本文介绍了C#Active Directory:将用户添加到另一个域中的组的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我创建了一个Windows Form应用程序,以在domain1中创建一个活动目录用户帐户,目的是将其添加到domain2内的组中.这是我使用的代码:

I created a Windows Form application to create an active directory user account in domain1 and aims to add it to the groups which are inside domain2. Here is the code I used:

PrincipalContext pc1 = new PrincipalContext(ContextType.Domain, "domain1.company.com", "DC=domain1,DC=company,DC=com", ContextOptions.Negotiate);
UserPrincipal up = new UserPrincipal(pc1, "username", "password", true);
up.Save();

PrincipalContext pc2 = new PrincipalContext(ContextType.Domain, "domain2.company.com", "DC=domain2,DC=company,DC=com", ContextOptions.Negotiate);
GroupPrincipal gp = GroupPrincipal.FindByIdentity(pc2, "groupname");
gp.Members.Add(up);
gp.Save();

当我在Visual Studio中调试它时,可以将新创建​​的用户成功添加到组中.但是,在我发布并再次运行它之后,它返回错误服务器上没有这样的对象".

When I debug it in Visual Studio, the newly created user can be added to the group successfully. However, After I published and run it again, it returns error "There is no such object on the server".

有人知道如何解决这个问题吗?

Anyone know how to solve this?

谢谢.

推荐答案

我在相同的要求上工作,并非完全如此,我们需要处理新创建的用户.

I worked on the same requirement, not so exactly, and we were required to process newly created user.

所以,我尝试了两种解决方案-

使线程休眠数毫秒,例如-

Make thread to sleep for few milliseconds such as-

PrincipalContext pc1 = new PrincipalContext(ContextType.Domain, "domain1.company.com", "DC=domain1,DC=company,DC=com", ContextOptions.Negotiate);
UserPrincipal up = new UserPrincipal(pc1, "username", "password", true);
up.Save();

Thread.Sleep (500);

PrincipalContext pc2 = new PrincipalContext(ContextType.Domain, "domain2.company.com", "DC=domain2,DC=company,DC=com", ContextOptions.Negotiate);
GroupPrincipal gp = GroupPrincipal.FindByIdentity(pc2, "groupname");
gp.Members.Add(up);
gp.Save();

通过这种方式,AD可以同步整个域和域控制器中的用户详细信息.然后在下一步中找到用户.

This way, the AD is able to sync the user details in the entire domain and domain controller. And the user is found in next steps.

默认情况下,出于性能原因, DirectoryEntry 对象将有关用户的信息保存在缓存中.它不会自动反映更改.

By default, the DirectoryEntry object holds information about a user in the cache for performance reason. It doesn't reflect changes automatically.

因此,我们需要通过以下方式刷新相关的缓存:

So, we need to refresh the related cache by-

PrincipalContext pc1 = new PrincipalContext(ContextType.Domain, "domain1.company.com", "DC=domain1,DC=company,DC=com", ContextOptions.Negotiate);
UserPrincipal up = new UserPrincipal(pc1, "username", "password", true);
up.Save();

 // Refresh cache so that we get updated user object
 var de = (DirectoryEntry)up.GetUnderlyingObject();
 de.RefreshCache();

PrincipalContext pc2 = new PrincipalContext(ContextType.Domain, "domain2.company.com", "DC=domain2,DC=company,DC=com", ContextOptions.Negotiate);
GroupPrincipal gp = GroupPrincipal.FindByIdentity(pc2, "groupname");
gp.Members.Add(up);
gp.Save();

我建议使用解决方案2,如果它能正常工作的话.

这篇关于C#Active Directory:将用户添加到另一个域中的组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-24 06:01