问题描述
如何使用 C#/.NET 检查计算机帐户是否在 Active Directory 中被禁用
How do you check if a computer account is disabled in Active Directory using C#/.NET
推荐答案
试试这个:
class Program { static void Main(string[] args) { const string ldap = "LDAP://your-ldap-server-here"; using (DirectoryEntry conn = new DirectoryEntry(ldap)) { using (DirectorySearcher searcher = new DirectorySearcher(conn)) { searcher.Filter = "(|(samAccountName=userA)(samAccountName=userB))"; searcher.PropertiesToLoad.Add("samAccountName"); searcher.PropertiesToLoad.Add("userAccountControl"); using (SearchResultCollection results = searcher.FindAll()) { foreach (SearchResult result in results) { int userAccountControl = Convert.ToInt32(result.Properties["userAccountControl"][0]); string samAccountName = Convert.ToString(result.Properties["samAccountName"][0]); bool disabled = ((userAccountControl & 2) > 0); Console.WriteLine("{0} ({1:x}) :: {2}", samAccountName, userAccountControl, disabled); } } } } Console.ReadLine(); } }
如果帐户被禁用,userAccountControl 的第二位将为 1.
The second bit of userAccountControl will be 1 if the account is disabled.