使用ActiveDirectory设置目录共享及目录的用户权限
自己工作中经常用到的一些方法。自己创建了2个帮组类,主要用于使用程序创建、删除共享目录,并且为目录创建用户权限。/*****************************************************************
*
*系统名称: 基础工具类
*
*程序名称: WinNT本地用户及用户组操作控制。
*程序说明: 利用活动目录控制用户及用户组的创建/修改/删除等操作。
*
*
*
*****************************************************************/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.DirectoryServices;
using System.Collections;
namespace Unionnet.Core
{
/// <summary>
/// 用于检索、创建、修改、控制本地计算机用户及用户组。
/// </summary>
public class UserAccountController
{
#region 账户控制标志
private const int SCRIPT = 0x0001;
private const int ACCOUNTDISABLE = 0x0002;
private const int HOMEDIR_REQUIRED = 0x0008;
private const int LOCKOUT = 0x0010;
private const int PASSWD_NOTREQD = 0x0020;
private const int PASSWD_CANT_CHANGE = 0x0040;
private const int ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080;
private const int TEMP_DUPLICATE_ACCOUNT = 0x0100;
private const int NORMAL_ACCOUNT = 0x0200;
private const int INTERDOMAIN_TRUST_ACCOUNT = 0x0800;
private const int WORKSTATION_TRUST_ACCOUNT = 0x1000;
private const int SERVER_TRUST_ACCOUNT = 0x2000;
private const int DONT_EXPIRE_PASSWORD = 0x10000;
private const int MNS_LOGON_ACCOUNT = 0x20000;
private const int SMARTCARD_REQUIRED = 0x40000;
private const int TRUSTED_FOR_DELEGATION = 0x80000;
private const int NOT_DELEGATED = 0x100000;
private const int USE_DES_KEY_ONLY = 0x200000;
private const int DONT_REQ_PREAUTH = 0x400000;
private const int PASSWORD_EXPIRED = 0x800000;
private const int TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000;
#endregion
/// <summary>
/// 创建本地用户
/// </summary>
/// <param name="userName">用户名</param>
/// <param name="userPassword">用户密码</param>
/// <param name="msg">返回消息</param>
/// <returns>成功与否</returns>
public static bool CreateLocalUserAccount(string userName, string userPassword, out string error)
{
bool bRet = false;
error = "";
DirectoryEntry oLocalMachine = null;
DirectoryEntry oNewUser = null;
try
{
oLocalMachine = new DirectoryEntry("WinNT://" + Environment.MachineName);
oNewUser = oLocalMachine.Children.Find(userName, "user");
}
catch { }
try
{
if (oNewUser == null)
{
oNewUser = oLocalMachine.Children.Add(userName, "user");
oNewUser.CommitChanges();
error = oNewUser.Guid.ToString();
oNewUser.Invoke("SetPassword", new object[] { userPassword });
oNewUser.CommitChanges();
oNewUser.Invoke("Put", "UserFlags", DONT_EXPIRE_PASSWORD);
oNewUser.CommitChanges();
oLocalMachine.Close();
oNewUser.Close();
bRet = true;
}
else
{
bRet = true;
error = string.Format("用户[{0}]已存在,无法重复创建改该用户!", userName);
}
}
catch (Exception ex)
{
error = ex.Message;
}
finally
{
if (oLocalMachine != null)
{
oLocalMachine.Close();
oLocalMachine.Dispose();
oLocalMachine = null;
}
if (oNewUser != null)
{
oNewUser.Close();
oNewUser.Dispose();
oNewUser = null;
}
}
return bRet;
}
/// <summary>
/// 删除本地用户
/// </summary>
/// <param name="userName">用户名</param>
/// <returns>成功与否</returns>
public static bool DeleteLocalUserAccount(string userName, out string error)
{
bool bRet = true;
error = "";
DirectoryEntry oLocalMachine = null;
DirectoryEntry oNewUser = null;
try
{
oLocalMachine = new DirectoryEntry("WinNT://" + Environment.MachineName);
oNewUser = oLocalMachine.Children.Find(userName, "user");
}
catch { }
try
{
if (oNewUser != null)
{
oLocalMachine.Children.Remove(oNewUser);
oLocalMachine.Close();
}
}
catch (Exception ex)
{
error = ex.Message;
bRet = false;
}
finally
{
if (oLocalMachine != null)
{
oLocalMachine.Close();
oLocalMachine.Dispose();
oLocalMachine = null;
}
if (oNewUser != null)
{
oNewUser.Close();
oNewUser.Dispose();
oNewUser = null;
}
}
return bRet;
}
/// <summary>
/// 修改用户密码
/// </summary>
/// <param name="userName">用户名</param>
/// <returns>成功与否</returns>
public static bool ChangePassword(string userName, string userPassword, out string error)
{
bool bRet = true;
error = "";
DirectoryEntry oLocalMachine = null;
DirectoryEntry oNewUser = null;
try
{
oLocalMachine = new DirectoryEntry("WinNT://" + Environment.MachineName);
oNewUser = oLocalMachine.Children.Find(userName, "user");
}
catch { }
try
{
if (oNewUser != null)
{
oNewUser.Invoke("SetPassword", new object[] { userPassword });
oNewUser.CommitChanges();
}
else
{
error = string.Format("用户[{0}]不存在,无法修改密码!", userName);
bRet = false;
}
}
catch (Exception ex)
{
error = ex.Message;
bRet = false;
}
finally
{
if (oLocalMachine != null)
{
oLocalMachine.Close();
oLocalMachine.Dispose();
oLocalMachine = null;
}
if (oNewUser != null)
{
oNewUser.Close();
oNewUser.Dispose();
oNewUser = null;
}
}
return bRet;
}
/// <summary>
/// 检查用户是否存在
/// </summary>
/// <param name="user"></param>
/// <param name="returnMsg"></param>
/// <returns></returns>
public static bool IsUserExists(string userName)
{
bool bRet = false;
DirectoryEntry oLocalMachine = null;
DirectoryEntry oNewUser = null;
try
{
oLocalMachine = new DirectoryEntry("WinNT://" + Environment.MachineName);
oNewUser = oLocalMachine.Children.Find(userName, "user");
if (oNewUser != null)
{
bRet = true;
}
}
catch
{
bRet = false;
}
return bRet;
}
/// <summary>
/// 获取本地所有用户
/// </summary>
/// <returns></returns>
public static List<string> GetLocalUserAccount(out string error)
{
List<string> oRet = new List<string>();
DirectoryEntry oLocalMachine = null;
DirectoryEntry oEntry = null;
try
{
error = null;
oLocalMachine = new DirectoryEntry("WinNT://" + Environment.MachineName);
IEnumerator oUserEnum = oLocalMachine.Children.GetEnumerator();
while (oUserEnum.MoveNext())
{
oEntry = oUserEnum.Current as DirectoryEntry;
if (oEntry != null)
{
if (oEntry.SchemaClassName.Equals("user", StringComparison.OrdinalIgnoreCase))
{
oRet.Add(oEntry.Name);
}
oEntry.Close();
oEntry.Dispose();
}
}
}
catch (Exception ex)
{
error = ex.Message;
}
finally
{
if (oLocalMachine != null)
{
oLocalMachine.Close();
oLocalMachine.Dispose();
oLocalMachine = null;
}
}
return oRet;
}
/// <summary>
/// 向用户组添加用户
/// </summary>
/// <param name="userName">用户名</param>
/// <param name="groupName">用户组名</param>
/// <param name="error">返回的错误消息</param>
/// <returns></returns>
public static bool AddUserToGroup(string userName, string groupName, out string error)
{
bool bRet = false;
error = "";
DirectoryEntry oLocalMachine = null;
DirectoryEntry oGroup = null;
DirectoryEntry oNewUser = null;
try
{
oLocalMachine = new DirectoryEntry("WinNT://" + Environment.MachineName);
oGroup = oLocalMachine.Children.Find(groupName, "group");
oNewUser = oLocalMachine.Children.Find(userName, "user");
}
catch
{ }
try
{
if (oGroup != null)
{
if (oNewUser != null)
{
if (!IsUserInGroups(oNewUser, groupName))
{
oGroup.Invoke("Add", new object[] { oNewUser.Path });
oGroup.CommitChanges();
bRet = true;
}
else
{
oGroup.Invoke("Remove", new object[] { oNewUser.Path });
oGroup.CommitChanges();
bRet = true;
}
}
else
{
error = string.Format("没有找到用户[{0}]", userName);
}
}
else
{
error = string.Format("没有找到用户组[{0}]", groupName);
}
}
catch (Exception ex)
{
error = string.Format("往用户组[{0}]增加用户[{1}]时发生异常:\r\n{2}", groupName, userName, ex.Message);
}
finally
{
if (oLocalMachine != null)
{
oLocalMachine.Close();
oLocalMachine.Dispose();
oLocalMachine = null;
}
if (oGroup != null)
{
oGroup.Close();
oGroup.Dispose();
oGroup = null;
}
if (oNewUser != null)
{
oNewUser.Close();
oNewUser.Dispose();
oNewUser = null;
}
}
return bRet;
}
/// <summary>
/// 从用户组删除用户
/// </summary>
/// <param name="userName">用户名</param>
/// <param name="groupName">用户组名</param>
/// <param name="error">返回的错误消息</param>
/// <returns></returns>
public static bool RemoveUserFromGroup(string userName, string groupName, out string error)
{
bool bRet = false;
error = "";
DirectoryEntry oLocalMachine = null;
DirectoryEntry oGroup = null;
DirectoryEntry oNewUser = null;
try
{
oLocalMachine = new DirectoryEntry("WinNT://" + Environment.MachineName);
oGroup = oLocalMachine.Children.Find(groupName, "group");
oNewUser = oLocalMachine.Children.Find(userName, "user");
}
catch
{ }
try
{
if (oGroup != null)
{
if (oNewUser != null)
{
if (IsUserInGroups(oNewUser, groupName))
{
oGroup.Invoke("Remove", new object[] { oNewUser.Path });
oGroup.CommitChanges();
}
bRet = true;
}
else
{
error = string.Format("没有找到用户[{0}]", userName);
}
}
else
{
error = string.Format("没有找到用户组[{0}]", groupName);
}
}
catch (Exception ex)
{
error = string.Format("从用户组[{0}]删除用户[{1}]时发生异常:\r\n{2}", groupName, userName, ex.Message);
}
finally
{
if (oLocalMachine != null)
{
oLocalMachine.Close();
oLocalMachine.Dispose();
oLocalMachine = null;
}
if (oGroup != null)
{
oGroup.Close();
oGroup.Dispose();
oGroup = null;
}
if (oNewUser != null)
{
oNewUser.Close();
oNewUser.Dispose();
oNewUser = null;
}
}
return bRet;
}
/// <summary>
/// 判断用户是否已在用户组中
/// </summary>
/// <param name="userObj"></param>
/// <param name="groupName"></param>
/// <returns></returns>
private static bool IsUserInGroups(DirectoryEntry userObj, string groupName)
{
bool bRet = false;
if (userObj != null)
{
object oGroups = userObj.Invoke("groups", null);
DirectoryEntry oGroup = null;
try
{
foreach (object group in (IEnumerable)oGroups)
{
oGroup = new DirectoryEntry(group);
if (oGroup.Name.Equals(groupName, StringComparison.OrdinalIgnoreCase))
{
bRet = true;
break;
}
}
}
catch { }
}
return bRet;
}
}
}
页:
[1]