1. 首頁
  2. 問答
  3. Active Directory LDAP - 鎖定用戶帳戶

Active Directory LDAP - 鎖定用戶帳戶

2010-05-19 270 views
0

使用System.DirectoryServices.AccountManagement鎖定Active Directory用戶對象的最佳方式是什麼?我可以確定一個帳戶是否被鎖定使用..Active Directory LDAP - 鎖定用戶帳戶

UserPrincipal principal = new UserPrincipal(context); 
bool locked = principal.IsAccountLockedOut();

如何鎖定帳戶?有沒有辦法做這樣的事情的替代...

UserPrincipal principal = new UserPrincipal(context); 
DirectoryEntry entry = (DirectoryEntry)principal.GetUnderlyingObject(); 

int val = (int)entry.Properties["userAccountControl"].Value; 

entry.Properties["userAccountControl"].Value = val | 0x0010; 
entry.CommitChanges();

來源

2010-05-19 Germ

回答

3

鎖定屬性爲只讀顧名思義,這裏是爲什麼:

此屬性會是這樣的定義:「自動鎖定用戶帳戶,當無效的密碼提供了幾次「(多少次?我猜這是設置在GPO)

給開發人員一種方法來改變這個屬性將衝突與上述定義...所以你不應該設置這個值,我認爲AD安全機制會阻止你這樣做。

但是,您可以啓用\禁用我認爲更接近您想要的用戶。

希望這會有所幫助。

來源

2010-06-22 20:05:10 Joshua

0

CodeProject's Everything AD article has some sample code on unlocking an account。我不確定這是否會給您所尋找的財產。

public void Unlock(string userDn) 
{ 
    try 
    { 
     DirectoryEntry uEntry = new DirectoryEntry(userDn); 
     uEntry.Properties["LockOutTime"].Value = 0; //unlock account 

     uEntry.CommitChanges(); //may not be needed but adding it anyways 

     uEntry.Close(); 
    } 
    catch (System.DirectoryServices.DirectoryServicesCOMException E) 
    { 
     //DoSomethingWith --> E.Message.ToString(); 

    } 
}

來源

2010-06-22 20:09:22

1

此代碼將工作於公元鎖定用戶

 

     /// 
     /// Locks a user account 
     /// 
     /// The name of the user whose account you want to unlock 
     /// 
     /// This actually trys to log the user in with a wrong password. 
     /// This in turn will lock the user out 
     /// 
     public void LockAccount(string userName) 
     { 
      DirectoryEntry user = GetUser(userName); 
      string path = user.Path; 
      string badPassword = "SomeBadPassword"; 
      int maxLoginAttempts = 10; 

      for (int i = 0; i < maxLoginAttempts; i++) 
      { 
       try 
       { 
        new DirectoryEntry(path, userName, badPassword).RefreshCache(); 
       } 
       catch (Exception e) 
       { 

       } 
      } 
      user.Close(); 
     }

來源

2011-10-28 14:53:23 user489041

0

一個很好的例子,我們可以在這裏用戶鎖定狀態就是我的回答

entryPC是DirectoryEntry的對象,在這裏我們通過活動目錄的入口路徑

public bool IsLocked(DirectoryEntry entryPC) 
    { 
     if (entryPC.NativeGuid == null) 
     { 
      return false; 
     } 

     int flags = (int)entryPC.Properties["UserFlags"].Value; 
     bool check = Convert.ToBoolean(flags & 0x0010); 
     if (Convert.ToBoolean(flags & 0x0010)) 
     { 
      return true; 
     } 
     else 
     { 
      return false; 
     } 
    }

來源

2013-05-02 11:44:59

相關問題

 相關問題