创建用户在Active Directory中使用C#的错误错误、用户、Active、Directory

由网友(吻&痕)分享简介:我想在我的域中的特定OU中创建一个用户。这是我得到了I am trying to create a user in a specific OU in my domain. Here's what I gotpublic static string ldapPath = "LDAP://OU=Domain Users...


I am trying to create a user in a specific OU in my domain. Here's what I got

public static string ldapPath = "LDAP://OU=Domain Users,DC=contoso,DC=com";
public static string CreateUserAccount(string userName, string userPassword)
    DirectoryEntry ldapConnection = new DirectoryEntry("contoso.com");
    ldapConnection.Path = ldapPath;

    DirectoryEntry user = ldapConnection.Children.Add("CN=" + userName, "user");

    return user.Guid.ToString();

如果我删除OU =域用户,它的工作原理,我收到一个GUID。不过,我需要这些帐户在我的OU。我复制从OU本身AD用户和计算机的ldapPath。我知道这是正确的。

If I remove the OU=Domain Users, it works, and I receive a Guid. However I need these accounts in my OU. I copied the ldapPath from the OU itself in AD Users and Computers. I know it's correct.


System.Runtime.InteropServices.COMException (0x80005009): The specified directory object is not bound to a remote resource

   at System.DirectoryServices.DirectoryEntry.RefreshCache()
   at System.DirectoryServices.DirectoryEntry.FillCache(String propertyName)
   at System.DirectoryServices.DirectoryEntry.get_NativeGuid()
   at System.DirectoryServices.DirectoryEntry.get_Guid()
   at ADINtegrationTest.ActiveDirectory.CreateUserAccount(String userName, String userPassword) in D:_dataADINtegrationTestADINtegrationTestActiveDirectoryUtils.cs:line 21
   at ADINtegrationTest.Form1.Form1_Load(Object sender, EventArgs e) in D:_dataADINtegrationTestADINtegrationTestForm1.cs:line 32


I'm running this on a member Win2k8 server to the domain, logged in as domain administrator. I will eventually need to create it in an OU under another OU, but lets start with this one.

感谢您的帮助! 大卫


如果你在.NET 3.5及以上,你应该看看 System.DirectoryServices.AccountManagement (S.DS.AM)命名空间。阅读所有关于它的:

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

在管理目录安全主体在.NET Framework 3.5 MSDN文档 Managing Directory Security Principals in the .NET Framework 3.5 MSDN docs on System.DirectoryServices.AccountManagement


Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// create a user principal object
UserPrincipal user = new UserPrincipal(ctx, "User1Acct", "pass@1w0rd01", true);

// assign some properties to the user principal
user.GivenName = "User";
user.Surname = "One";

// force the user to change password at next logon

// save the user to the directory


The new S.DS.AM makes it really easy to play around with users and groups in AD!


