2013-10-16 57 views
0

我有以下一段代碼,其中我試圖檢查一個組是否已經存在於活動目錄中。如果不存在,則繼續&創建組。但是我的小組檢查功能工作不正常。檢查是組已存在於Active Directory中

您能否提出一些建議。

下面是檢查組是否已經存在的代碼部分。

using (var domainContext = new PrincipalContext(ContextType.Domain, "xyz")) 
{ 
    var foundGrp = GroupPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, obj); 
    bool UserExists = (foundGrp != null); 

    if (!UserExists) 
    { 
     //DirectoryEntry group = entry.Children.Add("CN=" + obj, "group"); 
     group.CommitChanges(); 

     Console.WriteLine("AD Group " + obj + " has been created"); 
     Console.WriteLine("====================================="); 
    } 
} 

這是我的整個代碼。我只是嘗試了幾個功能。從長遠來看,我會將我的代碼模塊化爲不同的功能。謝謝。

 static void Main(string[] args) 
     { 
      try 
      { 
       /*Read the input XML File*/ 
       XmlDocument xml = new XmlDocument(); 
       xml.Load(@"xyz.xml"); 
       var exportNode = xml.SelectSingleNode("//Export"); 

       for (int i = 0; i < exportNode.ChildNodes.Count; i++) 
       { 
        /*Node 1 reads block 1 of the XML*/ 
        XmlNode dataNode = exportNode.ChildNodes[i]; 

        var environmentNode = dataNode.SelectSingleNode("env"); 
        var tech_domainNode = dataNode.SelectSingleNode("Tech"); 

        string env = environmentNode.InnerText; 
        string tech_domain = tech_domainNode.InnerText; 

        var output_valueNode = dataNode.SelectSingleNode("Output_Value"); 
        string obj = output_valueNode.InnerText; 
        Console.WriteLine("obj is " + obj); 

        if (tech_domain == "AD Group") 
        { 
         string path = "LDAP://OU=Security,OU=Groups,DC=xyz"; 
         using (DirectoryEntry entry = new DirectoryEntry(path)) 
         { 
          DirectoryEntry group = entry.Children.Add("CN=" + obj, "group"); 
          group.Properties["sAmAccountName"].Value = obj; 

          using (var domainContext = new PrincipalContext(ContextType.Domain, "xyz")) 
          { 
           var foundGrp = GroupPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, obj); 
           bool UserExists = (foundGrp != null); 

           if (!UserExists) 
           { 
            //DirectoryEntry group = entry.Children.Add("CN=" + obj, "group"); 
            group.CommitChanges(); 

            Console.WriteLine("AD Group " + obj + " has been created"); 
            Console.WriteLine("====================================="); 
           } 
          } 
         } 
        } 
        else 
        { 
         Console.WriteLine("Technology Domain for " + obj + " is not an AD Group"); 
         Console.WriteLine("===================================================="); 
        } 
       } 
       Console.ReadLine(); 
      } 
      catch (Exception e) 
      { 
       Console.WriteLine(e.Message.ToString()); 
       Console.WriteLine("==============================="); 
      } 
     } 
    } 
} 
+0

你的小組檢查功能工作正常。我複製粘貼確切的代碼到我的機器上,只更改RJFDEV域,並將'obj'設置爲特定字符串:代碼按預期工作。 – Kittoes0124

回答

0

我想你會以非常圓潤的方式回合。請查看Everything in Active Directory via C#.NET。有三個系列的帖子描述了使用.NET System.DirectoryServices.AccountManagement命名空間來管理AD並對任何給定的主體執行CRUD操作。

相關問題