如题,用超级用户设置密码时不会报错,当用普通用户设置时就会报错了,这个应该是权限的问题,但我不知道怎么设置才是对的,希望高人指点。。谢谢,代码如下:
public bool SetPassword(ADUserInfos adUser)
{
bool isSuccess = false;
try
{
DirectoryEntry user = GetUser(adUser.SAMAccountName); // 模拟超级管理员,以达到有权限修改用户密码
NtsIdentityImpersonation impersonate = new NtsIdentityImpersonation(AdminName, AdminPassword, LdapDomainName);
impersonate.BeginImpersonate(); user.Invoke("SetPassword", new object[] { adUser.PassWord }); impersonate.StopImpersonate(); user.Close();
//user.Invoke("SetPassword", adUser.PassWord);
//user.CommitChanges();
isSuccess = true;
}
catch
{ }
return isSuccess;
} #region
/// <summary>
/// 模拟登陆
/// </summary>
public class NtsIdentityImpersonation
{ [DllImport("advapi32.dll", SetLastError = true)] public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle); [DllImport("kernel32.dll", CharSet = CharSet.Auto)] public extern static bool CloseHandle(IntPtr handle); // 要模拟的用户的用户名、密码、域(机器名) private String _sImperUsername; private String _sImperPassword; private String _sImperDomain; /// <summary>
/// 记录模拟上下文
/// </summary>
private WindowsImpersonationContext _imperContext; private IntPtr _adminToken; private IntPtr _dupeToken; /// <summary>
/// 是否已停止模拟
/// </summary>
private Boolean _bClosed;
/// <summary>
/// 构造函数
/// </summary>
/// <param name="impersonationUsername">所要模拟的用户的用户名</param>
/// <param name="impersonationPassword">所要模拟的用户的密码</param>
/// <param name="impersonationDomain">所要模拟的用户所在的域</param> public NtsIdentityImpersonation(String impersonationUsername, String impersonationPassword, String impersonationDomain)
{ _sImperUsername = impersonationUsername; _sImperPassword = impersonationPassword; _sImperDomain = impersonationDomain; _adminToken = IntPtr.Zero; _dupeToken = IntPtr.Zero; _bClosed = true; } /// <summary>
/// 析构函数
/// </summary>
~NtsIdentityImpersonation()
{ if (!_bClosed)
{ StopImpersonate(); } } /// <summary>
/// 开始身份角色模拟
/// </summary>
/// <returns></returns>
public Boolean BeginImpersonate()
{ Boolean bLogined = LogonUser(_sImperUsername, _sImperDomain, _sImperPassword, 2, 0, ref _adminToken); if (!bLogined)
{ return false; } Boolean bDuped = DuplicateToken(_adminToken, 2, ref _dupeToken); if (!bDuped)
{ return false; } WindowsIdentity fakeId = new WindowsIdentity(_dupeToken); _imperContext = fakeId.Impersonate(); _bClosed = false; return true; } /// <summary>
/// 停止身分角色模拟
/// </summary>
public void StopImpersonate()
{ _imperContext.Undo(); CloseHandle(_dupeToken); CloseHandle(_adminToken); _bClosed = true; } }
#endregion public DirectoryEntry GetUser(string sAMAccountName)
{
DirectoryEntry temp = null;
try
{
DirectoryEntry entry = new DirectoryEntry(ldapPath + ldapDomain, adminName, adminPassword,AuthenticationTypes.Secure); DirectorySearcher mySearcher = new DirectorySearcher(entry); mySearcher.Filter = ("(objectClass=user)"); foreach (SearchResult resEnt in mySearcher.FindAll())
{
DirectoryEntry de = resEnt.GetDirectoryEntry();
string name = de.Properties[ADUserProperties.sAMAccountName].Value.ToString().ToLower();
if (name == sAMAccountName.ToLower())
{
temp = resEnt.GetDirectoryEntry();
break;
}
}
}
catch
{ }
return temp;
}
public bool SetPassword(ADUserInfos adUser)
{
bool isSuccess = false;
try
{
DirectoryEntry user = GetUser(adUser.SAMAccountName); // 模拟超级管理员,以达到有权限修改用户密码
NtsIdentityImpersonation impersonate = new NtsIdentityImpersonation(AdminName, AdminPassword, LdapDomainName);
impersonate.BeginImpersonate(); user.Invoke("SetPassword", new object[] { adUser.PassWord }); impersonate.StopImpersonate(); user.Close();
//user.Invoke("SetPassword", adUser.PassWord);
//user.CommitChanges();
isSuccess = true;
}
catch
{ }
return isSuccess;
} #region
/// <summary>
/// 模拟登陆
/// </summary>
public class NtsIdentityImpersonation
{ [DllImport("advapi32.dll", SetLastError = true)] public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken); [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)] public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle); [DllImport("kernel32.dll", CharSet = CharSet.Auto)] public extern static bool CloseHandle(IntPtr handle); // 要模拟的用户的用户名、密码、域(机器名) private String _sImperUsername; private String _sImperPassword; private String _sImperDomain; /// <summary>
/// 记录模拟上下文
/// </summary>
private WindowsImpersonationContext _imperContext; private IntPtr _adminToken; private IntPtr _dupeToken; /// <summary>
/// 是否已停止模拟
/// </summary>
private Boolean _bClosed;
/// <summary>
/// 构造函数
/// </summary>
/// <param name="impersonationUsername">所要模拟的用户的用户名</param>
/// <param name="impersonationPassword">所要模拟的用户的密码</param>
/// <param name="impersonationDomain">所要模拟的用户所在的域</param> public NtsIdentityImpersonation(String impersonationUsername, String impersonationPassword, String impersonationDomain)
{ _sImperUsername = impersonationUsername; _sImperPassword = impersonationPassword; _sImperDomain = impersonationDomain; _adminToken = IntPtr.Zero; _dupeToken = IntPtr.Zero; _bClosed = true; } /// <summary>
/// 析构函数
/// </summary>
~NtsIdentityImpersonation()
{ if (!_bClosed)
{ StopImpersonate(); } } /// <summary>
/// 开始身份角色模拟
/// </summary>
/// <returns></returns>
public Boolean BeginImpersonate()
{ Boolean bLogined = LogonUser(_sImperUsername, _sImperDomain, _sImperPassword, 2, 0, ref _adminToken); if (!bLogined)
{ return false; } Boolean bDuped = DuplicateToken(_adminToken, 2, ref _dupeToken); if (!bDuped)
{ return false; } WindowsIdentity fakeId = new WindowsIdentity(_dupeToken); _imperContext = fakeId.Impersonate(); _bClosed = false; return true; } /// <summary>
/// 停止身分角色模拟
/// </summary>
public void StopImpersonate()
{ _imperContext.Undo(); CloseHandle(_dupeToken); CloseHandle(_adminToken); _bClosed = true; } }
#endregion public DirectoryEntry GetUser(string sAMAccountName)
{
DirectoryEntry temp = null;
try
{
DirectoryEntry entry = new DirectoryEntry(ldapPath + ldapDomain, adminName, adminPassword,AuthenticationTypes.Secure); DirectorySearcher mySearcher = new DirectorySearcher(entry); mySearcher.Filter = ("(objectClass=user)"); foreach (SearchResult resEnt in mySearcher.FindAll())
{
DirectoryEntry de = resEnt.GetDirectoryEntry();
string name = de.Properties[ADUserProperties.sAMAccountName].Value.ToString().ToLower();
if (name == sAMAccountName.ToLower())
{
temp = resEnt.GetDirectoryEntry();
break;
}
}
}
catch
{ }
return temp;
}
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货