« Active directory » : différence entre les versions
De Banane Atomic
Aller à la navigationAller à la recherche
Aucun résumé des modifications |
|||
| (2 versions intermédiaires par le même utilisateur non affichées) | |||
| Ligne 1 : | Ligne 1 : | ||
[[Category:Windows]] | [[Category:Windows]] | ||
[[Category:CSharp]] | |||
= [http://www.fixedbyvonnie.com/2015/04/understanding-active-directory-in-windows-server-2012-r2-part-2-of-3/#.WfxkAYgo870 Installation sur Windows Server 2012] = | = [http://www.fixedbyvonnie.com/2015/04/understanding-active-directory-in-windows-server-2012-r2-part-2-of-3/#.WfxkAYgo870 Installation sur Windows Server 2012] = | ||
Server Manager Dashboard → Add roles and features → Role-based | Server Manager Dashboard → Add roles and features → Role-based | ||
| Ligne 57 : | Ligne 58 : | ||
* [http://samirvaidya.blogspot.ch/2012/06/using-active-directory-web-services-in.html Using Active Directory Web Services in C#/Visual Studio] | * [http://samirvaidya.blogspot.ch/2012/06/using-active-directory-web-services-in.html Using Active Directory Web Services in C#/Visual Studio] | ||
* [https://msdn.microsoft.com/en-us/library/dd303811.aspx Example of ChangePassword] | * [https://msdn.microsoft.com/en-us/library/dd303811.aspx Example of ChangePassword] | ||
= [https://docs.microsoft.com/en-us/troubleshoot/developer/visualstudio/csharp/language-compilers/add-user-local-system Local users and groups] = | |||
<kode lang='cs'> | |||
using System.DirectoryServices; | |||
var ad = new DirectoryEntry($"WinNT://{Environment.MachineName},computer"); | |||
var user = ad.Children.Find("Bibi", "user"); | |||
var adminGroup = ad.Children.Find("Administrators", "group"); | |||
adminGroup.Invoke("Add", new object[] { user.Path }); // add the user to the admin group | |||
</kode> | |||
= LDAP = | = LDAP = | ||
Dernière version du 20 février 2022 à 17:13
Installation sur Windows Server 2012
Server Manager Dashboard → Add roles and features → Role-based
- AD Domain Services
- AD Federation Services
Server Manager Dashboard → AD DS → more → promote this server to a domain controller
- Add a New Forest
- Root domain name: domain.ch
 |
Le serveur doit avoir une IP fixe. |
Scripts PowerShell
 |
Installer Remote Server Administration Tools for Windows 10 si besoin (The specified module 'activedirectory' was not loaded) |
|
import-module activedirectory
# Afficher toutes les propriétés des tous les comptes *NAME*
Get-ADUser -Filter {EmailAddress -like "*NAME*"} -properties *
# Afficher tous les comptes utilisateur
Get-ADUser -Filter {ObjectClass -eq "user"}
# Afficher tous les comptes utilisateur *NAME*
Get-ADObject -Filter {(mail -like "*NAME*") -and (ObjectClass -eq "user")}
|
Ajouter un utilisateur
- Server Manager → AD DS → clique-droit sur le serveur → AD Users and Computers
- clique-droit sur domain.ch → New → Organisational Unit
- clique-droit sur l'OU → New → User
ADWS
- Endpoints par défaut: netTCP Binding sur le port 9389
- pas de support HTTP-binding
|
NetTcpBinding tcpBind = new NetTcpBinding();
var acctMgmt = new ADWSSvc.AccountManagementClient(tcpBind,
new EndpointAddress("net.tcp://localhost:9389/ActiveDirectoryWebServices/Windows/AccountManagement"));
acctMgmt.ClientCredentials.Windows.AllowedImpersonationLevel =
System.Security.Principal.TokenImpersonationLevel.Impersonation;
var adPrincipal = acctMgmt.GetADGroupMember("ldap:389",
"CN=Domain Admins,CN=Users,DC=corp,DC=claimsauth,DC=com",
"DC=corp,DC=claimsauth,DC=com",
true);
foreach (var item in adPrincipal)
{
Console.WriteLine(item.Name);
Console.WriteLine(item.DistinguishedName);
Console.WriteLine(item.SamAccountName);
}
|
Liens
- What's New in AD DS: Active Directory Web Services
- ADWS with HTTP Binding and access from a Java Client
- Active Directory Web Services Overview
- How to view SOAP XML messages to and from AD Webservices and Powershell
- Using Active Directory Web Services in C#/Visual Studio
- Example of ChangePassword
Local users and groups
|
|
using System.DirectoryServices;
var ad = new DirectoryEntry($"WinNT://{Environment.MachineName},computer");
var user = ad.Children.Find("Bibi", "user");
var adminGroup = ad.Children.Find("Administrators", "group");
adminGroup.Invoke("Add", new object[] { user.Path }); // add the user to the admin group
|
LDAP
User Info
|
|
string adminUser = "Administrator";
string adminPassword = "xxx";
string container = "DC=domain,DC=ch";
string domainController = "DOMAIN-CONTROLLER-NAME";
string userName = "user";
string newPassword = "xxx";
const AuthenticationTypes authenticationTypes = AuthenticationTypes.Secure |
AuthenticationTypes.Sealing | AuthenticationTypes.ServerBind;
DirectoryEntry searchRoot = null;
DirectorySearcher searcher = null;
DirectoryEntry userEntry = null;
try
{
searchRoot = new DirectoryEntry($"LDAP://{domainController}/{container}",
adminUser, adminPassword, authenticationTypes);
searchRoot = new DirectoryEntry($"GC://{domainController}",
adminUser, adminPassword, authenticationTypes);
searcher = new DirectorySearcher(searchRoot);
searcher.Filter = String.Format("sAMAccountName={0}", userName);
searcher.SearchScope = SearchScope.Subtree;
searcher.CacheResults = false;
SearchResult searchResult = searcher.FindOne(); ;
if (searchResult == null)
{
output["Error"] = "User Not Found In This Domain";
return output;
}
userEntry = searchResult.GetDirectoryEntry();
output["Name"] = userEntry.Name; // CN=User
foreach (PropertyValueCollection p in userEntry.Properties)
{
object v;
if (p.Value is object[] o)
{
v = string.Join(", ", o);
}
else
{
v = p.Value;
}
output[p.PropertyName] = v.ToString();
// objectClass → top, person, organizationalPerson, user
// givenName / displayName / name → User
// sAMAccountName → user
// userPrincipalName → user@domain.ch
}
return output;
}
catch (Exception ex)
{
output["Exception"] = ex.Message;
return output;
}
finally
{
if (userEntry != null) userEntry.Dispose();
if (searcher != null) searcher.Dispose();
if (searchRoot != null) searchRoot.Dispose();
}
|
Change Password
|
|
string adminUser = "Administrator";
string adminPassword = "xxx";
string container = "DC=domain,DC=ch";
string domainController = "DOMAIN-CONTROLLER-NAME";
string userName = "user";
string newPassword = "xxx";
const AuthenticationTypes authenticationTypes = AuthenticationTypes.Secure |
AuthenticationTypes.Sealing | AuthenticationTypes.ServerBind;
DirectoryEntry searchRoot = null;
DirectorySearcher searcher = null;
DirectoryEntry userEntry = null;
try
{
searchRoot = new DirectoryEntry($"LDAP://{domainController}/{container}",
adminUser, adminPassword, authenticationTypes);
searcher = new DirectorySearcher(searchRoot);
searcher.Filter = String.Format("sAMAccountName={0}", userName);
searcher.SearchScope = SearchScope.Subtree;
searcher.CacheResults = false;
SearchResult searchResult = searcher.FindOne(); ;
if (searchResult == null) return "User Not Found In This Domain";
userEntry = searchResult.GetDirectoryEntry();
userEntry.Invoke("SetPassword", new object[] { newPassword });
userEntry.CommitChanges();
return "New password set";
}
catch (Exception ex)
{
return ex.ToString();
}
finally
{
if (userEntry != null) userEntry.Dispose();
if (searcher != null) searcher.Dispose();
if (searchRoot != null) searchRoot.Dispose();
}
|
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Le compte qui fait tourner le service n'a pas le droit de modifier un password.
Specify an Identity for an Application Pool:
- IIS Manager → clique sur Application Pools
- clique-droit sur le site à modifier → Advanced Settings → Process Model → Identity
- Custom Account
