LDAP修改ad用户账户选项,这里只提供了两种常用的,更多的请参考专栏,帮助类中的枚举。
#region 修改用户选项
/// <summary>
/// 修改用户选项
/// </summary>
/// <param name="UserName">用户名称</param>
/// <param name="NextLogonChangePsw">下次登陆时需修改密码 true是 false否,不做修改时参数为空</param>
/// <param name="NeverExpires">密码永不过期 true是 false否,不做修改时参数为空</param>
/// <returns></returns>
public async Task<JsonView> UpdateAccountOptions(string UserName, string NextLogonChangePsw, string NeverExpires)
{
var result = new JsonView();
DirectoryEntry UserDE;
using (DirectoryEntry entry = operateADHelper.IsConnected())
{
try
{
var UserPath = GetEntryPath(UserName, "user");//取用户路径
UserDE = entry.Children.Find(UserPath, "User");//获取用户对象
int UserAccountControl = (int)UserDE.Properties["userAccountControl"].Value;//获取该属性值
if (NextLogonChangePsw == "true")
{
UserDE.Properties["pwdLastSet"].Value = 0;//下次登录需修改密码
}
if (NextLogonChangePsw == "false")
{
UserDE.Properties["pwdLastSet"].Value = -1;//取消下次登录需修改密码
}
if (NeverExpires == "true")
{
UserDE.Properties["userAccountControl"].Value = UserAccountControl + (int)ADUserEnum.ADS_UF_DONT_EXPIRE_PASSWD;//密码永不过期
}
if (NeverExpires == "false")
{
var Len = UserDE.Properties["userAccountControl"].Value;
if ((int)Len > (int)ADUserEnum.ADS_UF_DONT_EXPIRE_PASSWD)//值比65536大说明勾选了密码永不过期,才能取消
{
UserDE.Properties["userAccountControl"].Value = UserAccountControl - (int)ADUserEnum.ADS_UF_DONT_EXPIRE_PASSWD;//取消密码永不过期
}
}
UserDE.CommitChanges();
result.Code = 0;
result.Msg = "操作成功";
return result;
}
catch (DirectoryServicesCOMException ex)
{
result.Code = 1;
result.Msg = "操作失败" + ex.Message.ToString();
return result;
}
}
}
#endregion