尝试创建新的 Active Directory 用户时,Invoke(“Set

时间:2023-02-18
本文介绍了尝试创建新的 Active Directory 用户时,Invoke(“SetPassword",pwd) 抛出“RPC 服务器不可用"的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用 .NET System.DirectoryServices 命名空间在我的开发活动目录服务器上创建一个新用户.

I'm trying to create a new user on my development active directory server using .NET System.DirectoryServices namespace.

我尝试使用以下代码:

DirectoryEntry dirEntry = new DirectoryEntry(path, "TESTDOM\Administrator", "2109password", AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);

object o = dirEntry.NativeObject;
DirectoryEntry newUser = dirEntry.Children.Add("CN=NewUser4", "user");
newUser.Properties["samAccountName"].Value = "NewUser4";
newUser.Properties["Description"].Add("User Description");

newUser.Invoke("SetPassword",  new object[] {"2109password"} );
newUser.CommitChanges();

我也尝试使用

newUser.CommitChanges();

在我调用 Invoke 设置密码之前.我总是得到一个 TargetInvocationException 包装:

before I call the Invoke to set the password. I always get a TargetInvocationException wrapping:

InnerException {"The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)"} System.Exception {System.Runtime.InteropServices.COMException}

只有在我调用时才会抛出异常

The exception is always only thrown when I call

newUser.Invoke("SetPassword",  new object[] {"2109password"} );

如果我在尝试使用 SetPassword 调用 Invoke 之前调用 newUser.CommitChanges(),则会在域上创建新用户.然后我可以手动转到 AD 机器并设置相同的密码,没有问题(因此密码字符串违反规则不是问题).我注意到网上有很多关于这个的帖子,但没有找到解决方案.

If I call newUser.CommitChanges() before I try to call Invoke with SetPassword, the new user is created on the domain. I can then go manually to the AD machine and set the same password with no problems (so it's not a problem with the password string being against the rules). I've notice many post online about this but found no solution.

我认为这可能与运行代码的机器不是域中的成员这一事实有关.尽管用户 TESTDOMAdministrator 是 TESTDOM 域上的管理员、域管理员、架构管理员和企业管理员组的成员.

I think it might have something to do with the fact that the machine running the code is not a member in the domain. Although the user TESTDOMAdministrator is a member of the: administrators, domain admins, schema admin and enterprise admins groups on the TESTDOM domain.

请注意,我无法使用 System.DirectoryServices.AccountManagement 命名空间,因为我正在使用 .NET 2关于我能做些什么来解决这个问题的任何想法?我绝望了

Notice that I can't use System.DirectoryServices.AccountManagement namespace as I'm working with .NET 2 Any ideas on what can I do to solve this? I am desperate

推荐答案

好的,我搞定了:

 dirEntry = new DirectoryEntry(ldapPath, domainAdminUser, domainAdminPassword);
    dirEntry.Invoke("SetPassword", new object[] { newPassword });
    dirEntry.Properties["LockOutTime"].Value = 0; //unlock account

ldapPath 应该包含我们尝试更改的用户的完整 DN,因此它应该类似于:

ldapPath should include the full DN of the user we're trying to change , so it should look something like:

string ldapPath = "LDAP://ad.domain.com:389/CN=username,OU=Users,DC=ad,DC=domain,DC=com"

这篇关于尝试创建新的 Active Directory 用户时,Invoke(“SetPassword",pwd) 抛出“RPC 服务器不可用"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!

上一篇:使用 ASP.NET 应用程序检测登录计算机的用户 下一篇:当组(或子组,如果递归)包含 ForeignSecurityPrincip

相关文章

最新文章