/// <summary> /// /// </summary> /// <param name="loginName"></param> /// <param name="groupDN"></param> /// <returns></returns> public static bool RemoveUserFromGroup(string loginName, string groupDN) { LdapEntry entry = GetUser(loginName); if (entry == null) { throw new Exception($"名为:{loginName} 的用户在AD中不存在"); } List <string> memberOf = entry.AttrStringValueArray("memberOf"); if (!memberOf.Contains(groupDN)) { throw new Exception($"名为:{loginName} 的用户不存在于组: {groupDN} 中"); } LdapModification[] modGroup = new LdapModification[1]; LdapAttribute member = new LdapAttribute("member", entry.DN); modGroup[0] = new LdapModification(LdapModification.DELETE, member); try { _connection.Modify(groupDN, modGroup); } catch (LdapException e) { System.Console.Error.WriteLine("Failed to delete group's attributes: " + e.LdapErrorMessage); return(false); } catch (Exception e) { Console.Error.WriteLine("RemoveUserFromGroup Error:" + e.Message); return(false); } return(true); }