UF_HOMEDIR_REQUIRED = 0X0008,
??????????? ///
??????????? ///過期標志
??????????? ///
??????????? ADS_UF_LOCKOUT = 0X0010,
??????????? ///
??????????? ///用戶密碼不是必須的
??????????? ///
??????????? ADS_UF_PASSWD_NOTREQD = 0X0020,
??????????? ///
??????????? ///密碼不能更改標志
??????????? ///
??????????? ADS_UF_PASSWD_CANT_CHANGE = 0X0040,
??????????? ///
??????????? ///使用可逆的加密保存密碼
??????????? ///
??????????? ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0X0080,
??????????? ///
??????????? ///本地帳號標志
??????????? ///
??????????? ADS_UF_TEMP_DUPLICATE_ACCOUNT = 0X0100,
??????????? ///
??????????? ///普通用戶的默認帳號類型
??????????? ///
??????????? ADS_UF_NORMAL_ACCOUNT = 0X0200,
??????????? ///
??????????? ///跨域的信任帳號標志
??????????? ///
??????????? ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = 0X0800,
??????????? ///
??????????? ///工作站信任帳號標志
??????????? ///
??????????? ADS_UF_WORKSTATION_TRUST_ACCOUNT = 0x1000,
??????????? ///
??????????? ///服務器信任帳號標志
??????????? ///
??????????? ADS_UF_SERVER_TRUST_ACCOUNT = 0X2000,
??????????? ///
??????????? ///密碼永不過期標志
??????????? ///
??????????? ADS_UF_DONT_EXPIRE_PASSWD = 0X10000,
??????????? ///
??????????? /// MNS 帳號標志
??????????? ///
??????????? ADS_UF_MNS_LOGON_ACCOUNT = 0X20000,
??????????? ///
??????????? ///交互式登錄必須使用智能卡
??????????? ///
??????????? ADS_UF_SMARTCARD_REQUIRED = 0X40000,
??????????? ///
??????????? ///當設置該標志時，服務帳號（用戶或計算機帳號）將通過 Kerberos 委托信任
??????????? ///
??????????? ADS_UF_TRUSTED_FOR_DELEGATION = 0X80000,
??????????? ///
??????????? ///當設置該標志時，即使服務帳號是通過 Kerberos 委托信任的，敏感帳號不能被委托
??????????? ///
??????????? ADS_UF_NOT_DELEGATED = 0X100000,
??????????? ///
??????????? ///此帳號需要 DES 加密類型
??????????? ///
??????????? ADS_UF_USE_DES_KEY_ONLY = 0X200000,
??????????? ///
??????????? ///不要進行 Kerberos 預身份驗證
??????????? ///
??????????? ADS_UF_DONT_REQUIRE_PREAUTH = 0X4000000,
??????????? ///
??????????? ///用戶密碼過期標志
??????????? ///
??????????? ADS_UF_PASSWORD_EXPIRED = 0X800000,
??????????? ///
??????????? ///用戶帳號可委托標志
??????????? ///
??????????? ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0X1000000
??????? }

??????? public ADHelper()
??????? {
??????????? //
??????? }

??????? ///
??????? ///獲得DirectoryEntry對象實例,以管理員登陸AD
??????? ///
??????? ///
??????? private static DirectoryEntry GetDirectoryObject()
??????? {
??????????? DirectoryEntry entry = new DirectoryEntry(ADPath, ADUser, ADPasssWord, AuthenticationTypes.Secure);
??????????? return entry;
??????? }

??????? ///
??????? ///根據(jù)指定用戶名和密碼獲得相應DirectoryEntry實體
??????? ///
??????? ///
??????? ///
??????? ///
??????? private static DirectoryEntry GetDirectoryObject(string userName, string password)
??????? {
??????????? DirectoryEntry entry = new DirectoryEntry(ADPath, userName, password, AuthenticationTypes.None);
??????????? return entry;
??????? }

??????? private static DirectoryEntry GetDirectoryObject(string domainReference)
??????? {
??????????? DirectoryEntry entry = new DirectoryEntry(ADPath + domainReference, ADUser, ADPasssWord, AuthenticationTypes.Secure);
??????????? return entry;
??????? }

??????? /// <summary>
??????? /// 找到該用戶對象
??????? /// </summary>
??????? /// <param name="commonName"></param>
??????? /// <returns></returns>
??????? public static DirectoryEntry GetDirectoryEntry(string commonName)
??????? {
??????????? DirectoryEntry de = GetDirectoryObject();
??????????? DirectorySearcher deSearch = new DirectorySearcher(de);
??????????? deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";
??????????? deSearch.SearchScope = SearchScope.Subtree;

??????????? try
??????????? {
??????????????? SearchResult result = deSearch.FindOne();
??????????????? de = new DirectoryEntry(result.Path);
??????????????? return de;
??????????? }
??????????? catch
??????????? {
??????????????? return null;
??????????? }

??????? }

???????? ///
???????? ///根據(jù)用戶公共名稱和密碼取得用戶的 對象。
???????? ///
???????? ///用戶公共名稱
???????? ///用戶密碼
???????? ///如果找到該用戶，則返回用戶的 對象；否則返回 null
???????? public static DirectoryEntry GetDirectoryEntry(string commonName, string password)
???????? {
????????????? DirectoryEntry de = GetDirectoryObject(commonName, password);
????????????? DirectorySearcher deSearch = new DirectorySearcher(de);
????????????? deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";
????????????? deSearch.SearchScope = SearchScope.Subtree;
?
????????????? try
????????????? {
?????????????????? SearchResult result = deSearch.FindOne();
?????????????????? de = new DirectoryEntry(result.Path);
?????????????????? return de;
????????????? }
????????????? catch
????????????? {
?????????????????? return null;
????????????? }
???????? }
?
???????? ///
???????? ///根據(jù)用戶帳號稱取得用戶的 對象
???????? ///
???????? ///用戶帳號名
???????? ///如果找到該用戶，則返回用戶的 對象；否則返回 null
???????? public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName)
???????? {
????????????? DirectoryEntry de = GetDirectoryObject();
????????????? DirectorySearcher deSearch = new DirectorySearcher(de);
????????????? deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
????????????? deSearch.SearchScope = SearchScope.Subtree;
?
????????????? try
????????????? {
?????????????????? SearchResult result = deSearch.FindOne();
?????????????????? de = new DirectoryEntry(result.Path);
?????????????????? return de;
????????????? }
????????????? catch
????????????? {
?????????????????? return null;
????????????? }
???????? }
?
???????? ///
???????? ///根據(jù)用戶帳號和密碼取得用戶的 對象
???????? ///
???????? ///用戶帳號名
???????? ///用戶密碼
???????? ///如果找到該用戶，則返回用戶的 對象；否則返回 null
???????? public static DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName, string password)
???????? {
????????????? DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
????????????? if (de != null)
????????????? {
?????????????????? string commonName = de.Properties["cn"][0].ToString();
?
?????????????????? if (GetDirectoryEntry(commonName, password) != null)
?????????????????????? return GetDirectoryEntry(commonName, password);
?????????????????? else
?????????????????????? return null;
????????????? }
????????????? else
????????????? {
?????????????????? return null;
????????????? }
???????? }
?
???????? ///
???????? ///根據(jù)組名取得用戶組的 對象
???????? ///
???????? ///組名
???????? ///
???????? public static DirectoryEntry GetDirectoryEntryOfGroup(string groupName)
???????? {
????????????? DirectoryEntry de = GetDirectoryObject();
????????????? DirectorySearcher deSearch = new DirectorySearcher(de);
????????????? deSearch.Filter = "(&(objectClass=group)(cn=" + groupName + "))";
????????????? deSearch.SearchScope = SearchScope.Subtree;
?
????????????? try
????????????? {
?????????????????? SearchResult result = deSearch.FindOne();
?????????????????? de = new DirectoryEntry(result.Path);
?????????????????? return de;
????????????? }
????????????? catch
????????????? {
?????????????????? return null;
????????????? }
???????? }
?
?
?
???????? #region GetProperty
?
???????? ///
???????? ///獲得指定 指定屬性名對應的值
???????? ///
???????? ///
???????? ///屬性名稱
???????? ///屬性值
???????? public static string GetProperty(DirectoryEntry de, string propertyName)
???????? {
????????????? if(de.Properties.Contains(propertyName))
????????????? {
?????????????????? return de.Properties[propertyName][0].ToString() ;
????????????? }
????????????? else
????????????? {
?????????????????? return string.Empty;
????????????? }
???????? }
?
???????? ///
???????? ///獲得指定搜索結果 中指定屬性名對應的值
???????? ///
???????? ///
???????? ///屬性名稱
???????? ///屬性值
???????? public static string GetProperty(SearchResult searchResult, string propertyName)
???????? {
????????????? if(searchResult.Properties.Contains(propertyName))
????????????? {
?????????????????? return searchResult.Properties[propertyName][0].ToString() ;
????????????? }
????????????? else
????????????? {
?????????????????? return string.Empty;
????????????? }
???????? }
?
???????? #endregion
?
???????? ///
???????? ///設置指定 的屬性值
???????? ///
???????? ///
???????? ///屬性名稱
???????? ///屬性值
???????? public static void SetProperty(DirectoryEntry de, string propertyName, string propertyValue)
???????? {
????????????? if(propertyValue != string.Empty || propertyValue != "" || propertyValue != null)
????????????? {
?????????????????? if(de.Properties.Contains(propertyName))
?????????????????? {
?????????????????????? de.Properties[propertyName][0] = propertyValue;
?????????????????? }
?????????????????? else
?????????????????? {
?????????????????????? de.Properties[propertyName].Add(propertyValue);
?????????????????? }
????????????? }
???????? }
?
???????? ///
???????? ///創(chuàng)建新的用戶
???????? ///
???????? ///N 位置。例如：OU=共享平臺 或 CN=Users
???????? ///公共名稱
???????? ///帳號
???????? ///密碼
???????? ///physicalDeliveryOfficeName:辦公位置：
???????? ///description:設備描述：
???????? ///telephoneNumber:固資編碼：
???????? ///department:部門（二級部門）：
???????? ///company:公司（一級部門）：
???????? ///wWWHomePage:IP 地址：
???????? public static DirectoryEntry CreateNewUser(string ldapDN,string snName, string commonName, string sAMAccountName, string password,
???????????? string description,string physicalDeliveryOfficeName,
???????????? string telephoneNumber, string department,string title,
??????????? string company, string wWWHomePage)
???????? {
????????????? DirectoryEntry entry = GetDirectoryObject();
????????????? DirectoryEntry subEntry = entry.Children.Find(ldapDN);
????????????? DirectoryEntry deUser = subEntry.Children.Add("CN=" + commonName, "user");
????????????? deUser.Properties["sAMAccountName"].Value = sAMAccountName;
????????????? //deUser.Properties["description"].Value = description;
????????????? //deUser.Properties["physicalDeliveryOfficeName"].Value = physicalDeliveryOfficeName;
????????????? //deUser.Properties["telephoneNumber"].Value = telephoneNumber;
????????????? //deUser.Properties["department"].Value = department;
????????????? //deUser.Properties["title"].Value = title;
????????????? //deUser.Properties["company"].Value = company;
????????????? //deUser.Properties["wWWHomePage"].Value = wWWHomePage;
????????????? ADHelper.SetProperty(deUser, "sn", snName);
????????????? ADHelper.SetProperty(deUser, "description", description);
????????????? ADHelper.SetProperty(deUser, "physicalDeliveryOfficeName", physicalDeliveryOfficeName);
????????????? ADHelper.SetProperty(deUser, "telephoneNumber", telephoneNumber);
????????????? ADHelper.SetProperty(deUser, "department", department);
????????????? ADHelper.SetProperty(deUser, "title", title);
????????????? ADHelper.SetProperty(deUser, "company", company);
????????????? ADHelper.SetProperty(deUser, "wWWHomePage", wWWHomePage);
????????????? deUser.CommitChanges();
???????????
????????????? //ADHelper.SetProperty(deUser, "description", description);
????????????? ADHelper.SetPassword(commonName, password);
????????????? ADHelper.EnableUser(commonName);
?????????????
????????????? deUser.Close();
????????????? return deUser;
???????? }

??????? /// <summary>
??????? /// 刪除用戶
??????? ///
??????? /// </summary>
??????? /// <param name="ldapDN"></param>
??????? /// <param name="sAMAccountName"></param>
???????? public static void DelUser(string ldapDN, string sAMAccountName)
???????? {
???????????? DirectoryEntry entry = GetDirectoryObject();
???????????? DirectoryEntry subEntry = entry.Children.Find(ldapDN);

???????????? DirectorySearcher deSearch = new DirectorySearcher(subEntry);
??????????? deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
??????????? deSearch.SearchScope = SearchScope.Subtree;
?
??????????? SearchResult result = deSearch.FindOne();
??????????? DirectoryEntry de = new DirectoryEntry(result.Path);
??????????
??????????? subEntry.Children.Remove(de);
?
??????????? entry.CommitChanges();

??????????? de.Close();
???????? }

???????? public static DataTable GetAllUser(string ouName)
???????? {
???????????? DataTable dt = new DataTable();
???????????? dt.Columns.Add("CN");
???????????? dt.Columns.Add("sAMAccountName");
???????????? dt.Columns.Add("description");
???????????? dt.Columns.Add("physicalDeliveryOfficeName");
???????????? dt.Columns.Add("telephoneNumber");
???????????? dt.Columns.Add("department");
???????????? dt.Columns.Add("title");
???????????? dt.Columns.Add("company");
???????????? dt.Columns.Add("wWWHomePage");

???????????? DirectoryEntry adRoot = GetDirectoryObject();
???????????? //設備MAC認證
???????????? DirectoryEntry ou = adRoot.Children.Find("OU=" + ouName);

???????????? DirectorySearcher mySearcher = new DirectorySearcher(ou);
???????????? //(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))
???????????? //mySearcher.Filter = ("(objectClass=user)");
???????????? mySearcher.Filter = "(&(&(objectCategory=person)(objectClass=user)))";

???????????? foreach (System.DirectoryServices.SearchResult resEnt in mySearcher.FindAll())
???????????? {
???????????????? DataRow dr = dt.NewRow();
???????????????? dr["CN"] = string.Empty;
???????????????? dr["sAMAccountName"] = string.Empty;
???????????????? dr["description"] = string.Empty;
???????????????? dr["physicalDeliveryOfficeName"] = string.Empty;
???????????????? dr["telephoneNumber"] = string.Empty;
???????????????? dr["department"] = string.Empty;
???????????????? dr["title"] = string.Empty;
???????????????? dr["company"] = string.Empty;
???????????????? dr["wWWHomePage"] = string.Empty;

???????????????? DirectoryEntry user = resEnt.GetDirectoryEntry();

???????????????? if (user.Properties.Contains("sAMAccountName"))
???????????????? {
???????????????????? dr["sAMAccountName"] = user.Properties["sAMAccountName"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("CN"))
???????????????? {
???????????????????? dr["CN"] = user.Properties["CN"][0].ToString();
???????????????? }

???????????????? if (user.Properties.Contains("description"))
???????????????? {
???????????????????? dr["description"] = user.Properties["description"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("physicalDeliveryOfficeName"))
???????????????? {
???????????????????? dr["physicalDeliveryOfficeName"] = user.Properties["physicalDeliveryOfficeName"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("telephoneNumber"))
???????????????? {
???????????????????? dr["telephoneNumber"] = user.Properties["telephoneNumber"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("department"))
???????????????? {
???????????????????? dr["department"] = user.Properties["department"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("title"))
???????????????? {
???????????????????? dr["title"] = user.Properties["title"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("company"))
???????????????? {
???????????????????? dr["company"] = user.Properties["company"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("wWWHomePage"))
???????????????? {
???????????????????? dr["wWWHomePage"] = user.Properties["wWWHomePage"][0].ToString();
???????????????? }
???????????????? dt.Rows.Add(dr);

???????????? }

???????????? return dt;
???????? }

?????? ? /// <summary>
??????? /// 查詢用戶
??????? /// </summary>
??????? /// <param name="ouName"></param>
??????? /// <returns></returns>
???????? public static DataTable GetAdUser(string ouName, string commonName)
???????? {
???????????? DataTable dt = new DataTable();
???????????? dt.Columns.Add("cn");
???????????? dt.Columns.Add("sAMAccountName");
???????????? dt.Columns.Add("description");
???????????? dt.Columns.Add("physicalDeliveryOfficeName");
???????????? dt.Columns.Add("telephoneNumber");
???????????? dt.Columns.Add("department");
???????????? dt.Columns.Add("title");
???????????? dt.Columns.Add("company");
???????????? dt.Columns.Add("wWWHomePage");

???????????? DirectoryEntry adRoot = GetDirectoryObject();
???????????? //設備MAC認證
???????????? DirectoryEntry ou = adRoot.Children.Find("OU=" + ouName);

???????????? DirectorySearcher mySearcher = new DirectorySearcher(ou);
???????????? //(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))
???????????? //mySearcher.Filter = ("(objectClass=user)");
???????????? mySearcher.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";

???????????? foreach (System.DirectoryServices.SearchResult resEnt in mySearcher.FindAll())
???????????? {
???????????????? DataRow dr = dt.NewRow();
???????????????? dr["cn"] = string.Empty;
???????????????? dr["sAMAccountName"] = string.Empty;
???????????????? dr["description"] = string.Empty;
???????????????? dr["physicalDeliveryOfficeName"] = string.Empty;
???????????????? dr["telephoneNumber"] = string.Empty;
???????????????? dr["department"] = string.Empty;
???????????????? dr["title"] = string.Empty;
???????????????? dr["company"] = string.Empty;
???????????????? dr["wWWHomePage"] = string.Empty;
????????????????

???????????????? DirectoryEntry user = resEnt.GetDirectoryEntry();
???????????????? if (user.Properties.Contains("cn"))
???????????????? {
???????????????????? dr["cn"] = user.Properties["cn"][0].ToString();
???????????????? }

???????????????? if (user.Properties.Contains("sAMAccountName"))
???????????????? {
???????????????????? dr["sAMAccountName"] = user.Properties["sAMAccountName"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("description"))
???????????????? {
???????????????????? dr["description"] = user.Properties["description"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("physicalDeliveryOfficeName"))
???????????????? {
???????????????????? dr["physicalDeliveryOfficeName"] = user.Properties["physicalDeliveryOfficeName"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("telephoneNumber"))
???????????????? {
???????????????????? dr["telephoneNumber"] = user.Properties["telephoneNumber"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("department"))
???????????????? {
???????????????????? dr["department"] = user.Properties["department"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("title"))
???????????????? {
???????????????????? dr["title"] = user.Properties["title"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("company"))
???????????????? {
???????????????????? dr["company"] = user.Properties["company"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("wWWHomePage"))
???????????????? {
???????????????????? dr["wWWHomePage"] = user.Properties["wWWHomePage"][0].ToString();
???????????????? }
???????????????? dt.Rows.Add(dr);

???????????? }

???????????? return dt;

???????? }

??????? /// <summary>
??????? ///
??????? /// </summary>
??????? /// <param name="ouName"></param>
??????? /// <param name="commonName">登陸帳號</param>
??????? /// <returns></returns>
???????? public static DataTable GetUser(string ouName, string commonName)
???????? {
???????????? DataTable dt = new DataTable();
???????????? dt.Columns.Add("cn");
???????????? dt.Columns.Add("sAMAccountName");
???????????? dt.Columns.Add("description");
???????????? dt.Columns.Add("physicalDeliveryOfficeName");
???????????? dt.Columns.Add("telephoneNumber");
???????????? dt.Columns.Add("department");
???????????? dt.Columns.Add("title");
???????????? dt.Columns.Add("company");
???????????? dt.Columns.Add("wWWHomePage");

???????????? DirectoryEntry adRoot = GetDirectoryObject();
???????????? //設備MAC認證
???????????? DirectoryEntry ou = adRoot.Children.Find("OU=" + ouName);

???????????? DirectorySearcher mySearcher = new DirectorySearcher(ou);
???????????? //(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))
???????????? //mySearcher.Filter = ("(objectClass=user)");
???????????? mySearcher.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + commonName + "))";

???????????? foreach (System.DirectoryServices.SearchResult resEnt in mySearcher.FindAll())
???????????? {
???????????????? DataRow dr = dt.NewRow();
???????????????? dr["cn"] = string.Empty;
???????????????? dr["sAMAccountName"] = string.Empty;
???????????????? dr["description"] = string.Empty;
???????????????? dr["physicalDeliveryOfficeName"] = string.Empty;
???????????????? dr["telephoneNumber"] = string.Empty;
???????????????? dr["department"] = string.Empty;
???????????????? dr["title"] = string.Empty;
???????????????? dr["company"] = string.Empty;
???????????????? dr["wWWHomePage"] = string.Empty;

???????????????? DirectoryEntry user = resEnt.GetDirectoryEntry();
???????????????? if (user.Properties.Contains("cn"))
???????????????? {
???????????????????? dr["cn"] = user.Properties["cn"][0].ToString();
???????????????? }

???????????????? if (user.Properties.Contains("sAMAccountName"))
???????????????? {
???????????????????? dr["sAMAccountName"] = user.Properties["sAMAccountName"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("description"))
???????????????? {
???????????????????? dr["description"] = user.Properties["description"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("physicalDeliveryOfficeName"))
???????????????? {
???????????????????? dr["physicalDeliveryOfficeName"] = user.Properties["physicalDeliveryOfficeName"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("telephoneNumber"))
???????????????? {
???????????????????? dr["telephoneNumber"] = user.Properties["telephoneNumber"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("department"))
???????????????? {
???????????????????? dr["department"] = user.Properties["department"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("title"))
???????????????? {
???????????????????? dr["title"] = user.Properties["title"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("company"))
???????????????? {
???????????????????? dr["company"] = user.Properties["company"][0].ToString();
???????????????? }
???????????????? if (user.Properties.Contains("wWWHomePage"))
???????????????? {
???????????????????? dr["wWWHomePage"] = user.Properties["wWWHomePage"][0].ToString();
???????????????? }
???????????????? dt.Rows.Add(dr);

???????????? }

???????????? return dt;

???????? }
?
???????? ///
???????? ///創(chuàng)建新的用戶。默認創(chuàng)建在 Users 單元下。
???????? ///
???????? ///公共名稱
???????? ///帳號
???????? ///密碼
???????? ///
???????? public static DirectoryEntry CreateNewUser(string commonName,string snName, string sAMAccountName,
?????????????? string password,
?????????????? string description,string physicalDeliveryOfficeName,
???????????? string telephoneNumber, string department,string title,
??????????? string company, string wWWHomePage)
???????? {
???????????? return CreateNewUser("OU=設備MAC認證", commonName,snName, sAMAccountName, password,
?????????????????? description,physicalDeliveryOfficeName,
???????????? telephoneNumber, department,title,
???????????? company, wWWHomePage);
???????? }
?
???????? ///
???????? ///判斷指定公共名稱的用戶是否存在
???????? ///
???????? ///用戶公共名稱
???????? ///如果存在，返回 true；否則返回 false
???????? public static bool IsUserExists(string commonName)
???????? {
????????????? DirectoryEntry de = GetDirectoryObject();
????????????? DirectorySearcher deSearch = new DirectorySearcher(de);
????????????? deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(cn=" + commonName + "))";?????? // LDAP 查詢串
????????????? SearchResultCollection results = deSearch.FindAll();
?
????????????? if (results.Count == 0)
?????????????????? return false;
????????????? else
?????????????????? return true;
???????? }
?
???????? ///
???????? ///判斷用戶帳號是否激活
???????? ///
???????? ///用戶帳號屬性控制器
???????? ///如果用戶帳號已經(jīng)激活，返回 true；否則返回 false
???????? public static bool IsAccountActive(int userAccountControl)
???????? {
????????????? int userAccountControl_Disabled = Convert.ToInt32(ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE);
????????????? int flagExists = userAccountControl & userAccountControl_Disabled;
?
????????????? if (flagExists > 0)
?????????????????? return false;
????????????? else
?????????????????? return true;
???????? }
?
???????? ///
???????? ///判斷用戶與密碼是否足夠以滿足身份驗證進而登錄
???????? ///
???????? ///用戶公共名稱
???????? ///密碼
???????? ///如能可正常登錄，則返回 true；否則返回 false
???????? public static LoginResult Login(string commonName, string password)
???????? {
????????????? DirectoryEntry de = GetDirectoryEntry(commonName);
?
????????????? if (de != null)
????????????? {
?????????????????? // 必須在判斷用戶密碼正確前，對帳號激活屬性進行判斷；否則將出現(xiàn)異常。
?????????????????? int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]);
?????????????????? de.Close();
?
?????????????????? if (!IsAccountActive(userAccountControl))
?????????????????????? return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;
?
?????????????????? if (GetDirectoryEntry(commonName, password) != null)
?????????????????????? return LoginResult.LOGIN_USER_OK;
?????????????????? else
?????????????????????? return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;
????????????? }
????????????? else
????????????? {
?????????????????? return LoginResult.LOGIN_USER_DOESNT_EXIST;
????????????? }
???????? }
?
???????? ///
???????? ///判斷用戶帳號與密碼是否足夠以滿足身份驗證進而登錄
???????? ///
???????? ///用戶帳號
???????? ///密碼
???????? ///如能可正常登錄，則返回 true；否則返回 false
???????? public static LoginResult LoginByAccount(string sAMAccountName, string password)
???????? {
????????????? DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
??????????????????
????????????? if (de != null)
????????????? {
?????????????????? // 必須在判斷用戶密碼正確前，對帳號激活屬性進行判斷；否則將出現(xiàn)異常。
?????????????????? int userAccountControl = Convert.ToInt32(de.Properties["userAccountControl"][0]);
?????????????????? de.Close();
?
?????????????????? if (!IsAccountActive(userAccountControl))
?????????????????????? return LoginResult.LOGIN_USER_ACCOUNT_INACTIVE;
?
?????????????????? if (GetDirectoryEntryByAccount(sAMAccountName, password) != null)
?????????????????????? return LoginResult.LOGIN_USER_OK;
?????????????????? else
?????????????????????? return LoginResult.LOGIN_USER_PASSWORD_INCORRECT;
????????????? }
????????????? else
????????????? {
?????????????????? return LoginResult.LOGIN_USER_DOESNT_EXIST;
????????????? }
???????? }
?
???????? ///
???????? ///設置用戶密碼，管理員可以通過它來修改指定用戶的密碼。
???????? ///
???????? ///用戶公共名稱
???????? ///用戶新密碼
???????? public static void SetPassword(string commonName, string newPassword)
???????? {
????????????? DirectoryEntry de = GetDirectoryEntry(commonName);
?????????????
????????????? // 模擬超級管理員，以達到有權限修改用戶密碼
????????????? impersonate.BeginImpersonate();
????????????? de.Invoke("SetPassword", new object[]{newPassword});
????????????? impersonate.StopImpersonate();
?
????????????? de.Close();
???????? }

???????? ///
???????? ///啟用指定公共名稱的用戶
???????? ///
???????? ///用戶公共名稱
???????? public static void EnableUser(string commonName)
???????? {
???????????? EnableUser(GetDirectoryEntry(commonName));
???????? }
???????? ///
???????? ///啟用指定 的用戶
???????? ///
???????? ///
???????? public static void EnableUser(DirectoryEntry de)
???????? {
???????????? impersonate.BeginImpersonate();
???????????? de.Properties["userAccountControl"][0] = ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD;
???????????? de.CommitChanges();
???????????? impersonate.StopImpersonate();
???????????? de.Close();
???????? }
?
???????? ///
???????? ///設置帳號密碼，管理員可以通過它來修改指定帳號的密碼。
???????? ///
???????? ///用戶帳號
???????? ///用戶新密碼
???????? public static void SetPasswordByAccount(string sAMAccountName, string newPassword)
???????? {
????????????? DirectoryEntry de = GetDirectoryEntryByAccount(sAMAccountName);
?
????????????? // 模擬超級管理員，以達到有權限修改用戶密碼
????????????? IdentityImpersonation impersonate = new IdentityImpersonation(ADUser, ADPasssWord, LDAPDomain);
????????????? impersonate.BeginImpersonate();
????????????? de.Invoke("SetPassword", new object[]{newPassword});
????????????? impersonate.StopImpersonate();
?
????????????? de.Close();
???????? }

????? ?? /// <summary>
??????? /// 修改用戶資料
??????? /// </summary>
??????? /// <param name="sAMAccountName"></param>
???????? public static void EditUser(string ldapDN, string sAMAccountName,
???????????? string snName, string description, string physicalDeliveryOfficeName,
???????????? string telephoneNumber, string department, string title
???????????? , string wWWHomePage, string company
???????????? )
???????? {
???????????? DirectoryEntry entry = GetDirectoryObject();
???????????? DirectoryEntry subEntry = entry.Children.Find(ldapDN);

???????????? DirectorySearcher deSearch = new DirectorySearcher(subEntry);
???????????? deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
???????????? deSearch.SearchScope = SearchScope.Subtree;

???????????? SearchResult result = deSearch.FindOne();
???????????? DirectoryEntry de = new DirectoryEntry(result.Path);

???????????? ADHelper.SetProperty(de, "sn", snName);
???????????? ADHelper.SetProperty(de, "description", description);
???????????? ADHelper.SetProperty(de, "physicalDeliveryOfficeName", physicalDeliveryOfficeName);
???????????? ADHelper.SetProperty(de, "telephoneNumber", telephoneNumber);
???????????? ADHelper.SetProperty(de, "department", department);
???????????? ADHelper.SetProperty(de, "title", title);
???????????? ADHelper.SetProperty(de, "company", company);
???????????? ADHelper.SetProperty(de, "wWWHomePage", wWWHomePage);

???????????? de.CommitChanges();

???????????? de.Close();????
??????????????? }

?
???????? ///
???????? ///修改用戶密碼
???????? ///
???????? ///用戶公共名稱
???????? ///舊密碼
???????? ///新密碼
???????? public static void ChangeUserPassword (string commonName, string oldPassword, string newPassword)
???????? {
????????????? // to-do: 需要解決密碼策略問題
????????????? DirectoryEntry oUser = GetDirectoryEntry(commonName);
????????????? oUser.Invoke("ChangePassword", new Object[]{oldPassword, newPassword});
????????????? oUser.Close();
???????? }
?
??????
?
????????
???????? ///
???????? ///禁用指定公共名稱的用戶
???????? ///
???????? ///用戶公共名稱
???????? public static void DisableUser(string commonName)
???????? {
????????????? DisableUser(GetDirectoryEntry(commonName));
???????? }
?
???????? ///
???????? ///禁用指定 的用戶
???????? ///
???????? ///
???????? public static void DisableUser(DirectoryEntry de)
???????? {
????????????? impersonate.BeginImpersonate();
????????????? de.Properties["userAccountControl"][0]=ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD | ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE;
????????????? de.CommitChanges();
????????????? impersonate.StopImpersonate();
????????????? de.Close();
???????? }
?
???????? ///
???????? ///將指定的用戶添加到指定的組中。默認為 Users 下的組和用戶。
???????? ///
???????? ///用戶公共名稱
???????? ///組名
???????? public static void AddUserToGroup(string userCommonName, string groupName)
????????? {
????????????? DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);
????????????? DirectoryEntry oUser = GetDirectoryEntry(userCommonName);
?????????????
????????????? impersonate.BeginImpersonate();
????????????? oGroup.Properties["member"].Add(oUser.Properties["distinguishedName"].Value);
????????????? oGroup.CommitChanges();
????????????? impersonate.StopImpersonate();
?
????????????? oGroup.Close();
????????????? oUser.Close();
???????? }
?
???????? ///
???????? ///將用戶從指定組中移除。默認為 Users 下的組和用戶。
???????? ///
???????? ///用戶公共名稱
???????? ///組名
???????? public static void RemoveUserFromGroup(string userCommonName, string groupName)
???????? {
????????????? DirectoryEntry oGroup = GetDirectoryEntryOfGroup(groupName);
????????????? DirectoryEntry oUser = GetDirectoryEntry(userCommonName);
?????????????
????????????? impersonate.BeginImpersonate();
????????????? oGroup.Properties["member"].Remove(oUser.Properties["distinguishedName"].Value);
????????????? oGroup.CommitChanges();
????????????? impersonate.StopImpersonate();
?
????????????? oGroup.Close();
????????????? oUser.Close();
???????? }
?
???? }

???
}

AD用戶操作