C#使用DirectoryEntry类操作Windows帐户

1.创建windows帐户

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

/// <summary> /// 创建Windows帐户 /// </summary> /// <param name="pathname"></param> /// <returns></returns> public static void CreateLocalUser(string username, string password, string description) {     DirectoryEntry localMachine = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");     var newUser = localMachine.Children.Add(username, "user");     newUser.Invoke("SetPassword", new object[] { password });     newUser.Invoke("Put", new object[] { "Description", description });     newUser.CommitChanges();     localMachine.Close();     newUser.Close(); }

2.更改Windows帐户密码

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

/// <summary> /// 更改Windows帐户密码 /// </summary> /// <param name="username"></param> /// <param name="oldPwd"></param> /// <param name="newPwd"></param> public static void ChangeWinUserPasswd(string username, string oldPwd, string newPwd) {     DirectoryEntry localMachine = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer");     DirectoryEntry user = localMachine.Children.Find(username, "user");     object[] password = new object[] { oldPwd, newPwd };     object ret = user.Invoke("ChangePassword", password);     user.CommitChanges();     localMachine.Close();     user.Close(); }

3.判断Windows用户是否存在

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

/// <summary> /// 判断Windows用户是否存在 /// </summary> /// <param name="username"></param> /// <returns></returns> public static bool ExistWinUser(string username) {     try     {         using (DirectoryEntry localMachine = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer"))         {             var user = localMachine.Children.Find(username, "user");             return user != null;         }     }     catch     {         return false;     } }

4.删除Windows用户

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

/// <summary> /// 删除Windows用户 /// </summary> /// <param name="username"></param> /// <returns></returns> public static bool DeleteWinUser(string username) {     try     {         using (DirectoryEntry localMachine = new DirectoryEntry("WinNT://" + Environment.MachineName + ",computer"))         {             //删除存在用户             var delUser = localMachine.Children.Find(username, "user");             if (delUser != null)             {                 localMachine.Children.Remove(delUser);             }         }         return true;     }     catch     {         return false;     } }

5.启用/禁用windows帐户

1 2 3 4 5 6 7 8 9 10 11 12

/// <summary> /// 启用/禁用windows帐户 /// </summary> /// <param name="username"></param> public static void Disable(string username, bool isDisable) {     var userDn = "WinNT://" + Environment.MachineName + "/" + username + ",user";     DirectoryEntry user = new DirectoryEntry(userDn);     user.InvokeSet("AccountDisabled", isDisable);     user.CommitChanges();     user.Close(); }

　　操作windows帐户的方法的诀窍在于通过DirectoryEntry 实例调用Invoke，InvokeGet,InvokeSet这三个方法。此三个方法可以对对本机 Active Directory 对象调用方法。操作win帐户的Active Directory 对象就是IADsUser接口。DirectoryEntry 实例通过调用Invoke方法调用IADsUser接口的方法，如上面修改Windows帐户密码就是通过调用IADsUser接口的“ChangePassword”方法；通过InvokeGet和InvokeSet方法调用IADsUser接口的属性，如上面的启用/禁用windows帐户，调用IADsUser接口的“AccountDisabled”属性。IADsUser接口具体有什么方法和属性可参考：http://msdn.microsoft.com/zh-cn/library/aa746340(v=VS.85).aspx