使用LDAP启用/禁用AD用户

你可以使用"userAccountControl"属性来启用和禁用

您需要将DirectoryEntry传递给函数

启用:

public static void Enable(DirectoryEntry user)
    {
        try
        {
            int val = (int)user.Properties["userAccountControl"].Value;
            user.Properties["userAccountControl"].Value = val & ~0x2;
            //ADS_UF_NORMAL_ACCOUNT;
            user.CommitChanges();
            user.Close();
        }
        catch (System.DirectoryServices.DirectoryServicesCOMException E)
        {
            //DoSomethingWith --> E.Message.ToString();
        }
    }

---

禁用:

public void Disable(DirectoryEntry user)
{
    try
    {
        int val = (int)user.Properties["userAccountControl"].Value;
        user.Properties["userAccountControl"].Value = val | 0x2; 
             //ADS_UF_ACCOUNTDISABLE;
        user.CommitChanges();
        user.Close();
    }
    catch (System.DirectoryServices.DirectoryServicesCOMException E)
    {
        //DoSomethingWith --> E.Message.ToString();
    }
}

以:Morgan Tech Space为参考:

使用c#通过userAccountControl启用Active Directory用户帐户

private static void EnableADUserUsingUserAccountControl(string username)
 {
    try
    {
        DirectoryEntry domainEntry = Domain.GetCurrentDomain().GetDirectoryEntry();
        // ldap filter
        string searchFilter = string.Format(@"(&(objectCategory=person)(objectClass=user)
                (!sAMAccountType=805306370)(|(userPrincipalName={0})(sAMAccountName={0})))", username);
        DirectorySearcher searcher = new DirectorySearcher(domainEntry, searchFilter);
        SearchResult searchResult = searcher.FindOne();
        if (searcher != null)
        {
            DirectoryEntry userEntry = searchResult.GetDirectoryEntry();
            int old_UAC=(int)userEntry.Properties["userAccountControl"][0];
            // AD user account disable flag
            int ADS_UF_ACCOUNTDISABLE = 2;
            // To enable an ad user account, we need to clear the disable bit/flag:
            userEntry.Properties["userAccountControl"][0] = (old_UAC & ~ADS_UF_ACCOUNTDISABLE);
            userEntry.CommitChanges();
            Console.WriteLine("Active Director User Account Enabled successfully 
                                      through userAccountControl property");
        }
        else
        {
            //AD User Not Found
        }
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }
}

使用c#通过userAccountControl禁用Active Directory用户帐户

private static void DisableADUserUsingUserAccountControl(string username)
{
    try
    {
        DirectoryEntry domainEntry = Domain.GetCurrentDomain().GetDirectoryEntry();
        // ldap filter
        string searchFilter = string.Format(@"(&(objectCategory=person)(objectClass=user)
              (!sAMAccountType=805306370)(|(userPrincipalName={0})(sAMAccountName={0})))", username);
        DirectorySearcher searcher = new DirectorySearcher(domainEntry, searchFilter);
        SearchResult searchResult = searcher.FindOne();
        if (searcher != null)
        {
            DirectoryEntry userEntry = searchResult.GetDirectoryEntry();
            int old_UAC = (int)userEntry.Properties["userAccountControl"][0];
            // AD user account disable flag
            int ADS_UF_ACCOUNTDISABLE = 2;
            // To disable an ad user account, we need to set the disable bit/flag:
            userEntry.Properties["userAccountControl"][0] = (old_UAC | ADS_UF_ACCOUNTDISABLE);
            userEntry.CommitChanges();
            Console.WriteLine("Active Director User Account Disabled successfully 
                                through userAccountControl property");
        }
        else
        {
            //AD User Not Found
        }
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }
}

使用c#通过UserPrincipal启用AD用户帐户

private static void EnableADUserUsingUserPrincipal(string username)
{
    try
    {                
        PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);
        UserPrincipal userPrincipal = UserPrincipal.FindByIdentity
                (principalContext, username);
        userPrincipal.Enabled = true;
        userPrincipal.Save();
        Console.WriteLine("Active Director User Account Enabled successfully through UserPrincipal");
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }
}

使用c#通过UserPrincipal禁用AD用户帐户

private static void DiableADUserUsingUserPrincipal(string username)
{
    try
    {
        // To use this class, you need add reference System.DirectoryServices.AccountManagement which 

仅在。net 3.5中可用;PrincipalContext PrincipalContext = new PrincipalContext(ContextType.Domain);

        UserPrincipal userPrincipal = UserPrincipal.FindByIdentity
                (principalContext, username);
        userPrincipal.Enabled = false;
        userPrincipal.Save();
        Console.WriteLine("Active Director User Account Disabled successfully through UserPrincipal");
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }
}

您可以使用PrincipalContext来启用/禁用AD帐户。要启用AD，您可以这样做:

 private static void EnableADUserUsingUserPrincipal(string username)
     {
       try
    {                
        PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);
        UserPrincipal userPrincipal = UserPrincipal.FindByIdentity
                (principalContext, username);
        userPrincipal.Enabled = true;
        userPrincipal.Save();
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }
 }

要禁用活动目录，只需设置userPrincipal。