All geek questions in one place

Use C # to shut down a computer in Active Directory

I am trying to write a quick and dirty C # .exe that I can distribute to some students in our IT office..exe should be able to detect the name of the machine it is running on, look for that name in Active Directory and disable the computer record. So far I have not had a problem finding the name or searching, but the bit of the delete code gives me a false result when I can go directly to Active Directory to see that the record in the computer is not disabled.

private void confirmRemoveButton_Click(object sender, EventArgs e) { string computerName = Environment.MachineName; using (PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, null, "useraccount", "password")) { ComputerPrincipal computer = ComputerPrincipal.FindByIdentity(domainContext, computerName); if (computer != null) { try { computer.Enabled = false; label3.Visible = true; label3.Text = "Computer was disabled in Active Directory."; button1.Visible = true; } catch (Exception x) { label3.Visible = true; label3.Text = "Unable to disable computer with exception " + x; button1.Visible = true; } } else if (computer == null) { label3.Visible = true; label3.Text = "Computer was not found in Active Directory."; button1.Visible = true; } else { label3.Visible = true; label3.Text = "Unexpected error in computer search."; button1.Visible = true; } } }

This is the code that I have right now; the previous code is related to the fact that the user checks the computer name for the name of the detected computer and confirms that he really wants to disable the computer account. As soon as they click to confirm this (the misleading currently labeled delete confirmation button), he must run this code to report success or failure. However, during testing, it reports success, although I see that the computer object is not disconnected.

This link (http://stackoverflow.com/questions/591681/using-c-how-do-you-check-if-a-computer-account-is-disabled-in-active-directory) is a related topic with disabling the computer account in the header, but the comments and code seem to suggest that this refers to disabling the user account.

Any insight would be appreciated :)

+4
source share
2 answers

You need to save the PrincipalComputer object. Otherwise, your code is fine. Here is a simple version of a console application that will not return anything if the computer does not exist.

  static void Main(string[] args) { Console.WriteLine("Enter the name of the computer you wish to disable"); string ComputerName = Console.ReadLine(); if (ComputerName != "" && ComputerName != null) { using (PrincipalContext TargetDomain = new PrincipalContext(ContextType.Domain, null, "admin", "password")) { ComputerPrincipal TargetComputer = ComputerPrincipal.FindByIdentity(TargetDomain, ComputerName); if (TargetComputer != null) { if ((bool)TargetComputer.Enabled) { Console.WriteLine("Computer is currently enabled, it will now be disabled"); TargetComputer.Enabled = false; Console.WriteLine("Is computer now enabled? " + TargetComputer.Enabled); TargetComputer.Save(); } else { Console.WriteLine("Computer is currently disabled, it will now be enabled"); TargetComputer.Enabled = true; Console.WriteLine("Is computer now enabled? " + TargetComputer.Enabled); TargetComputer.Save(); } Console.Read(); } } } }

dang, Cyrene beat me!

Please note that sometimes it may take some time before AD finds out what happened.

+3
source

You need to call Save on the ComputerPrincipal object:

http://msdn.microsoft.com/en-us/library/bb354074.aspx

+4
source

Source: https://habr.com/ru/post/1436475/

More articles:


All Articles