相信大家在windows系統下操作域賬戶管理都是用ADSI來實現的,可是有些細節有可能會困惑你很長時間.
比如說如何判斷域賬戶是否被瑣定的問題.
原因:其實ADSI是對兩種協議的封裝來達到域管理的目的的.
1.LDAP (這是最常用的,也是可以跨平臺使用的一個協議)
2.WinNT (只限于Windows操作系統)
解決辦法:
當你查閱MSDN時,你會發現ADSI對LDAP支持中,對get_IsAccountLocked方法是不支持的,所以這個時候,你必須強制ADSI使用WinNT協議來判斷域賬戶是否被鎖.
1
static HRESULT get_IsAccountLocked(IADsUser* pAdsUser,LPWSTR pszUsername,LPWSTR pszLoginName,LPWSTR pszLoginPass,BOOL& bOut)
2
{
3
BSTR bstrCN = NULL;
4 pAdsUser->get_ADsPath(&bstrCN);
5
6 BSTR bstrserver = NULL;
7 HRESULT hr;
8 hr = ReceiveServerFromCN(bstrCN,bstrserver);
9 ::SysFreeString(bstrCN);
10 //To determine whether the user has been locked out.
11 if(SUCCEEDED(hr))
12
{
13 WCHAR wchNTUser[_MAX_PATH];
14 memset(wchNTUser,0,sizeof(WCHAR)*_MAX_PATH);
15 IADsUser * pUserTmp = NULL;
16 swprintf(wchNTUser,L"WinNT://%s/%s,user",bstrserver,pszUsername);
17#ifdef _DEBUG
18 AString strtmp = BSTR2AString(wchNTUser);
19 wprintf(L"%s",wchNTUser);
20#endif
21
22 BSTR bstrLoginName = SysAllocString(pszLoginName);
23 AString astrLoginName = BSTR2AString(bstrLoginName);
24 ::SysFreeString(bstrLoginName);
25
26 AString astrTemp = NULL;
27 int nPos= astrLoginName.lSearch(_T('\\'), 0);
28 if(nPos>0)
29 astrTemp = astrLoginName.subStr(0, nPos);
30
31 AString astrServer = BSTR2AString(bstrserver);
32 TCHAR Domain[DNLEN + 1];
33 LPTSTR domainName = Domain;
34 if(!GetCurDomainName(domainName))
35 return E_FAIL;
36
37 AString astrCurDomain = domainName;
38 if(!astrCurDomain.similarTo(astrServer) || !astrServer.similarTo(astrTemp))
39 {
40 bOut = FALSE;
41 return S_OK;
42
}
43 SysFreeString(bstrserver);
44 HRESULT hrtmp = ADsOpenObject(wchNTUser,pszLoginName,pszLoginPass,ADS_SECURE_AUTHENTICATION,IID_IADsUser,(void**)&pUserTmp);
45 if(SUCCEEDED(hrtmp))
46 {
47 VARIANT_BOOL bret = VARIANT_FALSE;
48 pUserTmp->get_IsAccountLocked(&bret);
49 pUserTmp->Release();
50 if(bret == VARIANT_TRUE)
51 {
52 bOut = TRUE;
53 }
54 else
55 {
56 bOut = FALSE;
57 }
58 return S_OK;
59 }
60 else
61 {
62 return E_FAIL;
63 }
64 }
65 else
66 return E_FAIL;
67
}
希望上述內容對你的學習、工作有所幫助