Hello all
We have found a solution. The code listed below is actually correct. Just
accessing the user afterwards must be done differently as the
userPrincipalName has got an e-mail like suffix and the samAccountName a
prefix.
Greetings
Daniel
"Daniel Knöpfel" <ddndkn@iphch.chwrote in message
news:%23moZR74mGHA.1204@TK2MSFTNGP04.phx.gbl...
Hello all
>
In our project we have been using the samAccount name to authenticate
users against the active directory. As the samAccountName is limited to 20
characters, we are going to use the userPrincipalName. Unfortunately, i
couldtnt make it work until now. I ve got a .Net programm that access the
active directory through the third party dll "Interop.ActiveDs.dll"
(namespace ActiveDs). The code to create the user with using the
samAccountName looks like this:
>
DirectoryEntry newUser = mDirectoryEntry.Children.Add("CN=" + pLoginName,
"user");
>
newUser.Properties["samAccountName"].Value = pLoginName;
>
newUser.CommitChanges();
>
//get native object of the new user and add user to group
>
IADsUser nativeNewUser = (IADsUser)newUser.NativeObject;
>
for (int i = 0; i < pGroups.Length; i++) {
>
DirectoryEntry group = mDirectoryEntry.Children.Find(pGroups[i], "group");
>
group.Properties["member"].Add(newUser.Properties["distinguishedName"].Value);
>
group.CommitChanges(); // In order to work in AD: Group
Properties->Managed By -"Manager can update membership list : must be
set
>
}
>
//set properties for the new user
>
nativeNewUser.SetPassword(pPassword);
>
nativeNewUser.AccountDisabled = false;
>
nativeNewUser.Put("userPrincipalName", pLoginName);
>
int currSettings = (int)nativeNewUser.Get("userAccountControl");
>
currSettings |= UF_PASSWD_CANT_CHANGE;
>
currSettings |= UF_DONT_EXPIRE_PASSWD;
>
nativeNewUser.Put("userAccountControl", currSettings);
>
newUser.CommitChanges();
>
>
>
>
>
>
>
Now what do i have to change to make it run with the principelUsername.
Ive tried several variations like assigning the principelUsername the same
way as the samAccountName in the example above, or assigning only with
put. Can anybody help me with this. I would be very grateful. Thanks in
advance
>
Daniel
>
>
>
>
>
PS: to verify whether creation of a user has been successfull i use the
following code:
>
private bool CheckPassword(string pLoginName, string pPassword) {
>
try {
>
DirectoryEntry usr = new DirectoryEntry(mProviderUrl, pLoginName,
pPassword, AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);
>
DirectorySearcher se = new DirectorySearcher(usr);
>
try {
>
SearchResult result = se.FindOne();
>
return true;
>
} catch(Exception ee) {
>
return false;
>
}
>
} catch(Exception exc) {
>
throw new Exception("Error while checking password for user " +
pLoginName, exc);
>
}
>
}
>
>
>
>
>
>
>
>
>
>
>
>
>
>
