windows server 2008 - 创建域和本机用户
/*
* =====================================================================================
* Filename: userGroup.cpp
* Description: add user
* Created: 2014年11月22日15:27:18
* Author: wzy
*
* lpServerName: 传入参数, 域名, 不带双反斜杠
* lpUserName: 传入参数, 用户, 以杠零结束的字符串
* lpUserPwd: 传入参数, 密码, 以杠零结束的字符串
* other:
* =====================================================================================
*/
CREATE_RETURN_RES createNewUser(LPTSTR lpServerName, LPTSTR lpUserName, LPTSTR lpUserPwd, BOOL bAdmin)
{
WriteLog("createNewUser: domain is %s, username is %s, userpwd is %s\n", WideCharToChar(lpServerName), WideCharToChar(lpUserName), WideCharToChar(lpUserPwd));
USER_INFO_4 ui = {};
DWORD dwLevel = ;
DWORD dwError = ;
LPBYTE lpBuf = NULL;
LPTSTR pwServerName = NULL;
NET_API_STATUS nStatus;
int err = ; CREATE_RETURN_RES cRes = e_CREATE_FAILED; do
{ if (NULL == lpUserName)
{
break ;
} DWORD dwLen = _tcslen(lpServerName); TCHAR buffer[] = {};
DWORD dwSize = sizeof(buffer);
GetComputerNameEx(ComputerNameDnsDomain, buffer, &dwSize);// buffer本机所属域名 CString str;
str.SetString(buffer); TCHAR chServerName[] = _T("\\\\");
pwServerName = lstrcat(chServerName, str.GetBuffer()); do
{
if ( == _tcscmp(lpServerName, _T("NULL")) || (NULL == lpServerName))
{
pwServerName = NULL;
lpServerName = NULL;
WriteLog("域名字段填的为无,将创建本地用户\n");
break ;
} if (FALSE == IsDomainUser()) // 本地计算机名 == 本机所属域名
{
pwServerName = NULL;
WriteLog("本机不在域中,无法创建域用户,将创建本地用户\n");
break ;
}
else // 在域中
{
if ( != _tcscmp((buffer), lpServerName)) // 判断用户输入的域名是否合法
{
WriteLog("用户所输入的域名和本机所在的域不一致,将创建本地用户. 本机所属域名=%s, 用户输入的域名=%s\n", WideCharToChar(buffer), WideCharToChar(lpServerName));
break;
}
}
} while (); ui.usri4_name = lpUserName;
ui.usri4_password = lpUserPwd;
ui.usri4_priv = USER_PRIV_USER;
ui.usri4_home_dir = NULL;
ui.usri4_comment = NULL;
ui.usri4_full_name = lpUserName;
ui.usri4_flags = UF_SCRIPT;
ui.usri4_profile = NULL; nStatus = NetUserGetInfo(lpServerName, ui.usri4_name, , (LPBYTE *)&lpBuf); //If this parameter1 is NULL, then the local computer is used
DWORD asdf = nStatus; if (ERROR_ACCESS_DENIED == nStatus)
{
MessageBox(NULL,_T("访问拒绝"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_ACCESS_DENIED;
break ;
}
else if (ERROR_BAD_NETPATH == nStatus)
{
MessageBox(NULL,_T("网络路径不可用"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_BAD_NETPATH;
break ;
}
else if (ERROR_INVALID_LEVEL == nStatus)
{
MessageBox(NULL,_T("无效的级别"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_INVALID_LEVEL;
break ;
}
else if (NERR_InvalidComputer == nStatus)
{
MessageBox(NULL,_T("无效的电脑"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_InvalidComputer;
break ;
}
else if (NERR_Success == nStatus) // 已存在
{ MessageBox(NULL,_T("用户已存在,请重新输入用户名"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_USER_EXIST;
break ;
}
else if (NERR_UserNotFound == nStatus) // 不存在,创建
{
ui.usri4_primary_group_id = DOMAIN_GROUP_RID_USERS;
ui.usri4_flags = UF_DONT_EXPIRE_PASSWD;
ui.usri4_acct_expires = TIMEQ_FOREVER;
//ui.usri4_priv = USER_PRIV_USER;
ui.usri4_priv = USER_PRIV_ADMIN;
ui.usri4_logon_hours = NULL;
ui.usri4_script_path = NULL; //int n = NetUserSetInfo(lpServerName, lpUserName, 4, (LPBYTE)&ui, &dwError); nStatus = NetUserAdd(lpServerName, dwLevel, (LPBYTE)&ui, &dwError);//If this parameter1 is NULL, then the local computer is used TakeOwnshipOfDiretory(ui.usri4_home_dir, ui.usri4_name, pwServerName); if (NERR_Success == nStatus)// 创建成功,移入User和Remote Desktop Users组
{
cRes = e_CREATE_SUCCESS; if (!SetUserToUserGroup(pwServerName, ui.usri4_name, bAdmin))
{
ui.usri4_flags |= UF_DONT_EXPIRE_PASSWD;
break;
}
}
else if (NERR_Success != nStatus) // 创建失败
{
if (NERR_UserNotInGroup == nStatus)
{ }
if(NERR_PasswordTooShort == nStatus)
{
MessageBox(NULL,_T("Password Not Match Policy"),_T("错误"),MB_OK|MB_ICONERROR);
WriteLog("Crate Failed Because PasswordTooShort, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
cRes = e_CREATE_PasswordTooShort;
break ;
}
else if (NERR_UserNotInGroup == nStatus)
{
MessageBox(NULL,_T("UserNotInGroup"),_T("错误"),MB_OK|MB_ICONERROR);
WriteLog("Crate Failed Because UserNotInGroup, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
cRes = e_CREATE_UserNotInGroup;
break ;
}
else if (NERR_UserExists == nStatus)
{
MessageBox(NULL,_T("UserExists"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_USER_EXIST;
break ;
} else if(NERR_GroupExists == nStatus)
{
MessageBox(NULL,_T("GroupExists"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_GroupExists;
}
else if (NERR_NotPrimary == nStatus)
{
MessageBox(NULL,_T("NotPrimary"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_NotPrimary;
break ;
}
else if (NERR_InvalidComputer == nStatus)
{
MessageBox(NULL,_T("InvalidComputer"),_T("错误"),MB_OK|MB_ICONERROR);
cRes = e_CREATE_InvalidComputer;
break ;
}
else if (ERROR_ACCESS_DENIED == nStatus)
{
MessageBox(NULL,_T("ACCESS_DENIED"),_T("错误"),MB_OK|MB_ICONERROR);
WriteLog("Crate Failed, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
cRes = e_CREATE_ACCESS_DENIED;
break ;
}
else
{
MessageBox(NULL,_T("创建用户失败"),_T("错误"),MB_OK|MB_ICONERROR);
WriteLog("Crate Failed Because PasswordTooShort, domain is %s, username is %s, pwd is %s, GetLastError() = %s, NetUserAdd Return %d\n", WideCharToChar(lpServerName), WideCharToChar(ui.usri4_name), WideCharToChar(ui.usri4_password), GetLastError(), nStatus);
err = GetLastError();
cRes = e_CREATE_FAILED;
break ;
}
} // endif
}
else
{
break ;
} } while (); if (NULL != ui.usri4_name)
{
ui.usri4_name = NULL;
}
if (NULL != ui.usri4_password)
{
ui.usri4_password = NULL;
}
if (NULL != ui.usri4_home_dir)
{
ui.usri4_home_dir = NULL;
}
if(NULL != ui.usri4_comment)
{
ui.usri4_comment = NULL;
}
if (NULL != ui.usri4_full_name)
{
ui.usri4_full_name = NULL;
}
if (NULL != ui.usri4_profile)
{
ui.usri4_profile = NULL;
}
if (NULL != ui.usri4_script_path)
{
ui.usri4_script_path = NULL;
} return cRes;
}
BOOL IsDomainUser()
{
TCHAR *pDomainName = NULL;
DWORD dwDomainNameSize = ; TCHAR compName[] = {};
DWORD dwCompNameLen = ;
do
{
//Minimum supported client: Windows Vista
//Minimum supported server: Windows Server 2003
BOOL bRes = WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE,WTS_CURRENT_SESSION,WTSDomainName,&pDomainName,&dwDomainNameSize);
if (bRes == FALSE)
{
return FALSE;
}
GetComputerName(compName, &dwCompNameLen);
int ret = lstrcmpi(pDomainName,compName);
WTSFreeMemory(pDomainName); if ( != ret)
{
return TRUE; // 域名 != 计算机名, 在域中
} } while (); return FALSE; // 域名 == 计算机名, 不在域中
}
BOOL TakeOwnshipOfDiretory(wchar_t *pwDir,wchar_t *pwUserName,wchar_t *pwServerName)
{
USER_INFO_4 *pUserInfo4 = NULL;
DWORD nStatus;
BOOL bRet = FALSE;
PSID pSIDAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = SECURITY_NT_AUTHORITY;
EXPLICIT_ACCESS ea[] = {};
PACL pACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL; do
{
nStatus = NetUserGetInfo(pwServerName, pwUserName, , (LPBYTE *)&pUserInfo4);
if(NERR_Success != nStatus)
{
printf("NetUserGetInfo failed\n");
break;
}
nStatus = GetNamedSecurityInfoW(pwDir, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD);
if(NERR_Success != nStatus)
{
printf("GetNamedSecurityInfo Failed\n");
break;
}
if(FALSE == SetSecurityDescriptorControl(pSD, SE_DACL_PROTECTED, SE_DACL_PROTECTED))
{
printf("SetSecurityDescriptorControl failed\n");
break;
}
if(FALSE == SetFileSecurityW(pwDir, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, pSD))
{
printf("SetFileSecurity failed\n");
break;
}
if(FALSE == AllocateAndInitializeSid(&SIDAuthNT, , SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, , , , , , , &pSIDAdmin))
{
printf("AllocataAndInitializeSid failed\n");
break;
} ea[].grfAccessPermissions = SPECIFIC_RIGHTS_ALL|STANDARD_RIGHTS_ALL;
ea[].grfAccessMode = GRANT_ACCESS;
ea[].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[].Trustee.TrusteeType = TRUSTEE_IS_USER;
ea[].Trustee.ptstrName = (LPTSTR)pUserInfo4->usri4_user_sid; // Set full control for Administrators.
ea[].grfAccessPermissions = SPECIFIC_RIGHTS_ALL|STANDARD_RIGHTS_ALL;
ea[].grfAccessMode = GRANT_ACCESS;
ea[].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
ea[].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[].Trustee.ptstrName = (LPTSTR)pSIDAdmin; if(NERR_Success != SetEntriesInAcl(, ea, NULL, &pACL))
{
printf("set entriesInAcl failed\n");
break;
}
if(NERR_Success != SetNamedSecurityInfoW(pwDir,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION, NULL, pSIDAdmin,pACL,NULL))
{
printf("SetNamedSecurityInfo FAILED\n");
break;
}
bRet =TRUE; } while (); if(NULL != pUserInfo4)
{
NetApiBufferFree(pUserInfo4);
}
if(NULL != pSD)
{
LocalFree(pSD);
}
if(NULL == pSIDAdmin)
{
FreeSid(pSIDAdmin);
}
if(NULL != pACL)
{
LocalFree(pACL);
} return bRet;
} // lpServerName 是带双斜杠的域名
BOOL SetUserToUserGroup(LPTSTR lpServerName,LPTSTR lpUserName, BOOL bAdmin)
{
NET_API_STATUS netStatus;
BOOL bOK = FALSE; do
{
LOCALGROUP_MEMBERS_INFO_3 LGMInfo;
LGMInfo.lgrmi3_domainandname = lpUserName; netStatus = NetLocalGroupAddMembers(lpServerName, _T("Users"), ,(LPBYTE)&LGMInfo, );
if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus)
{
TCHAR chErr[] = {};
wsprintf(chErr,_T("%s Users %s,%d"),_T("加入"), _T("失败"),GetLastError());
MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR);
break;
} netStatus = NetLocalGroupAddMembers(lpServerName,_T("Remote Desktop Users"), , (LPBYTE)&LGMInfo, );
if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus)
{
TCHAR chErr[] = {};
wsprintf(chErr,_T("%s Remote Desktop Users %s,%d"),_T("加入"), _T("失败"),GetLastError());
MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR);
break;
} if (bAdmin)
{
netStatus = NetLocalGroupAddMembers(NULL,L"Administrators",,(LPBYTE)&LGMInfo,);
if (NERR_Success != netStatus && ERROR_MEMBER_IN_ALIAS != netStatus)
{
TCHAR chErr[] = {};
wsprintf(chErr,_T("%s Administrators s%s,%d"),_T("加入"), _T("失败"),GetLastError());
MessageBox(NULL,chErr,_T("错误"),MB_OK|MB_ICONERROR);
break;
}
}
bOK = TRUE; } while (); return bOK;
}
windows server 2008 - 创建域和本机用户的更多相关文章
- Windows Server 2008创建域环境
介绍一下域环境搭建,域主要用于中大型企业,小型企业计算机数量不多,而中大型企业计算机比较多,使用域可以方便管理,安全性也比在工作组中安全 1.安装完操作系统默认都属于WORKGROUP工作组. 2.安 ...
- Windows Server 2008搭建域控制器《转载51CTO.com》
Windows Server 2008搭建域控制器 引入 在小型网络中,管理员通常独立管理每一台计算机,如最为常用的用户管理.但当网络规模扩大到一定程度后,如超过 10 台计算机,而每台计算机上有 1 ...
- Windows Server 2008 R2域控组策略设置禁用USB
问题: Windows Server 2008 R2域控服务器如何禁用客户端使用USB移动存储(客户端操作系统需要 Windows Vista以上的操作系统,XP以下的操作系统不能禁用USB移动存储) ...
- windows server 2008 R2域中的DC部署 分类: AD域 Windows服务 2015-06-06 21:09 68人阅读 评论(0) 收藏
整个晚上脑子都有点呆滞,想起申请注册好的博客还从来都不曾打理,上来添添生机.从哪里讲起呢,去年有那么一段时间整个人就陷在域里拔不出来,于是整理了一些文档,害怕自己糊里糊涂的脑子将这些东西会在一觉醒来全 ...
- Windows Server 2008搭建域控制器
前言 1.为什么要建域 工作组的分散管理模式不适合大型的网络环境下工作,域模式就是针对大型的网络管理需求设计的,就是共享用户账号,计算机账号和安全策略的计算机集合.域中集中存储用户账号的计算机就是域控 ...
- Windows Server 2008 R2 域控制器部署指南
一.域控制器安装步骤: 1.装 Windows Server 2008 R2并配置计算机名称和IP地址(见 附录一) 2.点击“开始”,在“搜索程序和文件”中输入Dcpromo.exe后按回车键: 3 ...
- (转)Windows Server 2008 R2 域控制器部署指南
转自:https://technet.microsoft.com/zh-cn/cloud/gg462955.aspx 一.域控制器安装步骤: 1.装 Windows Server 2008 R2并配置 ...
- windows server 2008 远程桌面(授权、普通用户登录)~ .
大家好,因公司上ERP系统,用户端需要远程到服务器,但大家都知道微软默认只有2个,所以没有办法达到我公司的要求. 在网上找了很久也没有找到合适的文章,要不就这里说一点,那里说一点,没有一个全的,还有很 ...
- Windows Server 2008防火墙问题及Sql Server2005用户登录问题
一.Windows Server 2008防火墙问题 1. 问题: 1.在 Windows 安全中心中单击“立即打开”以打开 Windows 防火墙时,会收到以下错误消息:安全中心无法打开 Wind ...
随机推荐
- SparkContext源码阅读
SparkContext是spark的入口,通过它来连接集群.创建RDD.广播变量等等. class SparkContext(config: SparkConf) extends Logging w ...
- emacs使用 simple-httpd和impatient-mode插件实现livereload
现在用emacs写前段,自然想实现那种,编辑器里编辑,然后浏览器端页面自己刷新 使用 simple-httpd 和impatient-mode 两个插件,可以实现, 按照文档安装好使用就可以,我没找到 ...
- php源码之计算两个文件的相对路径
<?php //计算出两个文件的相对路径即path2相对于$path1的相对路径 // http://www.manongjc.com/article/1342.html function ge ...
- ThinkPHP的路由形式
首先解释一下,这里路由的意思是:系统从URL参数中分析出当前请求的分组.控制器.操作 .另外我的网址根目录是放在article目录下的,Thinkphp主要有下面几种路由形式 1.pathinfo路径 ...
- sql语句Group By用法-转载
sql语句Group By用法一则 2007-10-25 12:00 sql语句Group By用法一则 如果我们的需求变成是要算出每一间店 (store_name) 的营业额 (sales),那怎么 ...
- MyBatis关联查询,表字段相同,resultMap映射问题的解决办法
问题描述:在使用mybatis进行多表联合查询时,如果两张表中的字段名称形同,会出现无法正常映射的问题. 问题解决办法:在查询时,给重复的字段 起别名,然后在resultMap中使用别名进行映射. 给 ...
- Java基础以及与C++的一些对比
这两天回忆一些Java基础,感觉自己很多地方都不是很牢固,也花费在不少时间和不少流量在手机上查资料. 还是写下来这些东西以免再忘记. 同时还是要记住多动手,编程最重要的就是动手敲啊,有想法有疑问就要自 ...
- 一段防盗连的PHP代码
$ADMIN[defaulturl] = http://www.163.com/404.htm; //盗链返回的地址 $okaysites = array("http://www.163 ...
- QT报错Error processing
执行命令:qmake modbus_ups_mlrl.pro modbus_ups_mlrl.pro文件内容: TEMPLATE = vclib CONFIG +=qt debug thread QT ...
- C++/MFC如何启动另一个应用程序并获取其进程 ID
ShellExecute( hWnd: HWND; {指定父窗口句柄} Operation: PChar; {指定动作, 譬如: open.runas.print.edit.explore.find[ ...