我正在使用 Windows 2008 R2 Server 并尝试在 Active Directory 中添加用户。
我可以保存长度少于 20 个字符的用户 ID。但是当我尝试将此值增加到 30 个字符时,我收到此错误:
“System.DirectoryServices.DirectoryServicesCOMException (0x8007001F): A device attached to the system is not functioning. (Exception from HRESULT: 0x8007001F)”
当我在网上搜索这个错误时,我得到了各种链接,说:
请验证该问题是否由 sAMAccountName 的长度引起
SAM-Account-Name文档也表明其长度应小于20个字符。
我正在使用以下代码在 Active Directory 中添加用户
public static void AddUser(ADUser adUser)
{
if (_logger.IsDebugEnabled)
_logger.Debug("ADHelper.cs: Enter AddUser");
// Local variables
DirectoryEntry oDE = null;
DirectoryEntry oDENewUser = null;
DirectoryEntries oDEs = null;
try
{
oDE = GetDirectoryEntry(GetADPath(adUser.UserType));
// 1. Create user account
oDEs = oDE.Children;
oDENewUser = oDEs.Add("CN=" + adUser.UserName, "user");
// 2. Set properties
SetProperty(oDENewUser, Constants.ADAttributes.givenName, adUser.FirstName);
SetProperty(oDENewUser, Constants.ADAttributes.initials, adUser.MiddleInitial);
SetProperty(oDENewUser, Constants.ADAttributes.sn, adUser.LastName);
SetProperty(oDENewUser, Constants.ADAttributes.mail, adUser.Email);
SetProperty(oDENewUser, Constants.ADAttributes.sAMAccountName, adUser.UserName);
SetProperty(oDENewUser, Constants.ADAttributes.ChallengeQuestion, adUser.PasswordChallengeQuestion);
SetProperty(oDENewUser, Constants.ADAttributes.ChallengeAnswer, adUser.PasswordChallengeAnswer);
SetProperty(oDENewUser, Constants.ADAttributes.ChallengeQuestion2, adUser.PasswordChallengeQuestion2);
SetProperty(oDENewUser, Constants.ADAttributes.ChallengeAnswer2, adUser.PasswordChallengeAnswer2);
// Sharepoint changes
if (adUser.CompanyGroupSupplier != string.Empty)
{
SetProperty(oDENewUser, Constants.ADAttributes.CompanyGroupSupplier, adUser.CompanyGroupSupplier);
}
if (adUser.PersonalGroupAddress != string.Empty)
{
SetProperty(oDENewUser, Constants.ADAttributes.PersonalGroupAddress, adUser.PersonalGroupAddress);
}
if (adUser.PersonalGroupPhone != string.Empty)
{
SetProperty(oDENewUser, Constants.ADAttributes.PersonalGroupPhone, adUser.PersonalGroupPhone);
}
// Sharepoint changes
oDENewUser.CommitChanges();
// 3. Set password
SetPassword(oDENewUser.Path, adUser.Password);
// 4. Enable account
EnableAccount(oDENewUser);
oDENewUser.Close();
oDE.Close();
if (_logger.IsDebugEnabled)
_logger.Debug("ADHelper.cs: Exit AddUser");
}
catch (ApplicationException appex)
{
if (_logger.IsErrorEnabled)
_logger.Error("ADHelper.cs: Exception occurred in AddUser. Message: ", appex);
throw appex;
}
catch (Exception ex)
{
if (_logger.IsErrorEnabled)
_logger.Error("ADHelper.cs: Exception occurred in AddUser. Message: ", ex);
throw ex;
}
finally
{
if (oDENewUser != null)
{
oDENewUser.Dispose();
oDENewUser = null;
}
if (oDEs != null)
{
oDEs = null;
}
if (oDE != null)
{
oDE.Dispose();
oDE = null;
}
}
}
如何将 Active Directory 中的 sAMAccountName 长度增加到大约 30 个字符?
答案1
正如您在问题中发现并指出的那样,该属性限制为 20 个字符(MSDN 文章)。这是为了向后兼容。Active Directory 本身施加了此限制,因此您无法通过编程覆盖它。
答案2
“Pre-Windows 2000” 名称(也称为 samAccountName)的限制为 20 个字符。
有关详细信息,请参阅先前的答案: https://serverfault.com/a/335565/20701