我可以得到OU的物體,像....如何使用C#向OU添加權限?
DirectoryEntry de = new DirectoryEntry(
"LDAP://domain.com",
"DOMAIN\\Administrator",
"Password");
DirectoryEntry ouEntry = de.Children.Find("OU=my-users,DC=domain,DC=com");
,但我似乎無法找到任何類或庫添加權限。我想給「MyGroup」權限來創建和刪除此OU中的對象。我可以在ADSIEdit中通過選擇OU並使用安全選項卡手動執行此操作,但無法找到相應的代碼。
試試這個
DirectoryEntry rootEntry = new DirectoryEntry("LDAP://OU=Test OU,DC=test,DC=com");
DirectorySearcher dsFindOUs = new DirectorySearcher(rootEntry);
dsFindOUs.Filter = "(objectClass=organizationalUnit)";
dsFindOUs.SearchScope = SearchScope.Subtree;
SearchResult oResults = dsFindOUs.FindOne();
DirectoryEntry myOU = oResults.GetDirectoryEntry();
System.Security.Principal.IdentityReference newOwner = new System.Security.Principal.NTAccount("YourDomain", "YourUserName").Translate(typeof(System.Security.Principal.SecurityIdentifier));
ActiveDirectoryAccessRule newRule = new ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Allow);
myOU.ObjectSecurity.SetAccessRule(newRule);
讓我知道這對你的作品。
Raymund http://anyrest.wordpress.com