使用目录服务以编程方式删除用户
Programatically Deleting Users with Directory Services
我编写了一个控制台应用程序,它生成有关 Active Directory 和 Novell e-Directory 树中应删除的帐户的报告。该程序非常适合生成非常有用的列表,因为它符合我公司的要求。
我现在被要求查看是否可以增强此程序以另外删除某些帐户。
我只使用 Directory.Services 连接到不同的树,不想更改此连接类型。现在我可以并且已经成功删除了位于搜索根目录的对象。我现在的问题是我似乎无法删除在子 OU 中找到的任何用户对象。
这是删除用户对象的函数代码...
static void Perform_Deletions(List<UserAccountObject> User_List, DirectoryEntry myLdapConnection)
{
DirectoryEntry userToDelete;
myLdapConnection.RefreshCache();
string cnRegex = @"^([^,]+)";
Regex myCNRegex = new Regex(cnRegex, RegexOptions.IgnoreCase);
foreach(UserAccountObject user in User_List)
{
foreach(Match myMatch in myCNRegex.Matches(user.Distinguished_Name))
{
string cn = myMatch.ToString();
userToDelete = myLdapConnection.Children.Find(cn);
myLdapConnection.Children.Remove(userToDelete);
myLdapConnection.CommitChanges();
}
}
}
我确实删除了错误检查并重命名了一些区域,以免泄露内部信息。但无论如何。我确定我的问题可能出在这段代码的第 10 行。如何修改此行或更改此函数,以便如果初始 DirectoryEntry 指向 "LDAP://server1.contoso.com/OU=users,DC=contoso,DC=com" ;并且用户对象在 "OU=Team1,OU=users,DC=contoso,DC=com" 中,它也会被删除吗?
目前使用此代码,原始条目中的所有用户都将在 AD 或 e-Directory 中删除。
非常感谢您的帮助!
所以我能够编写一个满足我的要求的解决方案,但我觉得这可能不是最好的解决方案,因为我必须为我需要删除的每个 DN 创建和销毁与目录服务器的连接。必须有一种方法可以通过单个连接发送要删除的 DN 列表。
static void Perform_Deletions(List<UserAccountObject> User_List, string directory)
{
string ldapServer = null;
string parentOU = null;
string userCN = null;
string ldapDirectory = null;
string userName = null;
string passWord = null;
// REGEX value to only return OU path portion of User DN
string dnSuffixRegex = @"ou.*";
Regex myDNRegex = new Regex(dnSuffixRegex, RegexOptions.IgnoreCase);
// REGEX to only Return the CN portion of User DN
string cnRegex = @"^([^,]+)";
Regex myCNRegex = new Regex(cnRegex, RegexOptions.IgnoreCase);
switch (directory)
{
case "AD1":
{
ldapDirectory = "LDAP://ad1.contosoe.com/";
userName = "Admin";
passWord = @"P@$$W0rd1";
break;
}
case "AD2":
{
ldapDirectory = "LDAP://ad2.contosof.com/";
userName = "Admin";
passWord = @"P@$$W0rd1";
break;
}
case "EDIR1":
{
ldapDirectory = "LDAP://edirectory1.contosoc.com/";
userName = @"cn=Admin,o=Root";
passWord = @"P@$$W0rd1";
break;
}
case "AD3":
{
ldapDirectory = "LDAP://ad3.contosod.com/";
userName = "Admin";
passWord = @"P@$$W0rd1";
break;
}
case "EDIR2":
{
ldapDirectory = "LDAP://edirectory2.contosob.com/";
userName = @"cn=Admin,o=Root";
passWord = @"P@$$W0rd1";
break;
}
case "EDIR3":
{
ldapDirectory = "LDAP://edirectory3.contosoa.com/";
userName = @"cn=Admin,o=Root";
passWord = @"P@$$W0rd1";
break;
}
default:
{
break;
}
}
foreach (UserAccountObject user in User_List)
{
foreach (Match cnMatch in myCNRegex.Matches(user.Distinguished_Name))
{
userCN = cnMatch.ToString();
}
foreach (Match dnMatch in myDNRegex.Matches(user.Distinguished_Name))
{
parentOU = dnMatch.ToString();
}
ldapServer = ldapDirectory + parentOU;
try
{
DirectoryEntry myLdapconnection = new DirectoryEntry(ldapServer, userName, passWord, AuthenticationTypes.ServerBind);
DirectoryEntry userToDelete = myLdapconnection.Children.Find(userCN);
myLdapconnection.RefreshCache();
myLdapconnection.Children.Remove(userToDelete);
myLdapconnection.CommitChanges();
myLdapconnection.Close();
myLdapconnection.Dispose();
user.Deletion_Status = "SUCCEEDED";
}
catch (Exception e)
{
user.Deletion_Status = "FAILED";
Console.WriteLine("Exception Caught:\n\n{0}", e.ToString());
}
}
}
我编写了一个控制台应用程序,它生成有关 Active Directory 和 Novell e-Directory 树中应删除的帐户的报告。该程序非常适合生成非常有用的列表,因为它符合我公司的要求。
我现在被要求查看是否可以增强此程序以另外删除某些帐户。
我只使用 Directory.Services 连接到不同的树,不想更改此连接类型。现在我可以并且已经成功删除了位于搜索根目录的对象。我现在的问题是我似乎无法删除在子 OU 中找到的任何用户对象。
这是删除用户对象的函数代码...
static void Perform_Deletions(List<UserAccountObject> User_List, DirectoryEntry myLdapConnection)
{
DirectoryEntry userToDelete;
myLdapConnection.RefreshCache();
string cnRegex = @"^([^,]+)";
Regex myCNRegex = new Regex(cnRegex, RegexOptions.IgnoreCase);
foreach(UserAccountObject user in User_List)
{
foreach(Match myMatch in myCNRegex.Matches(user.Distinguished_Name))
{
string cn = myMatch.ToString();
userToDelete = myLdapConnection.Children.Find(cn);
myLdapConnection.Children.Remove(userToDelete);
myLdapConnection.CommitChanges();
}
}
}
我确实删除了错误检查并重命名了一些区域,以免泄露内部信息。但无论如何。我确定我的问题可能出在这段代码的第 10 行。如何修改此行或更改此函数,以便如果初始 DirectoryEntry 指向 "LDAP://server1.contoso.com/OU=users,DC=contoso,DC=com" ;并且用户对象在 "OU=Team1,OU=users,DC=contoso,DC=com" 中,它也会被删除吗?
目前使用此代码,原始条目中的所有用户都将在 AD 或 e-Directory 中删除。
非常感谢您的帮助!
所以我能够编写一个满足我的要求的解决方案,但我觉得这可能不是最好的解决方案,因为我必须为我需要删除的每个 DN 创建和销毁与目录服务器的连接。必须有一种方法可以通过单个连接发送要删除的 DN 列表。
static void Perform_Deletions(List<UserAccountObject> User_List, string directory)
{
string ldapServer = null;
string parentOU = null;
string userCN = null;
string ldapDirectory = null;
string userName = null;
string passWord = null;
// REGEX value to only return OU path portion of User DN
string dnSuffixRegex = @"ou.*";
Regex myDNRegex = new Regex(dnSuffixRegex, RegexOptions.IgnoreCase);
// REGEX to only Return the CN portion of User DN
string cnRegex = @"^([^,]+)";
Regex myCNRegex = new Regex(cnRegex, RegexOptions.IgnoreCase);
switch (directory)
{
case "AD1":
{
ldapDirectory = "LDAP://ad1.contosoe.com/";
userName = "Admin";
passWord = @"P@$$W0rd1";
break;
}
case "AD2":
{
ldapDirectory = "LDAP://ad2.contosof.com/";
userName = "Admin";
passWord = @"P@$$W0rd1";
break;
}
case "EDIR1":
{
ldapDirectory = "LDAP://edirectory1.contosoc.com/";
userName = @"cn=Admin,o=Root";
passWord = @"P@$$W0rd1";
break;
}
case "AD3":
{
ldapDirectory = "LDAP://ad3.contosod.com/";
userName = "Admin";
passWord = @"P@$$W0rd1";
break;
}
case "EDIR2":
{
ldapDirectory = "LDAP://edirectory2.contosob.com/";
userName = @"cn=Admin,o=Root";
passWord = @"P@$$W0rd1";
break;
}
case "EDIR3":
{
ldapDirectory = "LDAP://edirectory3.contosoa.com/";
userName = @"cn=Admin,o=Root";
passWord = @"P@$$W0rd1";
break;
}
default:
{
break;
}
}
foreach (UserAccountObject user in User_List)
{
foreach (Match cnMatch in myCNRegex.Matches(user.Distinguished_Name))
{
userCN = cnMatch.ToString();
}
foreach (Match dnMatch in myDNRegex.Matches(user.Distinguished_Name))
{
parentOU = dnMatch.ToString();
}
ldapServer = ldapDirectory + parentOU;
try
{
DirectoryEntry myLdapconnection = new DirectoryEntry(ldapServer, userName, passWord, AuthenticationTypes.ServerBind);
DirectoryEntry userToDelete = myLdapconnection.Children.Find(userCN);
myLdapconnection.RefreshCache();
myLdapconnection.Children.Remove(userToDelete);
myLdapconnection.CommitChanges();
myLdapconnection.Close();
myLdapconnection.Dispose();
user.Deletion_Status = "SUCCEEDED";
}
catch (Exception e)
{
user.Deletion_Status = "FAILED";
Console.WriteLine("Exception Caught:\n\n{0}", e.ToString());
}
}
}