2
從兩個人的幫助,我已經想出瞭如何使用下面的代碼設置「用戶不能更改密碼」。我現在試圖找出如何刪除該屬性。我認爲將被拒絕的國旗設置爲「允許」會起作用,但似乎什麼都不做。如果可能,我希望代碼使用DirectoryEntry,而不是PrincipalContext,因爲我不確定我的應用程序是否將在所有服務器上使用.NET 3.5。任何幫助,將不勝感激。活動目錄屬性
string PASSWORD_GUID = "{ab721a53-1e2f-11d0-9819-00aa0040529b}";
string [] trustees = {"NT AUTHORITY\\SELF", "EVERYONE"};
ActiveDs.IADsSecurityDescriptor sd = (ActiveDs.IADsSecurityDescriptor)User.Properties["ntSecurityDescriptor"].Value;
ActiveDs.IADsAccessControlList acl = (ActiveDs.IADsAccessControlList) sd.DiscretionaryAcl;
ActiveDs.AccessControlEntry ace = new ActiveDs.AccessControlEntry();
double denied = (double)ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_DENIED_OBJECT;
double objectType = (double)ActiveDs.ADS_FLAGTYPE_ENUM.ADS_FLAG_OBJECT_TYPE_PRESENT;
double dsControl = (double)ActiveDs.ADS_RIGHTS_ENUM.ADS_RIGHT_DS_CONTROL_ACCESS;
foreach (string trustee in trustees) {
ace.Trustee = trustee;
ace.AceFlags = 0;
ace.AceType = Convert.ToInt32(Math.Floor(denied));
ace.Flags = Convert.ToInt32(Math.Floor(objectType));
ace.ObjectType = PASSWORD_GUID;
ace.AccessMask = Convert.ToInt32(Math.Floor(dsControl));
acl.AddAce(ace);
}
sd.DiscretionaryAcl = acl;
User.Properties["ntSecurityDescriptor"].Value
= sd;
User.CommitChanges();
它需要.NET 3.5及更高版本,實際上是 – 2009-11-19 07:13:47
您是對的。剛注意到這一點,當我看到你的評論時,它正朝着正確方向前進:)。 – 2009-11-19 07:19:01