c# - Why UserPrincipal.Enabled returns different values? -


i trying determine if user account in ad enabled. use following code:

string domain = "my domain"; string group = "my security group"; string ou = "my ou";  //init context using (var cnt= new principalcontext(contexttype.domain, domain)) {     //find necessary security group     using (groupprincipal maingroup                = groupprincipal.findbyidentity(cnt, identitytype.guid, group))     {         if (maingroup != null)         {             //get group's members             foreach (var user in maingroup.getmembers()                                    .oftype<userprincipal>()                                    .where(u => u.distinguishedname.contains(ou)))             {                 //ensure info account loaded                 //by using findbyidentity opposed getmembers                 var tmpuser= userprincipal.findbyidentity(cnt,                                                            user.samaccountname);                 //actually use `user` variable,                  //as gave same result `tmpuser`.                  //print account info                 console.writeline(tmpuser.name + "\t" +                                    tmpuser.enabled.hasvalue + "\t" +                                    tmpuser.enabled.value);                                 }         }     } }

the problem is, when run code under administrative account, real result, while when run under non-priviledged account, user.enabled returns false of accounts, while should true.

the similar q&a managed find

  1. userprincipal.enabled returns false accounts in fact enabled?
  2. everything in active directory via c#.net 3.5 (using system.directoryservices.accountmanagement)

which not here.

why so? options info under non-priviledged account?

here approach: how determine if user account enabled or disabled:

private bool isactive(directoryentry de) {     if (de.nativeguid == null)          return false;      int flags = (int)de.properties["useraccountcontrol"].value;      if (!convert.toboolean(flags & 0x0002))          return true;      else          return false; }

same approach described in active directory objects , c#.

however when running under unpriviledged user account, useraccountcontrol attribute null , it's not possible determine state of account.

the workaround here use principalcontext constructor, specifying credentials of user enough priviledges access ad.

it stays unclear me, why unpriviledged user had access ad @ all, , couldn't values of account attributes. has nothing c#, , should configured in ad...

you'll need delegate permissions in active directory accounts performing ad queries. had applications work (though performing other administrative tasks on user accounts).

check here instructions on how delegate permissions(or see blockquote below).

you may referred following procedure run delegation:

  • start delegation of control wizard performing following steps:
    • open active directory users , computers.
    • in console tree, double click domain node.
    • in details menu, right click organizational unit, click delegate control, , click next.
    • select users or group want delegate common administrative tasks. so, perform following steps:
    • on users or groups page, click add.
    • in select users, computers or groups, write names of users , groups have delegate control of organizational unit, click ok. , click next.
    • assign common tasks delegate. perform following common tasks.
    • on tasks delgate page, click delegate following common tasks.
    • on tasks delegate page, select tasks want delegate, , click ok. click finish

for example: delegate administrator move user/computer objects, can use advance mode in ad user , computer , run delegation. should have write privilege in both ou object moving. writing new values, administrators account should have delegated values on user account (full privilege in specific ou well.

something else worth looking if accounts have useraccountcontrol attribute. i've heard accounts missing attribute may not report correctly. in scenarios attribute should set normalaccount.


Comments

Post a Comment

Popular posts from this blog

jquery - How can I dynamically add a browser tab? -

since using iframes house external pages are, accounts "not preferred method" , disallowed sites (flickr, one), want dynamically generate browser tabs. e.g., when user submits form, want dynamically generate tab on browser in response submitted. e.g., might want add new tab url like: http://www.bigsurgarrapata.com/contact how in jquery? you want form target attribute action attribute. http://www.w3schools.com/tags/att_form_target.asp browsers have ultimate control on result of target attribute open new tab value of _blank. <form action="contact_submit.php" target="_blank" method="post">
Read more

node.js - Getting the socket id,user id pair of a logged in user(s) -

i have web application done using node js , in it,i have authentication system requires users log in before can access pages. have 2 pages,the homepage , updates page. from read docs,a new socket id issued when user opens tab in browser. me being admin,i know socket id of logged in user , more so,the socket id,logged in user id pair logged in users. what method can use socket id,logged in user id pair make sure broadcast realtime info users online?.
Read more

keyboard - C++ GetAsyncKeyState alternative -

i using windows.h library's getasynckeystate function define key pushed on keyboard . here program returns int value of pushed key example. #include <iostream> #include <windows.h> using namespace std; int main (){ char i; for(i=8;i<190;i++){ if(getasynckeystate(i)== -32767){ cout<<int (i)<<endl; } } return 0; } but trying make opengl simple game , function appeared slow . there function not need cycle 180 times , if statement . thanks you're trying make opengl game, you're going use glfw. if that's case can away using glfwgetkey() such: if (glfwgetkey(glfw_key_up) == glfw_press) {...} if (glfwgetkey(glfw_key_down) == glfw_press) {...} that method nicely explained in tutorial 6 opengl-tutorial.org . should start first tutorial of beginners tutorials , later intermediate tutorials . if you're going make win32 window can listen wm_keydown or wm_keyup messages , virtua
Read more