C# 按IP地址C选择域控制器_C#_Asp.net_Active Directory_User Accounts

C# 按IP地址C选择域控制器

c# asp.net active-directory

C# 按IP地址C选择域控制器,c#,asp.net,active-directory,user-accounts,C#,Asp.net,Active Directory,User Accounts,下面是在AD中创建用户的简单代码。该代码是DC un特定的。它不关心在哪个DC上创建它，它将使用服务器连接到的windows默认设置 using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, Domain, path, ContextOptions.Negotiate, ManagementUsername, ManagementPassword)) {

下面是在AD中创建用户的简单代码。该代码是DC un特定的。它不关心在哪个DC上创建它，它将使用服务器连接到的windows默认设置

 using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, Domain, path, ContextOptions.Negotiate, ManagementUsername, ManagementPassword))
                {
                    try
                    {
                        using (UserPrincipal up = new UserPrincipal(pc, username, password, true))
                        {
                            up.GivenName = firstName; up.Surname = lastName; up.DisplayName = firstName + " " + lastName; up.UserPrincipalName = username + "@" + Domain; up.Save();
                        }
                    }
                    catch (PasswordException) { return null; }
                }

问题是，有一个复制时间域通常有15分钟的新帐户。当有人希望在连接到不同DC（而非服务器）的工作站上使用按需创建帐户时，尝试实现按需创建帐户时，这不起作用。他们最终不得不坐在工作站前长达15分钟，无法登录

问题: 有没有一种方法可以基于客户端IP地址连接到DC以在该DC上创建它？或者，是否有办法在所有DC上创建帐户，并使复制符合此要求？或者在搜索的基础上强制帐户以编程方式复制，所以，我猜不会

            Forest adForest = Forest.GetCurrentForest();
            ActiveDirectorySite[] sites = new ActiveDirectorySite[adForest.Sites.Count];
            adForest.Sites.CopyTo(sites, 0);
            List<ActiveDirectorySubnet> subnets = new List<ActiveDirectorySubnet>();
            sites.ToList().ForEach(x =>
            {
                ActiveDirectorySubnet[] subnetTemp = new ActiveDirectorySubnet[x.Subnets.Count];
                x.Subnets.CopyTo(subnetTemp, 0);
                subnets.AddRange(subnetTemp);
            });
            IPAddress address = IPAddress.Parse("IPAddress to look up closest DC");
            var currentSubnet = subnets.Where(x => address.IsInRange(x.Name));
            var location = currentSubnet.First().Site.Name;

            DomainController dc = DomainController.FindOne(new DirectoryContext(DirectoryContextType.Domain, Domain), location);

并创建一个用户

注意：IPAddress函数是通过github上的NetTools IPAddressRange类及其以下自定义扩展完成的

/// <summary>
/// All extensions for IPAddress type
/// </summary>
public static class IPAddressExtension
{
    /// <summary>
    /// Determine whether this IP address is part of the range/subnet
    /// </summary>
    /// <param name="range">A range of IPAddresses</param>
    /// <returns></returns>
    public static bool IsInRange(this IPAddress thisIP, IPAddressRange range)
    {
        return range.Contains(thisIP);
    }

    /// <summary>
    /// Determine whether this IP address is part of the range/subnet
    /// </summary>
    /// <param name="range">Can be specified in CIDR/UNI (ex: 192.168.10.0/24) </param>
    /// <returns></returns>
    public static bool IsInRange(this IPAddress thisIP, string rangeIP)
    {
        IPAddressRange range = IPAddressRange.Parse(rangeIP);
        return range.Contains(thisIP);
    }

    /// <summary>
    /// Determine whether this IP address is part of the range/subnet
    /// </summary>
    /// <param name="ipBegin">Beginning IP address of range</param>
    /// <param name="ipEnd">Ending IP address of range</param>
    /// <returns></returns>
    public static bool IsInRange(this IPAddress thisIP, IPAddress ipBegin, IPAddress ipEnd)
    {
        IPAddressRange range = new IPAddressRange(ipBegin, ipEnd);
        return range.Contains(thisIP);
    }
}

我已经在我的工作自动化广告帐户创建了。但我没有费心推动复制。这可能比它的价值更多的工作。对我们来说，在15分钟内拥有一个可用的帐户比自动化之前的等待时间要好得多。是的，我们有公共电台，人们可以注册、转身和登录。对于我们的员工来说，这是非常好的，因为我们在需要登录之前的几天内就已经在招聘时创建了帐户。问题出在点播账户上。公共电台是否已经使用广告账户登录，比如普通客户账户或其他什么？如果是这样的话，您可以提取LOGONSERVER环境变量，该变量将告诉您它的身份验证对象是哪个域控制器。我忘了提出一个问题，即这是信息亭上的网页。因此，web服务器创建帐户，LOGONSERVER env变量将是web服务器的LOGONSERVER，我相信。是的，这使它变得更难。我快速搜索了一下，但找不到任何可靠的东西。如果你知道这个站点，你可以确定最好的DC，但我还没有找到一种方法将任意IP映射到最近的站点。这太棒了。有一天我可能会需要它。我拒绝接受所有现有的堆栈溢出答案，因为它无法完成：。

/// <summary>
/// All extensions for IPAddress type
/// </summary>
public static class IPAddressExtension
{
    /// <summary>
    /// Determine whether this IP address is part of the range/subnet
    /// </summary>
    /// <param name="range">A range of IPAddresses</param>
    /// <returns></returns>
    public static bool IsInRange(this IPAddress thisIP, IPAddressRange range)
    {
        return range.Contains(thisIP);
    }

    /// <summary>
    /// Determine whether this IP address is part of the range/subnet
    /// </summary>
    /// <param name="range">Can be specified in CIDR/UNI (ex: 192.168.10.0/24) </param>
    /// <returns></returns>
    public static bool IsInRange(this IPAddress thisIP, string rangeIP)
    {
        IPAddressRange range = IPAddressRange.Parse(rangeIP);
        return range.Contains(thisIP);
    }

    /// <summary>
    /// Determine whether this IP address is part of the range/subnet
    /// </summary>
    /// <param name="ipBegin">Beginning IP address of range</param>
    /// <param name="ipEnd">Ending IP address of range</param>
    /// <returns></returns>
    public static bool IsInRange(this IPAddress thisIP, IPAddress ipBegin, IPAddress ipEnd)
    {
        IPAddressRange range = new IPAddressRange(ipBegin, ipEnd);
        return range.Contains(thisIP);
    }
}