Active Directory 常用属性

1.获取DirectoryEntry

string str = string.Empty;

string strPath = @LDAP://testDomain.com.mo;
string ad = "testAD";
System.DirectoryServices.DirectorySearcher sea = new System.DirectoryServices.DirectorySearcher(strPath);sea.Filter = "(&(objectCategory=user)(sAMAccountName=" + ad + "))";System.DirectoryServices.SearchResult res = sea.FindOne();System.DirectoryServices.DirectoryEntry d = new System.DirectoryServices.DirectoryEntry();d.Path = res.Path;foreach (string p in d.Properties.PropertyNames){     str += string.Format("{0}:{1}\r\n",p , d.Properties[p].Value.ToString());}2.基本信息name,givenName.distinguishedName,displayName,mailNicknamehttp://tech.ddvip.com/2013-01/1358156532188866.html3.定位信息sAMAccountName:adsAMAccountType:805306368        all user objects"(sAMAccountType=805306368)" "(&(objectCategory=person)(objectClass=user)(cn=Joe*))""(&(objectCategory=group)(|(cn=Test*)(cn=Admin*)))"ADO Search Tipshttp://www.rlmueller.net/ADOSearchTips.htm
4.权限码userAccountControl启用512,禁用514,密码永不过期66048enable: 
d.Properties["userAccountControl"].Value = 512 & ~0x2;
user.CommitChanges();
disable:d.Properties["userAccountControl"].Value = 512 | 0x2;
unlock:
d.Properties["LockOutTime"].Value = 0;reset password:d.Invoke("SetPassword", new object[] { password });        d.Properties["LockOutTime"].Value = 0; d.Properties["pwdLastSet"].Value = 0;
pwdLastSet
badPwdCount   用户尝试错误密码的次数 
badPasswordTime   用户最后一次尝试错误密码的时间 
lastLogon   用户最后登陆时间 
accountExpires   帐户到期日期 

Constant                   Hexadecimal value      Decimal value
 ADS_UF_NORMAL_ACCOUNT       0x200                     512
 ADS_UF_ACCOUNTDISABLE       0x0002                     2
 ADS_PASSWD_NOTREQD          0x0020                     3
 PASSWORD_EXPIRED 512 | 0x800000
http://blog.sina.com.cn/s/blog_6d6712230100ls0v.html

5.adsiedit.msc
http://www.cnblogs.com/dragonwlb/archive/2012/08/06/2625474.html