相信大家在windows系统下操作域账户管理都是用ADSI来实现的,可是有些细节有可能会困惑你很长时间.
比如说如何判断域账户是否被琐定的问题.
原因:其实ADSI是对两种协议的封装来达到域管理的目的的.
1.LDAP (这是最常用的,也是可以跨平台使用的一个协议)
2.WinNT (只限于Windows操作系统)
解决办法:
当你查阅MSDN时,你会发现ADSI对LDAP支持中,对get_IsAccountLocked方法是不支持的,所以这个时候,你必须强制ADSI使用WinNT协议来判断域账户是否被锁.
1
static HRESULT get_IsAccountLocked(IADsUser* pAdsUser,LPWSTR pszUsername,LPWSTR pszLoginName,LPWSTR pszLoginPass,BOOL& bOut)
2

{
3
BSTR bstrCN = NULL;
4
pAdsUser->get_ADsPath(&bstrCN);
5
6
BSTR bstrserver = NULL;
7
HRESULT hr;
8
hr = ReceiveServerFromCN(bstrCN,bstrserver);
9
::SysFreeString(bstrCN);
10
//To determine whether the user has been locked out.
11
if(SUCCEEDED(hr))
12
{
13
WCHAR wchNTUser[_MAX_PATH];
14
memset(wchNTUser,0,sizeof(WCHAR)*_MAX_PATH);
15
IADsUser * pUserTmp = NULL;
16
swprintf(wchNTUser,L"WinNT://%s/%s,user",bstrserver,pszUsername);
17
#ifdef _DEBUG
18
AString strtmp = BSTR2AString(wchNTUser);
19
wprintf(L"%s",wchNTUser);
20
#endif
21
22
BSTR bstrLoginName = SysAllocString(pszLoginName);
23
AString astrLoginName = BSTR2AString(bstrLoginName);
24
::SysFreeString(bstrLoginName);
25
26
AString astrTemp = NULL;
27
int nPos= astrLoginName.lSearch(_T('\\'), 0);
28
if(nPos>0)
29
astrTemp = astrLoginName.subStr(0, nPos);
30
31
AString astrServer = BSTR2AString(bstrserver);
32
TCHAR Domain[DNLEN + 1];
33
LPTSTR domainName = Domain;
34
if(!GetCurDomainName(domainName))
35
return E_FAIL;
36
37
AString astrCurDomain = domainName;
38
if(!astrCurDomain.similarTo(astrServer) || !astrServer.similarTo(astrTemp))
39
{
40
bOut = FALSE;
41
return S_OK;
42
}
43
SysFreeString(bstrserver);
44
HRESULT hrtmp = ADsOpenObject(wchNTUser,pszLoginName,pszLoginPass,ADS_SECURE_AUTHENTICATION,IID_IADsUser,(void**)&pUserTmp);
45
if(SUCCEEDED(hrtmp))
46
{
47
VARIANT_BOOL bret = VARIANT_FALSE;
48
pUserTmp->get_IsAccountLocked(&bret);
49
pUserTmp->Release();
50
if(bret == VARIANT_TRUE)
51
{
52
bOut = TRUE;
53
}
54
else
55
{
56
bOut = FALSE;
57
}
58
return S_OK;
59
}
60
else
61
{
62
return E_FAIL;
63
}
64
}
65
else
66
return E_FAIL;
67
}
希望上述内容对你的学习、工作有所帮助