System.DirectoryServices.AccountManagement 命名空间

System.DirectoryServices.AccountManagement 命名空间提供了统一的访问和用户操作、计算机和组安全原则(在多个主要存储):活动目录域服务 (AD DS)、 活动目录轻量级目录服务 (AD LDS)和机器 SAM (MSAM)。 The System.DirectoryServices.AccountManagement namespace provides uniform access and manipulation of user, computer, and group security principals across the multiple principal stores: Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), and Machine SAM (MSAM). System.DirectoryServices.AccountManagement 管理独立于 System.DirectoryServices 命名空间的目录对象。 System.DirectoryServices.AccountManagement manages directory objects independent of the System.DirectoryServices namespace.

AdvancedFilters

此类提供对某些属性的可写访问,以便用户能够在使用按示例查询时,修改传递给 PrincipalSearcher 对象的“虚拟”主体对象的只读属性。This class provides writable access to certain attributes so that users can modify read-only properties of the "dummy" principal object that is passed to a PrincipalSearcher object when using Query By Example.

AuthenticablePrincipal

封装可以对其进行身份验证的主体所通用的帐户和联系人数据。Encapsulates the account and contact data common to principals that can be authenticated.

ComputerPrincipal

封装作为计算机帐户的主体。Encapsulates principals that are computer accounts.

DirectoryObjectClassAttribute

表示用于在目录中创建此类型对象的架构对象。Represents the schema object that is used to create an object of this type in the directory. 此特性是主体扩展所必需的,并且只能在类上设置。This attribute is required for principal extensions and can only be set on classes.

DirectoryPropertyAttribute

包含存储区将主体属性映射到目录特性时所需的数据。Contains the data required by the store to map a principal property to a directory attribute. 此特性是主体扩展所必需的,并且只能在属性上设置。This attribute is required for principal extensions and can only be set on a property. 此特性必须在表示扩展类的目录特性的每个属性上指定。It must be specified on every property that represents a directory attribute in the extended class.

DirectoryRdnPrefixAttribute

用于为插入到存储区中的新对象构造 RDN 的 RDN 前缀。The RDN prefix used to construct the RDN for the new object that is inserted into the store. 如果未设置此特性,则帐户管理 API 使用默认的 RDN 前缀“CN”。The default RDN prefix of "CN" is used by the Account Management API if this attribute is not set. 此特性是可选的,并且只能在主体扩展类上设置。This attribute is optional and can only be set on principal extension classes.

GroupPrincipal

封装组帐户。Encapsulates group accounts. 组帐户可以是出于管理目的而创建的主体对象或帐户的任意集合。Group accounts can be arbitrary collections of principal objects or accounts created for administrative purposes.

MultipleMatchesException

当有多个与搜索查询相匹配的项时,预期与单个主体对象相匹配的方法会引发此异常。This exception is thrown by methods that expect to match a single principal object when there are multiple matches to the search query.

NoMatchingPrincipalException

在找不到具有指定参数的匹配主体对象时引发此异常。This exception is thrown when no matching principal object could be found with the specified parameters.

PasswordException

在密码不符合复杂性要求时将引发此异常。This exception is thrown when a password does not meet complexity requirements.

Principal

封装对所有安全主体通用的帐户数据和操作。Encapsulates the account data and operations common to all security principals. 这是从中派生所有安全主体的抽象基类。This is the abstract base class from which all security principals are derived.

PrincipalCollection

派生自 Principal 类的对象的可变集合。A mutable collection of objects derived from the Principal class. 该类设计用于包含 Principal 对象的多值属性。This class is designed to be used for multi-valued properties that contain Principal objects. 对该集合中的内容进行操作将更改相应的存储属性的内容,当在对应的主体对象上调用 Save() 时该存储属性的内容将变成永久性的。Manipulating the contents of this collection changes the contents of the corresponding store property, which is made permanent when Save() is called on the corresponding principal object.

PrincipalContext

封装对其执行所有操作的服务器或域、用作这些操作的基础的容器和用于执行这些操作的凭据。Encapsulates the server or domain against which all operations are performed, the container that is used as the base of those operations, and the credentials used to perform the operations.

PrincipalException

System.DirectoryServices.AccountManagement 对象引发的异常的基类。The base class of exceptions thrown by System.DirectoryServices.AccountManagement objects.

PrincipalExistsException

Add 方法在尝试插入的主体在集合中已存在时引发,或 Save() 在尝试保存的新主体在存储区中已存在时引发。Thrown by Add method when an attempt is made to insert a principal that already exists in the collection, or by Save() when an attempt is made to save a new principal that already exists in the store.

PrincipalOperationException

当 ADSI 在更新存储区的过程中返回错误时引发。Thrown when ADSI returns an error during an operation to update the store.

PrincipalSearcher

封装用于对基础主体存储区执行查询的方法和搜索模式。Encapsulates the methods and search patterns used to execute a query against the underlying principal store.

PrincipalSearchResult<T>

返回由搜索返回的 Principal 对象的集合。Returns a collection of Principal objects that are returned by a search.

PrincipalServerDownException

当 API 无法连接到服务器时,会引发此异常。This exception is thrown when the API is unable to connect to the server.

PrincipalValueCollection<T>

多值属性(如 PermittedWorkstations)具有一个 PrincipalValueCollection<T> 类型的值。Multi-valued properties, such as PermittedWorkstations, have a value of the type PrincipalValueCollection<T>. 此类提供用于枚举和操作这些值的方法。This class provides methods to enumerate and manipulate those values.

UserPrincipal

封装作为用户帐户的主体。Encapsulates principals that are user accounts.

枚举

ContextOptions

指定绑定到服务器时使用的选项。Specifies the options that are used for binding to the server. 应用程序可以设置多个与按位“或”运算链接的选项。The application can set multiple options that are linked with a bitwise OR operation.

ContextType

指定主体所属的存储区的类型。Specifies the type of store to which the principal belongs.

GroupScope

指定组主体的范围。Specifies the scope of the group principal.

IdentityType

指定标识的格式。Specifies the format of the identity.

MatchType

MatchType 枚举指定搜索中使用的比较类型。The MatchType enumeration specifies the type of comparison used in a search.

注解

托管的目录服务应用程序可以充分利用System.DirectoryServices.AccountManagementAPI 来简化管理用户、 计算机和组主体。Managed directory services applications can take advantage of the System.DirectoryServices.AccountManagement API to simplify management of user, computer and group principals. 中少量的代码行完成解决方案的以前所需的应用商店或冗长的代码,例如查找用户所属的所有组的高深知识System.DirectoryServices.AccountManagementAPI。Solutions that previously required intricate knowledge of the store or lengthy code, such as finding all groups to which a user belongs, are accomplished in a few lines of code with the System.DirectoryServices.AccountManagement API.

可以使用上的以下功能System.DirectoryServices.AccountManagementAPI:The following features are available on the System.DirectoryServices.AccountManagement API:

  • 简化了基本目录操作,如创建和更新安全主体。Basic directory operations such as creating and updating security principals is simplified. 应用程序需要更少了解要执行这些操作的基础存储。The application requires less knowledge of the underlying stores to perform these operations.

  • 应用程序可以扩展以包括新类型的目录对象的对象模型。Applications can extend the object model to include new types of directory objects.

  • 简化帐户管理任务,如启用和禁用用户帐户。Account management tasks, such as enabling and disabling a user account, are simplified.

  • 跨应用商店支持允许以包含来自不同类型的存储区的成员的 Active Directory 域服务 (AD DS)、 Active Directory 轻型目录服务 (AD LDS) 和 Machine SAM (MSAM) 数据库中的组对象。Cross-store support allows group objects in the Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), and Machine SAM (MSAM) databases to contain members from different types of stores.

  • 查询通过搜索示例,可在上找到PrincipalSearcher类,使应用程序能够在主体对象上设置属性和其他对象包含匹配的属性值的所选应用商店中搜索。Query by example searching, available on the PrincipalSearcher class, enables applications to set properties on a principal object and search the selected store for other objects that contain matching property values.

  • 增强的搜索计算机、 用户和组主体对象上允许应用程序匹配的主体对象所选的应用商店中搜索。Enhanced search on computer, user and group principal objects enables applications to search the selected store for matching principal objects.

  • 递归搜索,可针对组主体对象,使应用程序组以递归方式搜索并只返回主体对象是叶节点。Recursive search, available on the group principal object, enables applications to search a group recursively and return only principal objects that are leaf nodes.

  • 简化对 Machine SAM、 AD DS 和 AD LS 存储的凭据验证。Credential validation against the Machine SAM, AD DS, and AD LS stores is simplified.

  • 通过使用快速并发绑定 (前端总线) 功能可用时提高连接速度。Connections speeds are increased by using the Fast Concurrent Bind (FSB) feature when available. 连接缓存减少了使用的端口数。Connection caching decreases the number of ports used.

另请参阅