我正在尝试实现此处描述的IsActive方法Is Account Active,但我得到的对象引用未设置为该对象的实例。
private bool IsActive(DirectoryEntry de)
{
DirectoryEntry myEntry = GetDirectoryEntry();
if (myEntry.NativeGuid == null) return false;
int flags = (int)myEntry.Properties["userAccountControl"].Value;
if (!Convert.ToBoolean(flags & 0x0002)) return true; else return false;
return false;
}
private void SubmitData()
{
System.Guid guid = Guid.NewGuid();
logInfo.IPaddress = IPAddress;
if (!String.IsNullOrEmpty(txtUser.Text))
{
string username = txtUser.Text.ToString();
if (IsActive(de) != false)
{
if (DateTime.Now.Subtract(passwordLastSet).TotalHours > 1)
{
lblPasswordLastSet.Text = passwordLastSet.ToString();
lblStatus.Text = "all is good";
}
else
{
lblStatus.Text = "oops, you reset your password less than 24 hours ago!";
lblPasswordLastSet.Text = passwordLastSet.ToString();
}
}
else
{
lblStatus.Text = "your account is not active";
}
}
}
答案 0 :(得分:1)
如果您使用的是.NET 3.5及更高版本,则应查看System.DirectoryServices.AccountManagement(S.DS.AM)命名空间。在这里阅读所有相关内容:
Managing Directory Security Principals in the .NET Framework 3.5
基本上,您可以定义域上下文并轻松在AD中查找用户和/或组:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find user by name
UserPrincipal user = UserPrincipal.FindByIdentity("John Doe");
if(user != null)
{
// check if account is locked out
if(user.IsAccountLockedOut)
{
// do something if locked out....
}
}
新的S.DS.AM使得在AD中使用用户和群组变得非常容易: