AD里面,怎么知道判断用户是否能够更改密码?“用户不能更改密码”属性改了之后为什么UserAccountControl值不会更改
AD里面,如何知道判断用户是否能够更改密码?“用户不能更改密码”属性改了之后为什么UserAccountControl值不会更改?
我知道可以这样来获取(UserAccountControl & ADS_USER_FLAG_ENUM.PASSWD_CANT_CHANGE) == ADS_USER_FLAG_ENUM.PASSWD_CANT_CHANGE
如果返回True则代表用户不能更改密码,可是当我更改用户的“用户不能更改密码”属性之后,用户的UserAccountControl值都没有更改啊!这该如何是好?请教各位!
------解决方案--------------------
如果你是修改当前用户的话, 注销当前用户或者重启电脑后再登录看看。
------解决方案--------------------
是即时更改的,因为你说你知道获取,但是你没有成功,所以不知道你的代码是怎么写的。
下面是的代码是测试所有本地用户(string sServername = ("127.0.0.1"))的,你稍微修改一下,应该可以在AD中使用。
我知道可以这样来获取(UserAccountControl & ADS_USER_FLAG_ENUM.PASSWD_CANT_CHANGE) == ADS_USER_FLAG_ENUM.PASSWD_CANT_CHANGE
如果返回True则代表用户不能更改密码,可是当我更改用户的“用户不能更改密码”属性之后,用户的UserAccountControl值都没有更改啊!这该如何是好?请教各位!
------解决方案--------------------
如果你是修改当前用户的话, 注销当前用户或者重启电脑后再登录看看。
------解决方案--------------------
是即时更改的,因为你说你知道获取,但是你没有成功,所以不知道你的代码是怎么写的。
下面是的代码是测试所有本地用户(string sServername = ("127.0.0.1"))的,你稍微修改一下,应该可以在AD中使用。
using System;
using System.Collections;
using System.Runtime.InteropServices;
namespace UserAccount
{
class Program
{
public static void Main(string[] args)
{
GetUserFlags();
Console.Write("Press any key to continue . . . ");
Console.ReadKey(true);
}
[StructLayout(LayoutKind.Sequential, CharSet=CharSet.Unicode)]
public struct USER_INFO_1
{
[MarshalAs(UnmanagedType.LPWStr)] public string sUsername;
[MarshalAs(UnmanagedType.LPWStr)] public string sPassword;
public uint uiPasswordAge;
public uint uiPriv;
[MarshalAs(UnmanagedType.LPWStr)] public string sHome_Dir;
[MarshalAs(UnmanagedType.LPWStr)] public string sComment;
public uint uiFlags;
[MarshalAs(UnmanagedType.LPWStr)] public string sScript_Path;
}
//uiPriv
const uint USER_PRIV_GUEST = 0;
const uint USER_PRIV_USER = 1;
const uint USER_PRIV_ADMIN = 2;
//uiFlags (flags)
const uint UF_DONT_EXPIRE_PASSWD = 0x10000;
const uint UF_MNS_LOGON_ACCOUNT = 0x20000;
const uint UF_SMARTCARD_REQUIRED = 0x40000;
const uint UF_TRUSTED_FOR_DELEGATION = 0x80000;
const uint UF_NOT_DELEGATED = 0x100000;
const uint UF_USE_DES_KEY_ONLY = 0x200000;
const uint UF_DONT_REQUIRE_PREAUTH = 0x400000;
const uint UF_PASSWORD_EXPIRED = 0x800000;
const uint UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x1000000;
const uint UF_NO_AUTH_DATA_REQUIRED = 0x2000000;
const uint UF_PARTIAL_SECRETS_ACCOUNT = 0x4000000;
const uint UF_USE_AES_KEYS = 0x8000000;
//uiFlags (choice)
const uint UF_SCRIPT = 0x0001;
const uint UF_ACCOUNTDISABLE = 0x0002;
const uint UF_HOMEDIR_REQUIRED = 0x0008;
const uint UF_LOCKOUT = 0x0010;
const uint UF_PASSWD_NOTREQD = 0x0020;
const uint UF_PASSWD_CANT_CHANGE = 0x0040;
const uint UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = 0x0080;
const uint UF_TEMP_DUPLICATE_ACCOUNT = 0x0100;
const uint UF_NORMAL_ACCOUNT = 0x0200;
const uint UF_INTERDOMAIN_TRUST_ACCOUNT = 0x0800;
const uint UF_WORKSTATION_TRUST_ACCOUNT = 0x1000;
const uint UF_SERVER_TRUST_ACCOUNT = 0x2000;
[DllImport("Netapi32.dll")]
extern static int NetUserEnum(
[MarshalAs(UnmanagedType.LPWStr)]
string servername,
int level,
int filter,
out IntPtr bufptr,
int prefmaxlen,
out int entriesread,
out int totalentries,
out int resume_handle);
[DllImport("Netapi32.dll")]
extern static int NetApiBufferFree(IntPtr Buffer);
public static void GetUserFlags(/*string strServerName, string strUserName*/)
{
ArrayList users = new ArrayList();
int EntriesRead;
int TotalEntries;
int Resume;
IntPtr bufPtr;
string sServername = ("127.0.0.1"); // local
NetUserEnum(sServername,1, 2, out bufPtr, -1, out EntriesRead, out TotalEntries, out Resume);
if(EntriesRead> 0)
{
USER_INFO_1[] Users = new USER_INFO_1[EntriesRead];
IntPtr iter = bufPtr;
for(int i=0; i < EntriesRead; i++)
{
Users[i] = (USER_INFO_1)Marshal.PtrToStructure(iter, typeof(USER_INFO_1));
//Console.WriteLine(Users[i].uiFlags.ToString());
string strTmp = Users[i].sUsername;
uint lngFlags = Users[i].uiFlags;
// if (Convert.ToBoolean(lngFlags & UF_SCRIPT))
// {
// strTmp = strTmp + "\r\n" + "Script is executed";
// }
// else
// {
// strTmp = strTmp + "\r\n" + "Script is NOT executed";
// }
//
// if (Convert.ToBoolean(lngFlags & UF_ACCOUNTDISABLE))
// {
// strTmp = strTmp + "\r\n" + "Account is disabled";
// }
// else
// {
// strTmp = strTmp + "\r\n" + "Account is NOT disabled";