相信大家在windows系统下操作域账户管理都是用ADSI来实现的,可是有些细节有可能会困惑你很长时间.
比如说如何判断域账户是否被琐定的问题.
原因:其实ADSI是对两种协议的封装来达到域管理的目的的.
1.LDAP (这是最常用的,也是可以跨平台使用的一个协议)
2.WinNT (只限于Windows操作系统)
解决办法:
当你查阅MSDN时,你会发现ADSI对LDAP支持中,对get_IsAccountLocked方法是不支持的,所以这个时候,你必须强制ADSI使用WinNT协议来判断域账户是否被锁.
1
static HRESULT get_IsAccountLocked(IADsUser* pAdsUser,LPWSTR pszUsername,LPWSTR pszLoginName,LPWSTR pszLoginPass,BOOL& bOut)
2
{
3
BSTR bstrCN = NULL;
4 pAdsUser->get_ADsPath(&bstrCN);
5
6 BSTR bstrserver = NULL;
7 HRESULT hr;
8 hr = ReceiveServerFromCN(bstrCN,bstrserver);
9 ::SysFreeString(bstrCN);
10 //To determine whether the user has been locked out.
11 if(SUCCEEDED(hr))
12
{
13 WCHAR wchNTUser[_MAX_PATH];
14 memset(wchNTUser,0,sizeof(WCHAR)*_MAX_PATH);
15 IADsUser * pUserTmp = NULL;
16 swprintf(wchNTUser,L"WinNT://%s/%s,user",bstrserver,pszUsername);
17#ifdef _DEBUG
18 AString strtmp = BSTR2AString(wchNTUser);
19 wprintf(L"%s",wchNTUser);
20#endif
21
22 BSTR bstrLoginName = SysAllocString(pszLoginName);
23 AString astrLoginName = BSTR2AString(bstrLoginName);
24 ::SysFreeString(bstrLoginName);
25
26 AString astrTemp = NULL;
27 int nPos= astrLoginName.lSearch(_T('\\'), 0);
28 if(nPos>0)
29 astrTemp = astrLoginName.subStr(0, nPos);
30
31 AString astrServer = BSTR2AString(bstrserver);
32 TCHAR Domain[DNLEN + 1];
33 LPTSTR domainName = Domain;
34 if(!GetCurDomainName(domainName))
35 return E_FAIL;
36
37 AString astrCurDomain = domainName;
38 if(!astrCurDomain.similarTo(astrServer) || !astrServer.similarTo(astrTemp))
39 {
40 bOut = FALSE;
41 return S_OK;
42
}
43 SysFreeString(bstrserver);
44 HRESULT hrtmp = ADsOpenObject(wchNTUser,pszLoginName,pszLoginPass,ADS_SECURE_AUTHENTICATION,IID_IADsUser,(void**)&pUserTmp);
45 if(SUCCEEDED(hrtmp))
46 {
47 VARIANT_BOOL bret = VARIANT_FALSE;
48 pUserTmp->get_IsAccountLocked(&bret);
49 pUserTmp->Release();
50 if(bret == VARIANT_TRUE)
51 {
52 bOut = TRUE;
53 }
54 else
55 {
56 bOut = FALSE;
57 }
58 return S_OK;
59 }
60 else
61 {
62 return E_FAIL;
63 }
64 }
65 else
66 return E_FAIL;
67
}
希望上述内容对你的学习、工作有所帮助