假设你得到一个SuperDuperEnterpriseDomain的用户名和密码，使用的 DsBindWithCred 。注意，这个函数将失败，拒绝访问，即使凭据是技术上有效，如该帐户被锁定。既然你没有加入到目标域，您将无法调用LogonUser以获得为什么凭证无效更精细的细节。

Assuming that you are getting a SuperDuperEnterpriseDomain's username and password, use DsBindWithCred. Note that this function fails with Access Denied even when the credentials are technically valid, such as the account being locked out. Since you are not joined to the target domain, you won't be able to call LogonUser to get finer details on why the credentials are invalid.

有关code，看到我的回答另一个问题。你可以用普通的字符串替换SecureString的的，如果你不介意的安全隐患。

For code, see my answer to another question. You can replace the SecureString's with regular strings if you don't mind the security implications.