110,529
社区成员
发帖
与我相关
我的任务
分享
public bool SetPassword(ADUserInfos adUser)
{
bool isSuccess = false;
try
{
DirectoryEntry user = GetUser(adUser.SAMAccountName);
// 模拟超级管理员,以达到有权限修改用户密码
NtsIdentityImpersonation impersonate = new NtsIdentityImpersonation(AdminName, AdminPassword, LdapDomainName);
impersonate.BeginImpersonate();
user.Invoke("SetPassword", new object[] { adUser.PassWord });
impersonate.StopImpersonate();
user.Close();
//user.Invoke("SetPassword", adUser.PassWord);
//user.CommitChanges();
isSuccess = true;
}
catch
{ }
return isSuccess;
}
#region
/// <summary>
/// 模拟登陆
/// </summary>
public class NtsIdentityImpersonation
{
[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool LogonUser(String lpszUsername, String lpszDomain, String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, ref IntPtr DuplicateTokenHandle);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public extern static bool CloseHandle(IntPtr handle);
// 要模拟的用户的用户名、密码、域(机器名)
private String _sImperUsername;
private String _sImperPassword;
private String _sImperDomain;
/// <summary>
/// 记录模拟上下文
/// </summary>
private WindowsImpersonationContext _imperContext;
private IntPtr _adminToken;
private IntPtr _dupeToken;
/// <summary>
/// 是否已停止模拟
/// </summary>
private Boolean _bClosed;
/// <summary>
/// 构造函数
/// </summary>
/// <param name="impersonationUsername">所要模拟的用户的用户名</param>
/// <param name="impersonationPassword">所要模拟的用户的密码</param>
/// <param name="impersonationDomain">所要模拟的用户所在的域</param>
public NtsIdentityImpersonation(String impersonationUsername, String impersonationPassword, String impersonationDomain)
{
_sImperUsername = impersonationUsername;
_sImperPassword = impersonationPassword;
_sImperDomain = impersonationDomain;
_adminToken = IntPtr.Zero;
_dupeToken = IntPtr.Zero;
_bClosed = true;
}
/// <summary>
/// 析构函数
/// </summary>
~NtsIdentityImpersonation()
{
if (!_bClosed)
{
StopImpersonate();
}
}
/// <summary>
/// 开始身份角色模拟
/// </summary>
/// <returns></returns>
public Boolean BeginImpersonate()
{
Boolean bLogined = LogonUser(_sImperUsername, _sImperDomain, _sImperPassword, 2, 0, ref _adminToken);
if (!bLogined)
{
return false;
}
Boolean bDuped = DuplicateToken(_adminToken, 2, ref _dupeToken);
if (!bDuped)
{
return false;
}
WindowsIdentity fakeId = new WindowsIdentity(_dupeToken);
_imperContext = fakeId.Impersonate();
_bClosed = false;
return true;
}
/// <summary>
/// 停止身分角色模拟
/// </summary>
public void StopImpersonate()
{
_imperContext.Undo();
CloseHandle(_dupeToken);
CloseHandle(_adminToken);
_bClosed = true;
}
}
#endregion
public DirectoryEntry GetUser(string sAMAccountName)
{
DirectoryEntry temp = null;
try
{
DirectoryEntry entry = new DirectoryEntry(ldapPath + ldapDomain, adminName, adminPassword,AuthenticationTypes.Secure);
DirectorySearcher mySearcher = new DirectorySearcher(entry);
mySearcher.Filter = ("(objectClass=user)");
foreach (SearchResult resEnt in mySearcher.FindAll())
{
DirectoryEntry de = resEnt.GetDirectoryEntry();
string name = de.Properties[ADUserProperties.sAMAccountName].Value.ToString().ToLower();
if (name == sAMAccountName.ToLower())
{
temp = resEnt.GetDirectoryEntry();
break;
}
}
}
catch
{ }
return temp;
}