程式取得 AD 驗證完後, 帳號詳細狀態
很多朋友會開發與 AD 驗證帳號的程式, 並希望取得帳號的狀態值, 提供一個簡單的方式可以方式知道這些狀態.
catch (System.DirectoryServices.DirectoryServicesCOMException directoryServiceCOMException)
{
Console.WriteLine("---------------------------------------------------------------");
Console.WriteLine(string.Format("{0}: Message: {1}", DateTime.Now.ToString(), directoryServiceCOMException.Message));
Console.WriteLine(string.Format("{0}: Message: {1}", DateTime.Now.ToString(), directoryServiceCOMException.ErrorCode));
Console.WriteLine(string.Format("{0}: Message: {1}", DateTime.Now.ToString(), directoryServiceCOMException.ExtendedError));
Console.WriteLine(string.Format("{0}: Message: {1}", DateTime.Now.ToString(), directoryServiceCOMException.ExtendedErrorMessage));
}
directoryServiceCOMException.ExtendedErrorMessage 中會回傳帳號的詳細狀態:
[LDAP: error code 49 – 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 775, vece ]
代號相關的狀態說明:
| 525 | user not found |
| 52e | invalid credentials |
| 530 | not permitted to logon at this time |
| 531 | not permitted to logon at this workstation |
| 532 | password expired |
| 533 | account disabled |
| 701 | account expired |
| 773 | user must reset password |
| 775 | user account locked |
回傳錯誤代碼可參考 : https://msdn.microsoft.com/en-us/library/ms681381(VS.85).aspx
HTH. Jacky