adsi

问题 I have searched the site for information and found this: ASP.NET C# Active Directory - See how long before a user's password expires which explains how to get the value of when the password expires as per Domain Policy. My question is this: what if the user has an OU Group Policy that has a different MaxPasswordAge value, overriding the one specified in Domain Group Policy? How to programatically get the OU's Group Policy Object? Edit: To make this question a little bit more clear, I am

问题 Is there an ADSI Library out there for .NET/C#? I have been able to find bits and pieces of code to do some tasks but nothing comprehensive. I'm looking for a library that I can just drop into my code and run without having to do too much customization? I'm thinking something along the lines of MEMM for Excel Thanks. 回答1: For .NET 1.x, there's really only the System.DirectoryServices namespace - not much more, unfortunately. That's your basic DirectoryEntry and DirectorySearcher classes, and

问题 Using ADSI Edit I cannot use the interface and create a new computer . Background So I installed Active Directory Lightweight Directory Services (AD LDS) on my Windows 8.1 Pro computer. Then I followed the tutorial to create an AD LDS instance and then this tutorial setting up groups and users. Everything works as detailed in the those tutorial pages. However, I want to develop LDAP queries to determine the number of computers in a ActiveDirectory group and so I want to create computer

问题 In an ASP.NET 4 application, I have existing code to access a user's Active Directory information (potentially under Windows Authentication or FBA) like this: // authType taken from run-time config file, default below AuthenticationTypes authType = AuthenticationTypes.Secure; string path = "LDAP://" + domain; DirectoryEntry entry = new DirectoryEntry(path); entry.AuthenticationType = authType; // Bind to the native AdsObject to force authentication. Object obj = entry.NativeObject;

问题 I have a really simple question. What is better to use? AD Module (ie. Get-ADComputer) or DirectoryServices .NET Class when trying to connect to AD and pull all computers, users, and groups from a Domain. Or does it not matter at all? The key factors I judge on for which method to use are: Which method's scripts will run faster? Which puts less load on the network / AD What limitations may each method have? I know that the AD Module is only installed default on Win Server 2008 R2 and later,

问题 So I have a SQL query that pulls data from our Active Directory without any issues (slimmed way down for posting purposes): SELECT TOP 901 * FROM OpenQuery(ADSI, 'SELECT title, displayName, sAMAccountName, givenName, sn FROM ''LDAP://DC=[STUFF],DC=[MOAR STUFF],DC=com'' where objectCategory = ''Person'' AND objectClass = ''User''') This pulls records as expected. I need to pull records from other domains where we have a trust, so I should only need to change the LDAP string. But doing so just

问题 Using the following code... import win32com.adsi DNC=win32com.adsi.ADsGetObject('LDAP://rootDSE').Get('DefaultNamingContext') path = 'LDAP://cn=BIG_GROUP,ou=Groups,'+DNC groupobj = win32com.adsi.ADsGetObject(path) users = groupobj.member print len(users) The output is always a maximum 1500, even if BIG_GROUP contains several thousand members. How can I execute this query in a way that returns all members of BIG_GROUP? 回答1: AD returns N results at a time from a large attribute (like member),

问题 i get the maxpwdage value and pwdlastset value using ADSI.. Now i want to check the password expiry date... hr = pDomain->get_MaxPasswordAge(&ret); maxpwdage gives 432000... hr = pUser->get_PasswordLastChanged(&expirationDate); pwdlastset gives 41176.470196759263... how to achieve the password expiry date using this value? 回答1: MaxPasswordAge Indicates the maximum time interval, in seconds, after which the password must be changed by the user. PasswordLastChanged The last time the password

问题 I'm working on a PowerShell script to change a local account name. Of course, the first step is to check that the account exists: $user=[ADSI]"WinNT://$server/$oldName,user" If the account exists, then no problem. But if it doesn't, then I get this error: format-default : The following exception occurred while retrieving member >"distinguishedName": "The user name could not be found." + CategoryInfo : NotSpecified: (:) [format-default], ExtendedTypeSystemException + FullyQualifiedErrorId :

问题 I am trying to create a method that accepts a list of Active Directory security groups and returns a boolean response for whether or not the user is a member (either direct or indirect). I am using Adaxes (which basically extends ADSI with some of their own functionality). They have an object (IAdmGroup) that returns an array of byte[] for all members (direct and indirect) for a group. I want to avoid using that method if I can because some of the groups have very large groups under them (10