项目需求:
同步人事系统的组织架构-对应AD的OU树
同步人事系统的员工-对应AD的用户

创建OU 名字不能重复,需要父级路径(parentOrganizeUnit)以及新ou的名字(name),如果最父级则上级路径为域节点
DirectoryEntry CreateOrganizeUnit(string OrgId,string name, string parentOrganizeUnit,int Id,ADInfo ad)

更改OU名称 需要旧的OU路径(oldUnit)以及“OU=新OUName”(newUnit)
DirectoryEntry UpdateOrganizeUnit(string newUnit, string OUName, string oldUnit, int Id,ADInfo ad) 使用Renname

更改OU上级 需要新的上级路径(newparentOrganizeUnit)旧OU的路径(oldUnit)
DirectoryEntry MoveOrganizeUnit(string oldUnit, string newparentOrganizeUnit, int Id,ADInfo ad)

创建ou用户需要ou路径(orgPath) 以及用户信息(user)
AddADAccount(string orgPath, EmpInfo user, int Id,ADInfo ad)
注意ou树下的名字是cn字段(不能重复),cn需要重新赋值时用rename
sAMAccountName 用户(不能重复)
userPrincipalName 有域名的用户名 (不能重复)
邮箱为空不能赋值(mail)

移动用户 需要用户路径(user_path)以及OU路径(target_path)
MoveUser(string user_path, string target_path,string OuName, int Id,ADInfo ad)

设置密码

NewUser.Invoke("SetPassword", new object[] { accountPwd });

设置用户下次登录必须修改密码

NewUser.Properties["pwdLastSet"].Value = 0;

对应TXT 代码

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using Quartz;
using vxTalent.Schedule.DALBase;
using System.Data;
using System.DirectoryServices;
using vxTalent.Schedule.DALBase.AD;
using System.Configuration;
using System.Reflection;
using Microsoft.International.Converters.PinYinConverter;
namespace vxTalent.User.ModuleJob.AD
{
public class ADSynData : IJob
{
private static readonly log4net.ILog logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
private static bool IsSendSMSLocked = false;
private static readonly object lynLock = new object();
ADSynDataAccess asy = new ADSynDataAccess();
/// <summary>
/// 域名
///// </summary>
//private string _domain;
///// <summary>
///// 主机域IP
///// </summary>
//private string _domainIp;
///// <summary>
///// 管理员账号
///// </summary>
//private string adminUser;
///// <summary>
///// 管理员密码
///// </summary>
//private string adminPwd;
///// <summary>
///// 路径的最前端
///// </summary>
//private string _ldapIdentity;
/// <summary>
/// 路径的最后端
/// </summary>
string accountPwd = ObjConvert.ObjString(ConfigurationManager.AppSettings["AdInitPwd"]) == "" ? "abc12345!" : ObjConvert.ObjString(ConfigurationManager.AppSettings["AdInitPwd"]);
int i = ; //重复变量
private string sAMAccountName = "";
protected int AdRepeatNum = ObjConvert.ObjInt(ConfigurationManager.AppSettings["AdRepeatNum"]) == ? : ObjConvert.ObjInt(ConfigurationManager.AppSettings["AdRepeatNum"]);
string cnName = ""; public void Test() { string domain_ = row["ADName"].ToString();
string domainIp_ = row["ADUrl"].ToString();
string adminUser_ = row["ADName"].ToString() + "\\" + row["UserName"].ToString();
string adminPwd_ = row["Pwd"].ToString();
string ldapIdentity_ = "LDAP://" + domainIp_ + "/";
string houzhui_ = row["ADSur"].ToString() != "" ? row["ADSur"].ToString() : "com";
string suffixPath_ = "DC=" + domain_ + ",DC=" + houzhui_;
ADInfo ad = new ADInfo
{
adsur = houzhui_,
domain = domain_,
domainIp = domainIp_,
ldapIdentity = ldapIdentity_,
suffixPath = suffixPath_,
adminPwd = adminPwd_,
adminUser = adminUser_,
houzhui=houzhui_,
dbCon = dbString
}; RunData(dbString, ad);
} /// <summary>
/// 遍历每个 库的待同步数据
/// </summary>
/// <param name="conn"></param>
protected void RunData(string conn,ADInfo ad ) {
DataTable waitingData = asy.GetWaitingData(conn);
if (waitingData != null && waitingData.Rows.Count > ) {
string operation = "";
foreach (DataRow item in waitingData.Rows)
{
try
{
int synId = ObjConvert.ObjInt(item["Id"]);
operation = ObjConvert.ObjString(item["Operation"]);
//部门操作
if (ObjConvert.ObjString(item["SynType"]) == "")
{
string path = "", orgName = "", relateId = ObjConvert.ObjString(item["RelateID"]);
DataTable orgDatatable = asy.GetOrgById(conn, relateId); string parentOrgId = ""; string name = "";
if (orgDatatable != null && orgDatatable.Rows.Count > )
{
name = ObjConvert.ObjString(orgDatatable.Rows[]["organizationalname"]); parentOrgId = ObjConvert.ObjString(orgDatatable.Rows[]["ParentOrganizationalID"]);
}
else
{
DataTable hisTable = asy.GetHistoryOrg(conn, relateId);
if (hisTable != null && hisTable.Rows.Count > )
{
name = ObjConvert.ObjString(hisTable.Rows[]["organizationalname"]);
parentOrgId = ObjConvert.ObjString(hisTable.Rows[]["ParentOrganizationalID"]);
} } switch (operation)
{
case "Add":
//parentPath = asy.GetPathOrgId(conn, ObjConvert.ObjString(orgDatatable.Rows[0]["ParentOrganizationalID"]));
CreateOrganizeUnit(relateId, name, parentOrgId, synId, ad); break;
case "ParentChange":
//MovePath = asy.GetPathOrgId(conn, ObjConvert.ObjString(item["MergeDeleteId"]));
MoveOrganizeUnit(relateId, ObjConvert.ObjString(item["MergeDeleteId"]), synId, ad); break;
case "Update":
// string repl= oldOrgName.Split('/')[0];
orgName = "OU=" + name;
UpdateOrganizeUnit(orgName, name, relateId, synId, ad); break;
case "Merge":
string[] arrDeleteId = ObjConvert.ObjString(item["MergeDeleteId"]).Split(',');
MergeOu(arrDeleteId, ObjConvert.ObjString(item["RelateID"]), name, synId, ad);
break;
case "Disable": //禁用加+封存
orgName = "OU=" + name + "(封存)";
UpdateOrganizeUnit(orgName, name + "(封存)", relateId, synId, ad); break; } }
else
{ //人员操作
DataTable empTable = asy.GetEmpById(conn, ObjConvert.ObjInt(item["RelateID"]));
EmpInfo empDetail = new EmpInfo(); if (empTable != null && empTable.Rows.Count > )
{ string CNName = ObjConvert.ObjString(empTable.Rows[]["CNName"]);
string piyin = ObjConvert.ObjString(empTable.Rows[]["Pinyin"]);
if (string.IsNullOrEmpty(piyin))
{
piyin = ObjConvert.ObjStringToLower(PingYinHelper.ConvertToAllSpell(CNName));
}
string ADName = ObjConvert.ObjString(empTable.Rows[]["CN_ADName"]);
empDetail.emloyeeID = ObjConvert.ObjString(empTable.Rows[]["EmpCode"]);
empDetail.sAMAccountName = string.IsNullOrEmpty(ADName) ? ObjConvert.ObjStringToLower(piyin) : ObjConvert.ObjStringToLower(ADName);
empDetail.userPrincipalName = empDetail.sAMAccountName + "@" + ad.domain + "." + ad.adsur;
empDetail.employeeType = ObjConvert.ObjString(empTable.Rows[]["empTypeText"]);
empDetail.DepartmentName = ObjConvert.ObjString(empTable.Rows[]["OrganizationalName"]);
empDetail.Mail = ObjConvert.ObjString(empTable.Rows[]["Email"]);
empDetail.DisplayName = CNName;
if (CNName.Length > )
{
empDetail.Surname = CNName.Substring(, );//姓
empDetail.GivenName = CNName.Substring(, CNName.Length - );//名
}
else
{
empDetail.Surname = CNName;
}
empDetail.Department = ObjConvert.ObjString(empTable.Rows[]["OrganizationalID"]); empDetail.Oupath = GetOuDirectory(empDetail.Department, ad).Path;
//string newouName = asy.GetOrgName(conn, ObjConvert.ObjString(empTable.Rows[0]["OrganizationalID"]));
string newouName = "";
string newPath = "";
switch (operation)
{
case "Add":
i = ;
cnName = empDetail.DisplayName;
sAMAccountName = empDetail.sAMAccountName;
AddADAccount(empDetail.Oupath, empDetail, synId, ad); break;
case "Dimission":
DisableUser(empDetail.sAMAccountName, synId, ad); break;
case "Mobilize":
if (ObjConvert.ObjString(item["MergeDeleteId"]) != "")
{
newouName = asy.GetOrgName(conn, ObjConvert.ObjString(item["MergeDeleteId"]));
newPath = GetOuDirectory(ObjConvert.ObjString(item["MergeDeleteId"]), ad).Path;
}
else {
newouName = asy.GetOrgName(conn, empDetail.Department);
newPath = GetOuDirectory(empDetail.Department, ad).Path;
}
MoveUser(GetDirectoryEntryByAccount(empDetail.sAMAccountName, ad).Path, newPath, newouName, synId, ad);
break;
case "Update": UpdateUser(empDetail, synId, ad); break;
case "Rehab":
EnableUser(empDetail.sAMAccountName, synId, ad);
UpdateUser(empDetail, synId, ad);
newouName = asy.GetOrgName(conn, ObjConvert.ObjString(empTable.Rows[]["OrganizationalID"]));
MoveUser(GetDirectoryEntryByAccount(empDetail.sAMAccountName, ad).Path, empDetail.Oupath, newouName, synId, ad);
break; //重聘启用 用户 更新 并且可能移动部门
}
}
}
}
catch (Exception e) { logger.Error(e.Message); }
}
} } #region 创建OU
/// <summary>
/// 创建OUl
/// </summary>
/// <param name="adminName">管理员名称</param>
/// <param name="adminPassword">管理员密码</param>
/// <param name="name">创建的OU名称</param>
/// <param name="parentOrganizeUnit">父组织单位</param>
/// <returns>目录实体</returns>
public DirectoryEntry CreateOrganizeUnit(string OrgId,string name, string parentOrganizeUnit,int Id,ADInfo ad)
{ DirectoryEntry parentEntry = null;
try
{
string parentPath = "";
DirectoryEntry de = GetOuDirectory(parentOrganizeUnit,ad);
if (de == null)
{
parentPath = GetOrganizeNamePath("",ad);
}
else {
parentPath = de.Path;
} //示例顶级""
parentEntry = new DirectoryEntry(parentPath, ad.adminUser, ad.adminPwd,
AuthenticationTypes.Secure);
DirectoryEntry organizeEntry = parentEntry.Children.Add("OU=" + name, "organizationalUnit");
organizeEntry.Properties["postalCode"].Value = OrgId;
organizeEntry.CommitChanges();
//DomainUser._success = "组织单位添加成功!";
logger.Info("创建OU成功" + name);
asy.UpdateStatus(ad.dbCon,Id,"Success");
return organizeEntry;
}
catch (System.DirectoryServices.DirectoryServicesCOMException ex)
{
//DomainUser._failed = "添加组织单位失败!"+ex.Message.ToString();
logger.Error("创建OU失败"+name+":"+ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message);
return new DirectoryEntry();
}
finally
{
if (parentEntry != null)
{
parentEntry.Dispose();
}
}
}
#endregion #region 更改OU名称
public DirectoryEntry UpdateOrganizeUnit(string newUnit, string OUName, string oldUnit, int Id,ADInfo ad)
{
DirectoryEntry parentEntry = null;
try
{
List<DirectoryEntry> list = GetListDirectory(GetOuDirectory(oldUnit,ad).Path,ad);
if (list != null && list.Count > ) {
foreach (DirectoryEntry item in list)
{
item.Properties["department"][] = OUName;
item.CommitChanges();
item.Dispose();
}
} //示例顶级""
parentEntry = new DirectoryEntry(GetOuDirectory(oldUnit,ad).Path, ad.adminUser, ad.adminPwd,
AuthenticationTypes.Secure); parentEntry.Rename(newUnit);
parentEntry.CommitChanges();
logger.Info("更新OU成功" + OUName);
asy.UpdateStatus(ad.dbCon, Id, "Success");
return parentEntry;
}
catch (System.DirectoryServices.DirectoryServicesCOMException ex)
{
logger.Error("更改OU失败" + OUName + ":" + ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message);
return new DirectoryEntry();
}
finally
{
if (parentEntry != null)
{
parentEntry.Dispose();
}
}
}
#endregion #region 移动OU
public DirectoryEntry MoveOrganizeUnit(string oldUnit, string newparentOrganizeUnit, int Id,ADInfo ad)
{
DirectoryEntry Entry = null;
try
{
//示例顶级""
Entry = new DirectoryEntry(GetOuDirectory(oldUnit, ad).Path, ad.adminUser, ad.adminPwd,
AuthenticationTypes.Secure);
DirectoryEntry parentEntry = new DirectoryEntry(GetOuDirectory(newparentOrganizeUnit, ad).Path, ad.adminUser, ad.adminPwd,
AuthenticationTypes.Secure);
Entry.MoveTo(parentEntry);
Entry.CommitChanges();
logger.Info("更改OU父节点成功" + oldUnit);
asy.UpdateStatus(ad.dbCon, Id, "Success");
return Entry;
}
catch (System.DirectoryServices.DirectoryServicesCOMException ex)
{
logger.Error("更改OU父节点:" + oldUnit + ":" + ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message);
return new DirectoryEntry();
}
finally
{
if (Entry != null)
{
Entry.Dispose();
}
}
}
#endregion #region 合并OU
public void MergeOu(string[] deleteArr, string newUnit, string OUName,int Id,ADInfo ad)
{ //DataTable mergeEmpTable = asy.GetMergeListBySynId(ad.dbCon, Id);
try
{
if (deleteArr.Length > )
{
DirectoryEntry t = new DirectoryEntry(GetOuDirectory(newUnit, ad).Path, ad.adminUser, ad.adminPwd);
for (int i = ; i < deleteArr.Length; i++)
{ List<DirectoryEntry> list = GetListDirectory(GetOuDirectory(deleteArr[i],ad).Path,ad);
if (list != null && list.Count > )
{
//if (mergeEmpTable != null && mergeEmpTable.Rows.Count > 0)
//{
foreach (DirectoryEntry item in list)
{ string saName = ObjConvert.ObjString(item.Properties["sAMAccountName"][]);
//DataRow[] dtrows= mergeEmpTable.Select("CN_ADName='" + saName + "'");
//if (dtrows != null && dtrows.Count() > 0) { //服务逻辑是先同步部门操作,合并的时候
//可能发生 已经从这个部门调转出去了,但是服务先合并到别的部门了,所有没法后续的人员调岗操作了
//同时更改部门用户名字
item.Properties["department"][] = OUName; item.CommitChanges();
//更改OU
item.MoveTo(t); item.Dispose();
//} }
//}
} }
logger.Info("合并OU成功" + OUName);
asy.UpdateStatus(ad.dbCon, Id, "Success");
}
}
catch (Exception t)
{
logger.Error("合并异常:" + OUName + t.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", t.Message);
} }
#endregion #region 组织结构下添加AD账户
/// <summary>
/// 添加AD账户
/// </summary>
/// <param name="organizeName">组织名称</param>
/// <param name="user">域账户</param>
/// <returns>添加是否成功</returns>
public void AddADAccount(string orgPath, EmpInfo user, int Id,ADInfo ad)
{ DirectoryEntry entry = null;
try
{
if (IsExistOuPath(orgPath,ad) && user != null)
{
if (!IsAccExists(user.sAMAccountName, ad))
{
string cn = GetCnName(user.DisplayName, ad);
entry = new DirectoryEntry(orgPath, ad.adminUser, ad.adminPwd, AuthenticationTypes.Secure);
//增加账户到域中
DirectoryEntry NewUser = entry.Children.Add("CN=" + cn, "user");
NewUser.Properties["sAMAccountName"].Add(user.sAMAccountName); //account
NewUser.Properties["userPrincipalName"].Value = user.userPrincipalName; //user logon name,xxx@bdxy.com NewUser.Properties["employeeID"].Value = user.emloyeeID;
NewUser.Properties["employeeType"].Value = user.employeeType;
NewUser.Properties["Department"].Value = user.DepartmentName;
NewUser.Properties["displayName"].Value = user.DisplayName;
// NewUser.Properties["name"].Value = user.DisplayName;
//NewUser.Properties["Surname"].Value = user.Surname;
NewUser.Properties["givenName"].Value = user.GivenName;
NewUser.Properties["Sn"].Value = user.Surname;
if (user.Mail != null && user.Mail != "")
{
NewUser.Properties["mail"].Value = user.Mail;
}
NewUser.CommitChanges();
//设置密码
//反射调用修改密码的方法(注意端口号的问题 端口号会引起方法调用异常)
NewUser.Invoke("SetPassword", new object[] { accountPwd });
//默认设置新增账户启用
NewUser.Properties["userAccountControl"].Value = 0x200;
NewUser.CommitChanges();
//DomainUser._success = "账户添加成功!";
logger.Info("账户添加成功" + user.sAMAccountName);
asy.UpdateADPinyin(ad.dbCon, Id, user.sAMAccountName);
asy.UpdateStatus(ad.dbCon, Id, "Success"); }
else {
if (i <= AdRepeatNum)
{
i++;
user.sAMAccountName = sAMAccountName + "" + i.ToString();
user.userPrincipalName = sAMAccountName + "" + i + "@" + ad.domain + "." + ad.houzhui;
AddADAccount(orgPath, user, Id, ad);
}
logger.Error("创建OU重复:" + sAMAccountName + i.ToString() + "次");
} }
else
{
logger.Error("创建OU失败:在域中不存在直属组织单位" + user.sAMAccountName);
asy.UpdateStatus(ad.dbCon, Id, "Error", "在域中不存在直属组织单位"); } }
catch (Exception ex)
{
logger.Error("创建OU失败:" + sAMAccountName + ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message); }
finally
{
if (entry != null)
{
entry.Dispose();
}
}
}
#endregion public string GetCnName(string cn, ADInfo ad)
{ if (i < AdRepeatNum)
{
if (IsAccExistsCN(cn, ad))
{
cn = cnName + "" + i.ToString();
i++;
GetCnName(cn, ad); } }
return cn; } /// <summary>
/// 移动用户(调岗)
/// </summary>
/// <param name="user_path">用户Path</param>
/// <param name="target_path">目标path</param>
/// <returns></returns>
public string MoveUser(string user_path, string target_path,string OuName, int Id,ADInfo ad)
{
try
{
DirectoryEntry u = new DirectoryEntry(user_path, ad.adminUser, ad.adminPwd);
DirectoryEntry t = new DirectoryEntry(target_path, ad.adminUser, ad.adminPwd); //同时更改部门用户名字
u.Properties["department"][] = OuName;
u.CommitChanges();
//更改OU
u.MoveTo(t); u.Dispose(); logger.Info("用户调岗成功" + user_path);
asy.UpdateStatus(ad.dbCon, Id, "Success");
return u.Path;
}
catch(Exception ex){
logger.Error("用户调岗失败:" + user_path + "," + target_path + ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message);
return "";
} }
/// <summary>
/// 初始化移动 用户
/// </summary>
/// <param name="user_path"></param>
/// <param name="target_path"></param>
/// <param name="OuName"></param>
/// <param name="ad"></param>
/// <param name="empCode"></param>
/// <returns></returns>
public string MoveUser(string user_path, string target_path, string OuName, ADInfo ad,string empCode)
{
try
{
DirectoryEntry u = new DirectoryEntry(user_path, ad.adminUser, ad.adminPwd);
DirectoryEntry t = new DirectoryEntry(target_path, ad.adminUser, ad.adminPwd); //同时更改部门用户名字
u.Properties["department"].Value = OuName;
u.CommitChanges();
//更改OU
u.MoveTo(t); u.Dispose(); logger.Info("用户移动成功" + empCode +":"+ user_path);
return u.Path;
}
catch (Exception ex)
{
logger.Error("用户移动失败:" + empCode +":"+ user_path + "," + target_path + ex.Message);
return "";
} }
/// <summary>
/// 禁用指定的帐户(离职)
/// </summary>
/// <param name="de"></param>
public static void DisableUser(DirectoryEntry de)
{ //impersonate.BeginImpersonate();
de.Properties["userAccountControl"][] =
0X0200 | 0X0002;
de.CommitChanges();
//impersonate.StopImpersonate();
de.Close(); } /// <summary>
/// 禁用指定公共名称的用户
/// </summary>
/// <param name="commonName">用户公共名称</param>
public void DisableUser(string sAMacc, int Id,ADInfo ad)
{
try
{
DisableUser(GetDirectoryEntryByAccount(sAMacc,ad));
logger.Info("用户禁用成功:" + sAMacc);
asy.UpdateStatus(ad.dbCon, Id, "Success");
}
catch(Exception ex)
{
logger.Error("用户禁用失败:" + sAMacc+ ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message);
}
} /// <summary>
/// 启用指定的域账号
/// </summary>
/// <param name="sAMacc">用户的域账号名称</param>
public bool EnableUser(string sAMacc, int Id, ADInfo ad)
{
try
{
EnableUser(GetDirectoryEntryByAccount(sAMacc, ad));
logger.Info("用户启用成功:" + sAMacc);
asy.UpdateStatus(ad.dbCon, Id, "Success");
return true;
}
catch (Exception ex)
{
logger.Error("用户启用失败:" + sAMacc + ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message);
return false;
}
} /// <summary>
/// 启用指定帐户
/// </summary>
/// <param name="de"></param>
public void EnableUser(DirectoryEntry de)
{ de.Properties["userAccountControl"][] =
0X0200;
de.CommitChanges();
de.Close();
} /// <summary>
/// 更新用户 (基本信息 显示名、员工类型、姓和名)
/// </summary>
/// <param name="user"></param>
public void UpdateUser(EmpInfo user, int Id,ADInfo ad)
{ try
{
if (IsAccExists(user.sAMAccountName, ad))
{
DirectoryEntry userEntry = GetDirectoryEntryByAccount(user.sAMAccountName, ad);
//userEntry.Properties["cn"][0] = newDisplayName; userEntry.Rename("CN=" + user.DisplayName);
userEntry.Properties["displayName"][] = user.DisplayName;
// userEntry.Properties["name"][0] = user.DisplayName;
userEntry.Properties["employeeType"][] = user.employeeType;
userEntry.Properties["Sn"][] = user.Surname;//姓
userEntry.Properties["GivenName"][] = user.GivenName;//名
if (!string.IsNullOrEmpty(user.Mail)) { userEntry.Properties["Mail"][] = user.Mail;}
//userEntry.Properties["Mail"][0] = user.Mail;//邮件
// userEntry.Rename("CN=" + newDisplayName);
userEntry.CommitChanges();
userEntry.Dispose();
logger.Info("用户更新成功:" + user.sAMAccountName);
asy.UpdateStatus(ad.dbCon, Id, "Success");
} }
catch (Exception ex)
{
logger.Error("用户更新失败:" + user.sAMAccountName + ex.Message);
asy.UpdateStatus(ad.dbCon, Id, "Error", ex.Message); }
}
public void UpdateUser(EmpInfo user, ADInfo ad)
{
try
{
if (IsAccExists(user.sAMAccountName, ad))
{
DirectoryEntry userEntry = GetDirectoryEntryByAccount(user.sAMAccountName, ad);
//userEntry.Properties["cn"][0] = newDisplayName;
userEntry.Properties["displayName"].Value = user.DisplayName;
userEntry.Properties["employeeID"].Value = user.emloyeeID;
// userEntry.Properties["name"].Value = user.DisplayName;
userEntry.Properties["employeeType"].Value = user.employeeType;
userEntry.Properties["Sn"].Value = user.Surname;//姓
userEntry.Properties["GivenName"].Value = user.GivenName;//名
if (!string.IsNullOrEmpty(user.Mail)) { userEntry.Properties["Mail"].Value = user.Mail; }
// userEntry.Properties["Mail"].Value = user.Mail;//邮件
// userEntry.Rename("CN=" + newDisplayName);
userEntry.CommitChanges();
userEntry.Dispose();
logger.Info("用户更新成功:" + user.sAMAccountName);
} }
catch (Exception ex)
{
logger.Error("用户更新失败:" + user.sAMAccountName + ex.Message); }
}
/// <summary>
/// 根据用户帐号称取得用户的 对象
/// </summary>
/// <param name="sAMAccountName">用户帐号名</param>
/// <returns>如果找到该用户,则返回用户的 对象;否则返回 null</returns>
public DirectoryEntry GetDirectoryEntryByAccount(string sAMAccountName,ADInfo ad)
{
DirectoryEntry de = GetDirectoryObject(ad);
DirectorySearcher deSearch = new DirectorySearcher(de); // DirectoryEntry de = new DirectoryEntry(path, adminUser, adminPwd, AuthenticationTypes.Secure);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
de = new DirectoryEntry(result.Path, ad.adminUser, ad.adminPwd);
return de;
}
catch (Exception ex)
{
return null;
}
} /// <summary>
/// 根据用户帐号称取得用户的 对象
/// </summary>
/// <param name="sAMAccountName">用户帐号名</param>
/// <returns>如果找到该用户,则返回用户的 对象;否则返回 null</returns>
public string GetDirectoryPathEntryByAccount(string sAMAccountName, ADInfo ad)
{
DirectoryEntry de = GetDirectoryObject(ad);
DirectorySearcher deSearch = new DirectorySearcher(de);
string path="";
// DirectoryEntry de = new DirectoryEntry(path, adminUser, adminPwd, AuthenticationTypes.Secure);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" + sAMAccountName + "))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult result = deSearch.FindOne();
if (result != null)
{
de = new DirectoryEntry(result.Path, ad.adminUser, ad.adminPwd);
path = de.Path;
}
return path;
}
catch (Exception ex)
{
return "";
}
} /// <summary>
/// 根据ou 路径 取得ou下所有用户
/// </summary>
/// <param name="sAMAccountName">用户帐号名</param>
/// <returns>如果找到该用户,则返回用户的 对象;否则返回 null</returns>
public List<DirectoryEntry> GetListDirectory(string path,ADInfo ad)
{
List<DirectoryEntry> lis = new List<DirectoryEntry>(); DirectoryEntry de = GetDirectoryObject(path, ad);
DirectorySearcher deSearch = new DirectorySearcher(de); deSearch.Filter = "(&(objectCategory=person)(cn=*))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResultCollection resultList = deSearch.FindAll();
if (resultList != null && resultList.Count>)
foreach (SearchResult item in resultList)
{
de = new DirectoryEntry(item.Path, ad.adminUser, ad.adminPwd);
lis.Add(de);
} return lis;
}
catch (Exception ex)
{
return null;
}
} /// <summary>
///
/// </summary>
/// <param name="path"></param>
/// <returns></returns>
public DirectoryEntry GetOuDirectory(string attribute,ADInfo ad)
{
DirectoryEntry ret = new DirectoryEntry();
DirectoryEntry de = GetDirectoryObject(ad);
DirectorySearcher deSearch = new DirectorySearcher(de); deSearch.Filter = "(&(objectCategory=organizationalUnit)(postalCode=" + attribute + "))";
deSearch.SearchScope = SearchScope.Subtree;
try
{
SearchResult resultList = deSearch.FindOne();
ret = new DirectoryEntry(resultList.Path, ad.adminUser, ad.adminPwd);
return ret;
}
catch (Exception ex)
{
return null;
}
} #region 判断域中是否存在组织单位
/// <summary>
/// 判断域中是否存在组织单位
/// </summary>
/// <param name="organizeName">组织单位名</param>
/// <returns></returns>
private bool ExitOU(string organizeName,ADInfo ad)
{
DirectoryEntry rootUser = null;
DirectoryEntry ouFind = null;
if (string.IsNullOrEmpty(organizeName))
{
return true;
}
else
{
//分解路径
string[] allOu = organizeName.Split(new char[] { '/' });
//获取直属部门
string OUName = allOu[].ToString();
try
{
string path = GetOrganizeNamePath(organizeName, ad);
rootUser = new DirectoryEntry(path, ad.adminUser, ad.adminPwd, AuthenticationTypes.Secure);
ouFind = rootUser.Parent.Children.Find("OU=" + OUName);
if (ouFind != null)
{
return true;
}
return false;
}
catch (Exception ex)
{
//DomainUser._failed = ex.Message.ToString() + "在域中不存在组织单位“" + OUName + "”";
return false;
}
}
}
/// <summary>
/// 是否村在OU路径
/// </summary>
/// <param name="path"></param>
/// <returns></returns>
public bool IsExistOuPath(string path,ADInfo ad) {
DirectoryEntry rootUser = null;
DirectoryEntry ouFind = null;
rootUser = new DirectoryEntry(path, ad.adminUser, ad.adminPwd, AuthenticationTypes.Secure); if (rootUser != null)
{
return true;
}
return false;
}
#endregion #region 获取组织名称路径
/// <summary>
/// 获取组织名称路径
/// </summary>
/// <param name="organizeUnit">组织</param>
/// <returns></returns>
public string GetOrganizeNamePath(string organizeUnit,ADInfo ad, string userName = null)
{
StringBuilder sb = new StringBuilder();
sb.Append(ad.ldapIdentity);
return sb.Append(SplitOrganizeNameToDN(organizeUnit, ad,userName)).ToString();
}
#endregion #region 分隔组织名称为标准AD的DN名称
/// <summary>
/// 分隔组织名称为标准AD的DN名称,各个组织级别以"/"或"\"分开。如"总部/物业公司/小区",并且当前域为
/// bdxy.com,则返回的AD的DN表示名为"OU=小区,OU=物业公司,OU=总部,DC=bdxy,DC=com"。
/// </summary>
/// <param name="organizeName">组织名称</param>
/// <returns>返回一个级别</returns>
public string SplitOrganizeNameToDN(string organizeName, ADInfo ad, string userName = null)
{
StringBuilder sb = new StringBuilder(); if (userName != null)
{
sb.Append("CN=" + userName); }
if (organizeName != null && organizeName.Length > )
{
string[] allOu = organizeName.Split(new char[] { '/', '\\' });
for (int i = ; i <= allOu.Length - ; i++)
{
string ou = allOu[i];
if (sb.Length > )
{
sb.Append(",");
}
sb.Append("OU=").Append(ou);
}
}
//如果传入了组织名称,则添加,
if (sb.Length > )
{
sb.Append(",");
}
sb.Append(ad.suffixPath);
return sb.ToString(); }
#endregion #region GetDirectoryObject /// <summary>
/// 获得DirectoryEntry对象实例,以管理员登陆AD
/// </summary>
/// <returns></returns>
private DirectoryEntry GetDirectoryObject(ADInfo ad)
{
DirectoryEntry entry = new DirectoryEntry(ad.ldapIdentity+ad.suffixPath, ad.adminUser, ad.adminPwd, AuthenticationTypes.Secure);
return entry;
} /// <summary>
/// 根据指定用户名和密码获得相应DirectoryEntry实体
/// </summary>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <returns></returns>
//private DirectoryEntry GetDirectoryObject(string userName, string password)
//{
// DirectoryEntry entry = new DirectoryEntry(_ldapIdentity,
// userName, password, AuthenticationTypes.None);
// return entry;
//} /// <summary>
/// i.e. /CN=Users,DC=creditsights, DC=cyberelves, DC=Com
/// </summary>
/// <param name="domainReference"></param>
/// <returns></returns>
private DirectoryEntry GetDirectoryObject(string domainReference,ADInfo ad)
{
DirectoryEntry entry = new DirectoryEntry(domainReference, ad.adminUser, ad.adminPwd,
AuthenticationTypes.Secure);
return entry;
} /// <summary>
/// 获得以UserName,Password创建的DirectoryEntry
/// </summary>
/// <param name="domainReference"></param>
/// <param name="userName"></param>
/// <param name="password"></param>
/// <returns></returns>
//private DirectoryEntry GetDirectoryObject(string domainReference,
// string userName, string password)
//{
// DirectoryEntry entry = new DirectoryEntry(_ldapIdentity + domainReference,
// userName, password, AuthenticationTypes.Secure);
// return entry;
//} #endregion /// <summary>
/// 判断帐户是否存在
/// </summary>
/// <param name="commonName">Account用户名</param>
/// <returns>是否存在</returns>
public bool IsAccExists(string sAMAccountName, ADInfo ad)
{
DirectoryEntry de = GetDirectoryObject(ad);
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(sAMAccountName=" +
sAMAccountName + "))"; // LDAP 查询串
SearchResultCollection results = deSearch.FindAll();
if (results.Count == )
return false;
else
return true;
} public bool IsAccExistsCN(string sAMAccountName, ADInfo ad)
{
DirectoryEntry de = GetDirectoryObject(ad);
DirectorySearcher deSearch = new DirectorySearcher(de);
deSearch.Filter = "(&(&(objectCategory=person)(objectClass=user))(CN=" +
sAMAccountName + "))"; // LDAP 查询串
SearchResultCollection results = deSearch.FindAll();
if (results.Count == )
return false;
else
return true;
}
} public class DomainUser
{
public string UserName { get; set; }
public string UserPrincipalName { get; set; }
public string UserId { get; set; }
public string PhysicalDeliveryOfficeName { get; set; }
public string Department { get; set; }
public string Telephone { get; set; }
public string Email { get; set; }
public string Description { get; set; }
public string UserPwd { get; set; }
} public class EmpInfo {
public string emloyeeID { get; set; }
public string sAMAccountName { get; set; }
public string userPrincipalName { get; set; }
public string employeeType { get; set; }
public string DepartmentName { get; set; }
public string Mail { get; set; }
public string DisplayName { get; set; }
public string Surname { get; set; }
public string GivenName { get; set; }
public string Department { get; set; }
public string Oupath { get; set; }
} public class ADInfo{ public string domain { get; set; }
public string domainIp { get; set; }
public string adminUser { get; set; }
public string adminPwd { get; set; }
public string ldapIdentity { get; set; }
public string suffixPath { get; set; }
public string adsur { get; set; }
public string houzhui { get; set; }
public string dbCon { get; set; }
} public class PingYinHelper
{
private static Encoding gb2312 = Encoding.GetEncoding("GB2312"); /// <summary>
/// 汉字转全拼
/// </summary>
/// <param name="strChinese"></param>
/// <returns></returns>
public static string ConvertToAllSpell(string strChinese)
{
try
{
if (strChinese.Length != )
{
StringBuilder fullSpell = new StringBuilder();
for (int i = ; i < strChinese.Length; i++)
{
var chr = strChinese[i];
fullSpell.Append(GetSpell(chr));
} return fullSpell.ToString().ToUpper();
}
}
catch (Exception e)
{
Console.WriteLine("全拼转化出错!" + e.Message);
} return string.Empty;
} /// <summary>
/// 汉字转首字母
/// </summary>
/// <param name="strChinese"></param>
/// <returns></returns>
public static string GetFirstSpell(string strChinese)
{
//NPinyin.Pinyin.GetInitials(strChinese) 有Bug 洺无法识别
//return NPinyin.Pinyin.GetInitials(strChinese); try
{
if (strChinese.Length != )
{
StringBuilder fullSpell = new StringBuilder();
for (int i = ; i < strChinese.Length; i++)
{
var chr = strChinese[i];
fullSpell.Append(GetSpell(chr)[]);
} return fullSpell.ToString().ToUpper();
}
}
catch (Exception e)
{
Console.WriteLine("首字母转化出错!" + e.Message);
} return string.Empty;
} private static string GetSpell(char chr)
{
var coverchr = NPinyin.Pinyin.GetPinyin(chr); bool isChineses = ChineseChar.IsValidChar(coverchr[]);
if (isChineses)
{
ChineseChar chineseChar = new ChineseChar(coverchr[]);
foreach (string value in chineseChar.Pinyins)
{
if (!string.IsNullOrEmpty(value))
{
return value.Remove(value.Length - , );
}
}
} return coverchr; }
}
}

通过Ldap实现人事系统组织人事和AD的同步的更多相关文章

  1. linux/windows系统oracle数据库简单冷备同步

    linux/windows系统oracle数据库简单冷备同步 我们有一个财务系统比较看重财务数据的安全性,同时我们拥有两套系统,一个生产环境(linux),一个应急备份环境(windows).备份环境 ...

  2. ftp客户端自动同步 Windows系统简单操作ftp客户端自动同步

    服务器管理工具它是一款功能强大的服务器集成管理器,包含win系统和linux系统的批量连接,vnc客户端,ftp客户端等等实用功能.我们可以使用这款软件的ftp客户端定时上传下载的功能来进实现ftp客 ...

  3. AJAX+jQuery+ASP实现实时验证身份证信息是否已存在---人事系统

    很多时候在网站上注册时,我们会发现,注册表单通常需要检查用户名和电子邮件地址的可用性:从而确保用户之间不拥有相同的用户名和电子邮件地址:一些网站喜欢在用户提交填写的用户信息时,做信息可用性的检查,而一 ...

  4. 被公司的垃圾XG人事系统吓尿了

    OA要尝试设置单点登录,拿现有的HR系统尝试,结果不知道HR系统的加密方式和验证地址,于是乎找HR厂商——厦门XG软件实施人员.结果那个技术人员支支吾吾不肯给我,搞得非常的烦. 真奇怪了,不开源的软件 ...

  5. OA系统开发人事模块关于请假跨月的处理

    前言:其实对于跨月的数据单独处理是不难的,但是对于后台显示页面,肯定不是单纯拼接一个where条件的,因此在我的项目也是如此,并不能够用普遍的方法来处理,此时就想尽量用简单的方法来处理跨月数据的准确性 ...

  6. 基于PySpark的网络服务异常检测系统 (四) Mysql与SparkSQL对接同步数据 kmeans算法计算预测异常

    基于Django Restframework和Spark的异常检测系统,数据库为MySQL.Redis, 消息队列为Celery,分析服务为Spark SQL和Spark Mllib,使用kmeans ...

  7. 使用Novell.Directory.Ldap.NETStandard在.NET Core中验证AD域账号

    Novell.Directory.Ldap.NETStandard是一个在.NET Core中,既支持Windows平台,又支持Linux平台,进行Windows AD域操作的Nuget包. 首先我们 ...

  8. linux系统时间与网络时间不同步

    在解决问题之前,我们首先来了解下面几个知识点: 1. date命令: #date 显示系统时间 2.hwclock命令   (即hardwareclock系统硬件时间) #hwclock 显示硬件时间 ...

  9. CentOS7系统时间和硬件时间不同步问题

    CentOS7系统中有两个时间:系统时间 和 硬件时间 我们常用命令 date 会输出系统时间,用 date 命令修改的也是系统时间 硬件时间是写入到 BIOS 中的时间,用 hwclock -r 命 ...

随机推荐

  1. 适用于Centos6/7,vsftp自动安装脚本

    #!/bin/bash #vsftp install . /etc/rc.d/init.d/functions NUM=`rpm -q centos-release | awk -F '-' '{pr ...

  2. shell $x的含义

    linux中shell变量$#,$@,$0,$1,$2的含义解释: 变量说明: $$ Shell本身的PID(ProcessID) $! Shell最后运行的后台Process的PID $? 最后运行 ...

  3. dos2unix的使用

    由于在DOS(windows系统)下,文本文件的换行符为CRLF,而在Linux下换行符为LF,使用git进行代码管理时,git会自动进行CRLF和LF之间的转换,这个我们不用操心.而有时候,我们需要 ...

  4. docker部署zabbix

    我相信大家都已经会再物理机上跑zabbix并且监控了,那么有没有想过在docker中跑zabbix?下面咱们来看看如何在docker中搭建zabbix并且监控 部署环境 2台物理机机器: zabbix ...

  5. linux突然不能上网,eth0网卡消失

    情况:之前可以正常浏览网页,没有动其它的地方,浏览器突然不能上网 ifconfig # 发现eth0网卡不见了,只有lo卡 ifconfig -a # 发现了eth0,但是没有IP地址 dhclien ...

  6. Android程序员事件分发机制学习笔记

    通过问题来学习一个东西是很好的方法.学习Android中View的事件体系,我也通过给自己提问题,在解决问题的同时也就知道了其中原理. 首先来几个问题起步: 什么是事件?什么是事件分发机制? 在我们通 ...

  7. json转dataframe格式

    方法1:利用pandas自带的read_json直接解析字符串 方法2:利用json的loads和pandas的json_normalize进行解析 方法3:利用json的loads和pandas的D ...

  8. .Net反射-TypeDescriptor

    .Net中提供了两种方式访问类型的元数据:System.Reflection命名空间中提供的反射API和TypeDescriptor类.反射适用于所有类型的常规机制,它为类型返回的信息是不可扩展的,因 ...

  9. Python 的AES加密与解密

    AES加密方式有五种:ECB, CBC, CTR, CFB, OFB 从安全性角度推荐CBC加密方法,本文介绍了CBC,ECB两种加密方法的python实现 python 在 Windows下使用AE ...

  10. 【JZOJ6239】【20190629】智慧树

    题目 一颗\(n\)个节点的树,每个点有一个权值\(a_i\) 询问树上连通块权值之和对 \(m\) 取模为$ x $ 的方案数 答案对\(950009857\) 取模,满足\(m | 9500098 ...