将AD用户添加到AD组

Question

我有一个VB应用程序（.NET 4.0），用户在其中选择一个AD组，然后可以将用户从预定义列表添加到该组。这些组织从AD撤出，用户从Oracle撤出，但都是现有的AD用户。

您将看到三个注释的代码块，我尝试了所有这三个代码，并且每个都得到“用户代码未处理的COMException：未指定的错误”。

<WebMethod()> _ 
Public Shared Function AddDirectReport(ByVal User As String, ByVal Group As String) As String 
    Dim GroupMembers As List(Of String) = LoadGroupMembers(Group) 
    If GroupMembers.Contains(User) Then 
     Return "USER " & User & " IS ALREADY IN GROUP " & Group 
    End If 

    Dim SearchRoot As New DirectoryEntry("[LDAP Path]") 

    Dim GroupSearcher As New DirectorySearcher 
    With GroupSearcher 
     .SearchRoot = SearchRoot 
     .Filter = "(&(ObjectClass=Group)(CN=" & Group & "))" 
    End With 

    Dim UserSearcher As New DirectorySearcher 
    With UserSearcher 
     .SearchRoot = SearchRoot 
     .Filter = "(&(ObjectClass=Person)(CN=" & User & "))" 
    End With 

    Dim g As DirectoryEntry = GroupSearcher.FindOne.GetDirectoryEntry 
    Dim u As DirectoryEntry = UserSearcher.FindOne.GetDirectoryEntry 

    'With u 
    ' .Properties("memberof").Add(g) 
    ' .CommitChanges() 
    'End With 

    'With g 
    ' .Properties("member").Add(u) 
    ' .CommitChanges() 
    'End With 

    'With g 
    ' .Properties("members").Add(u) 
    ' .CommitChanges() 
    'End With 
    Return "Success?" 
End Function 

Answer 1

This是一个很好的资源。

其中，你会发现你的第二个几乎在那里。代替将DirectoryEntry传递给add方法，您需要它的可分辨名称：

With g 
    .Properties("member").Add(u.Properties("distinguishedName").Value) 
    .CommitChanges() 
End With