java 对AD账户进行添加,修改,删除
时间: 2024-03-17 17:42:54 浏览: 20
要通过Java对AD账户进行添加、修改和删除操作,可以使用JNDI(Java Naming and Directory Interface)API来连接和操作AD服务器。以下是示例代码:
1. 添加AD账户
```java
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.*;
import java.util.Hashtable;
public class AddADUser {
public static void main(String[] args) {
// LDAP连接信息
String ldapUrl = "ldap://your-ldap-server:389";
String ldapUsername = "your-ldap-username"; // 可以为空,如果匿名访问
String ldapPassword = "your-ldap-password"; // 可以为空,如果匿名访问
String ldapBaseDn = "DC=your-domain,DC=com";
// 用户信息
String username = "new-user";
String password = "new-password";
// LDAP属性设置
Hashtable<String, Object> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUrl);
if (ldapUsername != null && !ldapUsername.isEmpty()) {
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ldapUsername);
env.put(Context.SECURITY_CREDENTIALS, ldapPassword);
}
try {
// 连接LDAP服务器
DirContext context = new InitialDirContext(env);
// 创建新用户
Attributes userAttrs = new BasicAttributes();
userAttrs.put("objectClass", "user");
userAttrs.put("sAMAccountName", username);
userAttrs.put("userPrincipalName", username + "@" + ldapBaseDn);
userAttrs.put("userAccountControl", Integer.toString(512)); // 启用账户
userAttrs.put("unicodePwd", password.getBytes("UTF-16LE"));
context.createSubcontext("CN=" + username + "," + ldapBaseDn, userAttrs);
System.out.println("User " + username + " added");
// 关闭LDAP连接
context.close();
} catch (NamingException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
}
```
2. 修改AD账户
```java
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.*;
import java.util.Hashtable;
public class ModifyADUser {
public static void main(String[] args) {
// LDAP连接信息
String ldapUrl = "ldap://your-ldap-server:389";
String ldapUsername = "your-ldap-username"; // 可以为空,如果匿名访问
String ldapPassword = "your-ldap-password"; // 可以为空,如果匿名访问
String ldapBaseDn = "DC=your-domain,DC=com";
// 用户信息
String username = "existing-user";
String newPassword = "new-password";
// LDAP属性设置
Hashtable<String, Object> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUrl);
if (ldapUsername != null && !ldapUsername.isEmpty()) {
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ldapUsername);
env.put(Context.SECURITY_CREDENTIALS, ldapPassword);
}
try {
// 连接LDAP服务器
DirContext context = new InitialDirContext(env);
// 修改用户密码
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("unicodePwd", newPassword.getBytes("UTF-16LE")));
context.modifyAttributes("CN=" + username + "," + ldapBaseDn, mods);
System.out.println("User " + username + " modified");
// 关闭LDAP连接
context.close();
} catch (NamingException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
}
```
3. 删除AD账户
```java
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.*;
import java.util.Hashtable;
public class DeleteADUser {
public static void main(String[] args) {
// LDAP连接信息
String ldapUrl = "ldap://your-ldap-server:389";
String ldapUsername = "your-ldap-username"; // 可以为空,如果匿名访问
String ldapPassword = "your-ldap-password"; // 可以为空,如果匿名访问
String ldapBaseDn = "DC=your-domain,DC=com";
// 用户信息
String username = "existing-user";
// LDAP属性设置
Hashtable<String, Object> env = new Hashtable<>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapUrl);
if (ldapUsername != null && !ldapUsername.isEmpty()) {
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, ldapUsername);
env.put(Context.SECURITY_CREDENTIALS, ldapPassword);
}
try {
// 连接LDAP服务器
DirContext context = new InitialDirContext(env);
// 删除用户
context.destroySubcontext("CN=" + username + "," + ldapBaseDn);
System.out.println("User " + username + " deleted");
// 关闭LDAP连接
context.close();
} catch (NamingException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
}
```
注意:需要替换代码中的LDAP连接信息、用户信息和LDAP属性设置为实际的值。