Update user info in AD [closed]

2019-07-18 13:40发布

站内问答 / 后端开发
389 1 4

I have posted a question before, but may be I am not clearly described my problem, therefore I re-rewrite my question, hoping everyone may understand it.

In my Windows server, there are around 1500 users, the user info in Active Directory is not correct and needs to be updated. The e-mail field should be updated, for example, the current email is tom.chan@email.com, I want to change it to "user name" + email.com

For example:

  1. tom.chan@email.com ==> user1@email.com ;
  2. amy.yuen@email.com ==> user2@email.com ;
  3. jacky.hung@email.com ==> user3@email.com

Could anyone can help to give advice? Thank you in advance.

1条回答
劳资没心,怎么记你
2楼-- · 2019-07-18 14:25

You can use a PrincipalSearcher and a "query-by-example" principal to do your searching:

// create your domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
    // define a "query-by-example" principal - here, we search for a UserPrincipal 
    // with last name (Surname) that starts with "A"
    UserPrincipal qbeUser = new UserPrincipal(ctx);
    qbeUser.Surname = "A*";

    // create your principal searcher passing in the QBE principal    
    using (PrincipalSearcher srch = new PrincipalSearcher(qbeUser))
    {
       // find all matches
       foreach(var found in srch.FindAll())
       {
           // now here you need to do the update - I'm not sure exactly *WHICH*
           // attribute you mean by "username" - just debug into this code and see
           // for yourself which AD attribute you want to use
           UserPrincipal foundUser = found as UserPrincipal;

           if(foundUser != null)
           {
              string newEmail = foundUser.SamAccountName + "@email.com";
              foundUser.EmailAddress = newEmail;
              foundUser.Save();
           }
       }
    }
}

Using this approach, you could loop over your users and update them all - again: I'm not entirely sure I understand what you want to use as your new e-mail address..... so maybe you need to adapt this to your needs.

Also: I would recommend not doing this to your entire user base at once! Run it in groups, e.g. by OU, or by initial letter of last name or something - don't do a mass update of all 1500 users at once - break it down into manageable pieces.

If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement. Or see the MSDN documentation on the System.DirectoryServices.AccountManagement namespace.

Of course, depending on your need, you might want to specify other properties on that "query-by-example" user principal you create:

  • DisplayName (typically: first name + space + last name)
  • SAM Account Name - your Windows/AD account name
  • User Principal Name - your "username@yourcompany.com" style name

You can specify any of the properties on the UserPrincipal and use those as "query-by-example" for your PrincipalSearcher.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)