我試圖創建一個域用戶,然後將它們添加到當前機器上的本地組。每當我做這個時,我打電話添加域我得到這個{"A member could not be added to or removed from the local group because the member does not exist.\r\n"}
。然而,我知道用戶存在,因爲我的測試人員正在看目錄,並且只要我創建的代碼運行,用戶就出現了。創建域用戶並添加到本地組失敗
我會說,我注意到,當我將SID轉換爲NTUser帳戶時,我以domain \ $ DDDDD-FAF234AFS作爲名稱而不是domain \ test.user。爲什麼會發生這種情況,我的問題可能是?
這裏是我的代碼來創建一個用戶:
private UserPrincipal CreateNewUser(Section.User.User user, PrincipalContext principal)
{
_logger.Debug("User did not exist creating now.");
UserPrincipal newUser = new UserPrincipal(principal)
{
Name = user.UserName.Contains('\\') ? user.UserName.Split('\\')[1] : user.UserName,
Description = string.IsNullOrEmpty(user.UserDescription) ? "IIS {0} user.".FormatWith(user.UserType) : user.UserDescription,
UserCannotChangePassword = false,
PasswordNeverExpires = true,
PasswordNotRequired = false,
Enabled = true
};
_logger.Debug("User created.");
_logger.Debug("Setting user password and applying to the system.");
newUser.SetPassword(user.UserPassword);
newUser.Save();
return newUser;
}
用戶只是使用用戶名,密碼和描述一個自定義類。 principalcontext是該域的有效上下文。
這裏是我用來將用戶添加到本地域代碼:
private void AddDomainUserToGroup(Principal groupPrincipal, Principal user, string group)
{
using (DirectoryEntry groupEntry = groupPrincipal.GetUnderlyingObject() as DirectoryEntry)
using (DirectoryEntry userEntry = user.GetUnderlyingObject() as DirectoryEntry)
{
NTAccount ntUser = user.Sid.Translate(typeof (NTAccount)) as NTAccount;
string domain = ntUser.ToString().Split('\\')[0];
string userPath = string.Format("WinNT://{0}/{1},user", domain, user);
groupEntry.Invoke("Add", new object[] {userPath});
}
}
而且我從來沒有將用戶添加到本地機器我只是將它們添加到域。這是我的問題嗎?