1.获取DirectoryEntry
string str = string.Empty;
string strPath = @LDAP://testDomain.com.mo;string ad = "testAD";System.DirectoryServices.DirectorySearcher sea = new System.DirectoryServices.DirectorySearcher(strPath); sea.Filter = "(&(objectCategory=user)(sAMAccountName=" + ad + "))"; System.DirectoryServices.SearchResult res = sea.FindOne(); System.DirectoryServices.DirectoryEntry d = new System.DirectoryServices.DirectoryEntry(); d.Path = res.Path; foreach (string p in d.Properties.PropertyNames) { str += string.Format("{0}:{1} ",p , d.Properties[p].Value.ToString()); } 2.基本信息name,givenName.distinguishedName,displayName,mailNickname http://tech.ddvip.com/2013-01/1358156532188866.html 3.定位信息 sAMAccountName:ad sAMAccountType:805306368 all user objects "(sAMAccountType=805306368)" "(&(objectCategory=person)(objectClass=user)(cn=Joe*))" "(&(objectCategory=group)(|(cn=Test*)(cn=Admin*)))" ADO Search Tips http://www.rlmueller.net/ADOSearchTips.htm4.权限码userAccountControl启用512,禁用514,密码永不过期66048 enable:d.Properties["userAccountControl"].Value = 512 & ~0x2;user.CommitChanges();disable: d.Properties["userAccountControl"].Value = 512 | 0x2;
unlock:d.Properties["LockOutTime"].Value = 0; reset password: d.Invoke("SetPassword", new object[] { password }); d.Properties["LockOutTime"].Value = 0; d.Properties["pwdLastSet"].Value = 0;pwdLastSetbadPwdCount 用户尝试错误密码的次数
badPasswordTime 用户最后一次尝试错误密码的时间
lastLogon 用户最后登陆时间
accountExpires 帐户到期日期
Constant Hexadecimal value Decimal value
ADS_UF_NORMAL_ACCOUNT 0x200 512
ADS_UF_ACCOUNTDISABLE 0x0002 2
ADS_PASSWD_NOTREQD 0x0020 3
PASSWORD_EXPIRED 512 | 0x800000
http://blog.sina.com.cn/s/blog_6d6712230100ls0v.html
5.adsiedit.msc
http://www.cnblogs.com/dragonwlb/archive/2012/08/06/2625474.html