费好好几个小时,才把这个功能调通。关键一点就是新建用户后,先提交。然后再启用帐号,再提交。
代码如下:
/// <summary>
/// 创建AD帐号,并且启用帐号
/// </summary>
/// <param name="orgLDAPPath"></param>
/// <param name="chsName"></param>
public static void CreateADUserSample(string orgLDAPPath, string chsName)
{
using (DirectoryEntry entry = ADHelper.GetDirectoryObject(orgLDAPPath))
{
DirectoryEntry deUser = entry.Children.Add("CN=" + chsName, "user");
deUser.Properties["sAMAccountName"].Value = "testUser001";
//string DoMain = GetDoMainNameByLDAPPath(entry.Path);
deUser.Properties["userPrincipalName"].Value = "testUser001@edsdev.com";
deUser.Properties["displayName"].Value = chsName;
deUser.Properties["sn"].Value = chsName;
deUser.Properties["givenName"].Value = chsName;
deUser.CommitChanges();
int val = (int)deUser.Properties["userAccountControl"].Value;
int val2 = ~(int)ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE;
deUser.Properties["userAccountControl"].Value = val & val2;
deUser.CommitChanges();
}
}
/// 创建AD帐号,并且启用帐号
/// </summary>
/// <param name="orgLDAPPath"></param>
/// <param name="chsName"></param>
public static void CreateADUserSample(string orgLDAPPath, string chsName)
{
using (DirectoryEntry entry = ADHelper.GetDirectoryObject(orgLDAPPath))
{
DirectoryEntry deUser = entry.Children.Add("CN=" + chsName, "user");
deUser.Properties["sAMAccountName"].Value = "testUser001";
//string DoMain = GetDoMainNameByLDAPPath(entry.Path);
deUser.Properties["userPrincipalName"].Value = "testUser001@edsdev.com";
deUser.Properties["displayName"].Value = chsName;
deUser.Properties["sn"].Value = chsName;
deUser.Properties["givenName"].Value = chsName;
deUser.CommitChanges();
int val = (int)deUser.Properties["userAccountControl"].Value;
int val2 = ~(int)ADHelper.ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE;
deUser.Properties["userAccountControl"].Value = val & val2;
deUser.CommitChanges();
}
}