ADSI (Active Directory Services Interface)是Microsoft新推出的一項技術,它統一了許多底層服務的編程接口,程序員可以使用一致的對象技術來訪問這些底層服務。 ADSI把這些服務的公共部分提取出來,同時隔離出相異的部分,程序員可以用統一的接口訪問底層服務的公共部分,並延伸到底層服務的專有部分。
管理用戶組
獲取用戶組的用戶列表
Dim oGrp Dim oUser Dim sDomain dim sMsg sDomain = "localhost" On Error Resume Next Set oGrp = GetObject("WinNT://"&sDomain&"/Administrators,group") For Each oUser In oGrp.Members sMsg = sMsg & oUser.Name & "(" & oUser.Class & ") " & oUser.ADsPath & vbnewline Next msgbox sMsg If (Err.Number<>0) Then MsgBox("An error has occurred. " &vbnewline& Err.Description) End If Set oGrp = Nothing Set oUser = Nothing
另一種方法:
Dim oDomain Dim oGrp Dim oUser Dim sDomain dim sMsg sDomain = "localhost" On Error Resume Next Set oDomain = GetObject("WinNT://"&sDomain) Set oGrp = oDomain.GetObject("group", "Administrators") For Each oUser In oGrp.Members sMsg = sMsg & oUser.Name & "(" & oUser.Class & ") " & oUser.ADsPath & vbnewline Next msgbox sMsg If (Err.Number<>0) Then MsgBox("An error has occurred. " &vbnewline& Err.Description) End If Set oGrp = Nothing Set oUser = Nothing
查詢用戶是否屬於該用戶組
Dim oGrp On Error Resume Next Set oGrp = GetObject("WinNT://localhost/Administrators") MsgBox oGrp.IsMember("WinNT://DESKTOP-K3O4FGP/Administrator") If (Err.Number<>0) Then MsgBox("An error has occurred. " &vbnewline& Err.Description) End If Set oGrp = Nothing
添加用戶到用戶組
該操作要求當前登錄用戶為Administrator。
Dim oGrp dim sDomain sDomain = "DESKTOP-K3O4FGP" Set oGrp = GetObject("WinNT://"&sDomain&"/Administrators") oGrp.Add ("WinNT://"&sDomain&"/Admin") if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if Set oGrp = Nothing
從用戶組中移除用戶
該操作要求當前登錄用戶為Administrator。
Dim oGrp dim sDomain sDomain = "DESKTOP-K3O4FGP" On Error Resume Next Set oGrp = GetObject("WinNT://"&sDomain&"/Administrators") oGrp.Remove ("WinNT://"&sDomain&"/jeffsmith") If (Err.Number<>0) Then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" End If Set oGrp = Nothing
創建用戶組
該操作要求當前登錄用戶為Administrator。
Dim oDomain Dim oGroup Dim sDomain sDomain = "localhost" On Error Resume Next Set oDomain = GetObject("WinNT://"&sDomain) Set oGroup = oDomain.Create("group","MyGroup") oGroup.SetInfo if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if Set oGroup = Nothing Set oDomain = Nothing
刪除用戶組
該操作要求當前登錄用戶為Administrator。
Dim oDomain Dim sDomain sDomain = "localhost" On Error Resume Next Set oDomain = GetObject("WinNT://"&sDomain) oDomain.Delete "group","MyGroup" if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if Set oDomain = Nothing
管理用戶
添加用戶
該操作要求當前登錄用戶為Administrator。
Dim oDomain Dim oUser Dim sDomain sDomain = "localhost" On Error Resume Next Set oDomain = GetObject("WinNT://"&sDomain) Set oUser = oDomain.Create("user","jeffsmith") 'oUser.FullName = "FullName" '用戶全名 'oUser.Description = "Description" '描述 'oUser.SetPassword "password" '設置密碼 'oUser.PasswordExpired = 1 '下次登錄需要更改密碼 'oUser.UserFlags = oUser.UserFlags Or &H10000 '&H20000(下次登錄須更改密碼) '&H0040(用戶不能更改密碼) '&H10000(密碼永不過期) '&H0002(賬戶已禁用) oUser.SetInfo if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if
如果未設置用戶屬性,則 新建的用戶的默認屬性如下:
| Property | Value |
|---|---|
| Full Name | SAM Account Name (such as jeffsmith) |
| Password | Empty |
| User Must Change Password | TRUE |
| User Cannot Change Password | FALSE |
| Password Never Expires | FALSE |
| Account Disabled | FALSE |
| Group | Domain User |
| Profile | Empty |
| Account Never Expires | TRUE |
修改用戶屬性
該操作要求當前登錄用戶為Administrator。
Dim oUser Dim sDomain sDomain = "localhost" On Error Resume Next Set oUser = GetObject("WinNT://"&sDomain&"/jeffsmith") oUser.FullName = "jeffsmith" oUser.Description = "Description" oUser.AccountDisabled = False oUser.IsAccountLocked = False oUser.SetInfo if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if
用戶屬性詳見:https://docs.microsoft.com/zh-cn/windows/win32/adsi/iadsuser-property-methods
設置用戶密碼
該操作要求當前登錄用戶為Administrator。
Dim oUser Dim sDomain sDomain = "localhost" On Error Resume Next Set oUser = GetObject("WinNT://"&sDomain&"/jeffsmith") oUser.SetPassword "pa55w0rd!" if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if
更改用戶密碼
該操作要求當前登錄用戶為Administrator。
Dim oUser Dim sOldPass Dim sNewPass Dim sDomain sDomain = "localhost" On Error Resume Next Set oUser = GetObject("WinNT://"&sDomain&"/JeffSmith,user") ' Add code to securely retrieve the old and new password. oUser.ChangePassword sOldPass, sNewPass if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if Set oUser = Nothing
刪除用戶
該操作要求當前登錄用戶為Administrator。
Dim oDomain Dim sDomain sDomain = "localhost" On Error Resume Next Set oDomain = GetObject("WinNT://"&sDomain) oDomain.Delete "user", "jeffsmith" if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox "Complete" end if
查詢用戶隸屬的組
Dim oUser Dim oGroup Dim sDomain Dim sMsg sDomain = "localhost" On Error Resume Next Set oUser = GetObject("WinNT://"&sDomain&"/Administrator") For Each oGroup In oUser.Groups sMsg = sMsg & oGroup.Name & vbnewline Next if (Err.Number<>0) then MsgBox("An error has occurred. " &vbnewline& Err.Description) else msgbox sMsg end if
引用:https://docs.microsoft.com/zh-cn/windows/win32/adsi/adsi-objects-of-winnt