Will this code work with an NT domain?

Peter,

On domains where there is not an AD controller, the call to GetObject
will return nothing, so it will not work.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard. caspershouse.co m

"Peter Steele" <ps*****@z-force.com> wrote in message
news:el******** ******@TK2MSFTN GP09.phx.gbl...

I have code to add a domain user to a local group but I'm not sure if it
will work with NT domains or whether it will only work with Active
Directory based systems. Here's the code:

public void AddDomainUserTo LocalGroup(stri ng computerName, string
groupName, string domainName, string userName)
{
Hashtable htRet = new Hashtable();
IADsContainer groupComputer = (IADsContainer) Win32.GetObject ("WinNT://"
+ computerName + ",computer" );
IADsGroup group = (IADsGroup)grou pComputer.GetOb ject("group",
groupName);
group.Add("WinN T://" + domainName + "/" + userName);
}

Is there a generic implementation of this that would work with both NT and
AD domains? I assume there must be an underlying Win32 API call I could
make?

Peter

"Nicholas Paldino [.NET/C# MVP]" <mv*@spam.guard .caspershouse.c om> wrote in
message news:uP******** ******@TK2MSFTN GP14.phx.gbl...

Peter,

On domains where there is not an AD controller, the call to GetObject
will return nothing, so it will not work.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard. caspershouse.co m

"Peter Steele" <ps*****@z-force.com> wrote in message
news:el******** ******@TK2MSFTN GP09.phx.gbl...

I have code to add a domain user to a local group but I'm not sure if it
will work with NT domains or whether it will only work with Active
Directory based systems. Here's the code:

public void AddDomainUserTo LocalGroup(stri ng computerName, string
groupName, string domainName, string userName)
{
Hashtable htRet = new Hashtable();
IADsContainer groupComputer =
(IADsContainer) Win32.GetObject ("WinNT://" + computerName + ",computer" );
IADsGroup group = (IADsGroup)grou pComputer.GetOb ject("group",
groupName);
group.Add("WinN T://" + domainName + "/" + userName);
}

"Peter Steele" <ps*****@z-force.com> wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. ..

Is there a generic implementation of this that would work with both NT and
AD domains? I assume there must be an underlying Win32 API call I could
make?

Yep, here's a sample...

using System.Director yServices;
.....

private static void AddToGroup(stri ng groupName)
{
// Domain administrator account as a sample...
string userPath = "WinNT://DCName/Administrator,U ser";
DirectoryEntry userEntry = new DirectoryEntry( userPath,
"domainadmin"," hispwd", AuthenticationT ypes.ServerBind );
object o = userEntry.Nativ eObject;
if (o == null)
{
Console.WriteLi ne("No such account");
return;
}

using(Directory Entry container = new
DirectoryEntry( "WinNT://localMachineNam e","localadmin" , "hispwd",
AuthenticationT ypes.ServerBind ))
{
DirectoryEntry groupEntry = container.Child ren.Find(groupN ame, "group");
object newEntry = groupEntry.Invo ke("add",
new object[] {userEntry.Path } );
groupEntry.Comm itChanges();
}
}

public static void Main() {
// Add domain Administrator to Guests
AddToGroup("Gue sts");
}

Willy.

Thanks for this code, I'll have to give it a try. Is there similar technique
for creating a domain account using DirectoryServic es? I basically want to
do something like NetUserAdd to add user X to domain Y and there is a
possibility that the workstation where I am running the code will not be in
the domain.

"Willy Denoyette [MVP]" <wi************ *@pandora.be> wrote in message
news:%2******** ********@TK2MSF TNGP11.phx.gbl. ..

"Peter Steele" <ps*****@z-force.com> wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. ..

Is there a generic implementation of this that would work with both NT
and AD domains? I assume there must be an underlying Win32 API call I
could make?

Yep, here's a sample...

using System.Director yServices;
....

private static void AddToGroup(stri ng groupName)
{
// Domain administrator account as a sample...
string userPath = "WinNT://DCName/Administrator,U ser";
DirectoryEntry userEntry = new DirectoryEntry( userPath,
"domainadmin"," hispwd", AuthenticationT ypes.ServerBind );
object o = userEntry.Nativ eObject;
if (o == null)
{
Console.WriteLi ne("No such account");
return;
}

using(Directory Entry container = new
DirectoryEntry( "WinNT://localMachineNam e","localadmin" , "hispwd",
AuthenticationT ypes.ServerBind ))
{
DirectoryEntry groupEntry = container.Child ren.Find(groupN ame, "group");
object newEntry = groupEntry.Invo ke("add",
new object[] {userEntry.Path } );
groupEntry.Comm itChanges();
}
}

public static void Main() {
// Add domain Administrator to Guests
AddToGroup("Gue sts");
}

Willy.

"Peter Steele" <ps*****@z-force.com> wrote in message
news:Ol******** *****@TK2MSFTNG P12.phx.gbl...

Thanks for this code, I'll have to give it a try. Is there similar
technique for creating a domain account using DirectoryServic es? I
basically want to do something like NetUserAdd to add user X to domain Y
and there is a possibility that the workstation where I am running the
code will not be in the domain.

Sure, check this
http://msdn.microsoft.com/library/de...ry_objects.asp

Note that most of the samples in
http://msdn.microsoft.com/library/en..._examples.asp?
are for AD domain management using the LDAP provider interface, NT4 domains
only support a limitted subset of the AD properties and the semantics and
syntax can differ significantly, check MSDN for differences.

To get you started, here's a sample that creates a local account in the
Guest alias.

using System.Director yServices;
using System.Runtime. InteropServices ;
using System;
class AdsiUser
{
// User flags used to set user properties see AdSI doc's in MSDN
const int UF_SCRIPT = 0x0001;
const int UF_ACCOUNTDISAB LE = 0x0002;
const int UF_HOMEDIR_REQU IRED = 0x0008;
const int UF_LOCKOUT = 0x0010;
const int UF_PASSWD_NOTRE QD = 0x0020;
const int UF_PASSWD_CANT_ CHANGE = 0x0040;
const int UF_TEMP_DUPLICA TE_ACCOUNT = 0x0100;
const int UF_NORMAL_ACCOU NT = 0x0200;
const int UF_DONT_EXPIRE_ PASSWD = 0x10000;
const int UF_PASSWORD_EXP IRED = 0x800000;
public static void Main()
{
string userName = "Tester";
DirectoryEntry NewUser;
//Bind and get the local computer container object using WinNT provider
// Use LDAP as provider to bind against an AD domain
using(Directory Entry computer = new DirectoryEntry( "WinNT://" +
Environment.Mac hineName + ",computer" , ".\\Administrat or", "kevin"))
{
// delete user when existing
NewUser = computer.Childr en.Find(userNam e, "User");
if (NewUser != null)
computer.Childr en.Remove(NewUs er);

// Add entry using the user schema
NewUser = computer.Childr en.Add(userName , "user");
NewUser.Propert ies["fullname"].Add("Tester account");
NewUser.Propert ies["descriptio n"].Add("test user acount");
NewUser.Propert ies["PasswordExpire d"].Add(1); // user must change
password at next login
// Set some user flags
// this flag is different when binding to computer domain using LDAP
NewUser.Propert ies["userFlags"].Add(UF_NORMAL_ ACCOUNT
|UF_DONT_EXPIRE _PASSWD
);
// invoke native method 'SetPassword' before commiting
// for computer domain accounts this must be done after commiting
NewUser.Invoke( "SetPasswor d", new Object[] {"#12345Abc" });
NewUser.CommitC hanges();
foreach(string s in NewUser.Propert ies.PropertyNam es)
Console.WriteLi ne(s + " " + (NewUser.Proper ties[s])[0]);

// Add user to guests alias
DirectoryEntry grp = computer.Childr en.Find("guests ", "group");
try {
if (grp.Name != null)
grp.Invoke("Add ", new Object[] {NewUser.Path.T oString()});
Console.WriteLi ne("Account Created Successfully");
}
catch(Exception ex)
{
Console.WriteLi ne(ex);
}
}
}
}
Willy.

Thanks much!

Peter

"Willy Denoyette [MVP]" <wi************ *@pandora.be> wrote in message
news:um******** ******@TK2MSFTN GP11.phx.gbl...

"Peter Steele" <ps*****@z-force.com> wrote in message
news:Ol******** *****@TK2MSFTNG P12.phx.gbl...

Thanks for this code, I'll have to give it a try. Is there similar
technique for creating a domain account using DirectoryServic es? I
basically want to do something like NetUserAdd to add user X to domain Y
and there is a possibility that the workstation where I am running the
code will not be in the domain.

Sure, check this
http://msdn.microsoft.com/library/de...ry_objects.asp

Note that most of the samples in
http://msdn.microsoft.com/library/en..._examples.asp?
are for AD domain management using the LDAP provider interface, NT4
domains only support a limitted subset of the AD properties and the
semantics and syntax can differ significantly, check MSDN for differences.

To get you started, here's a sample that creates a local account in the
Guest alias.

using System.Director yServices;
using System.Runtime. InteropServices ;
using System;
class AdsiUser
{
// User flags used to set user properties see AdSI doc's in MSDN
const int UF_SCRIPT = 0x0001;
const int UF_ACCOUNTDISAB LE = 0x0002;
const int UF_HOMEDIR_REQU IRED = 0x0008;
const int UF_LOCKOUT = 0x0010;
const int UF_PASSWD_NOTRE QD = 0x0020;
const int UF_PASSWD_CANT_ CHANGE = 0x0040;
const int UF_TEMP_DUPLICA TE_ACCOUNT = 0x0100;
const int UF_NORMAL_ACCOU NT = 0x0200;
const int UF_DONT_EXPIRE_ PASSWD = 0x10000;
const int UF_PASSWORD_EXP IRED = 0x800000;
public static void Main()
{
string userName = "Tester";
DirectoryEntry NewUser;
//Bind and get the local computer container object using WinNT provider
// Use LDAP as provider to bind against an AD domain
using(Directory Entry computer = new DirectoryEntry( "WinNT://" +
Environment.Mac hineName + ",computer" , ".\\Administrat or", "kevin"))
{
// delete user when existing
NewUser = computer.Childr en.Find(userNam e, "User");
if (NewUser != null)
computer.Childr en.Remove(NewUs er);

// Add entry using the user schema
NewUser = computer.Childr en.Add(userName , "user");
NewUser.Propert ies["fullname"].Add("Tester account");
NewUser.Propert ies["descriptio n"].Add("test user acount");
NewUser.Propert ies["PasswordExpire d"].Add(1); // user must change
password at next login
// Set some user flags
// this flag is different when binding to computer domain using LDAP
NewUser.Propert ies["userFlags"].Add(UF_NORMAL_ ACCOUNT
|UF_DONT_EXPIRE _PASSWD
);
// invoke native method 'SetPassword' before commiting
// for computer domain accounts this must be done after commiting
NewUser.Invoke( "SetPasswor d", new Object[] {"#12345Abc" });
NewUser.CommitC hanges();
foreach(string s in NewUser.Propert ies.PropertyNam es)
Console.WriteLi ne(s + " " + (NewUser.Proper ties[s])[0]);

// Add user to guests alias
DirectoryEntry grp = computer.Childr en.Find("guests ", "group");
try {
if (grp.Name != null)
grp.Invoke("Add ", new Object[] {NewUser.Path.T oString()});
Console.WriteLi ne("Account Created Successfully");
}
catch(Exception ex)
{
Console.WriteLi ne(ex);
}
}
}
}
Willy.

One thing I've noticed in your code is that you make explicit reference to
the domain controller:

"WinNT://DCName/Administrator,U ser"

In my original version the code doesn't need to know this information. All
it needs to know is the name of the domain, not the DC servicing the domain.
Is there a way around this or should I plan on passing it as a parameter?

"Willy Denoyette [MVP]" <wi************ *@pandora.be> wrote in message
news:%2******** ********@TK2MSF TNGP11.phx.gbl. ..

"Peter Steele" <ps*****@z-force.com> wrote in message
news:%2******** ********@tk2msf tngp13.phx.gbl. ..

Is there a generic implementation of this that would work with both NT
and AD domains? I assume there must be an underlying Win32 API call I
could make?

Yep, here's a sample...

using System.Director yServices;
....

private static void AddToGroup(stri ng groupName)
{
// Domain administrator account as a sample...
string userPath = "WinNT://DCName/Administrator,U ser";
DirectoryEntry userEntry = new DirectoryEntry( userPath,
"domainadmin"," hispwd", AuthenticationT ypes.ServerBind );
object o = userEntry.Nativ eObject;
if (o == null)
{
Console.WriteLi ne("No such account");
return;
}

using(Directory Entry container = new
DirectoryEntry( "WinNT://localMachineNam e","localadmin" , "hispwd",
AuthenticationT ypes.ServerBind ))
{
DirectoryEntry groupEntry = container.Child ren.Find(groupN ame, "group");
object newEntry = groupEntry.Invo ke("add",
new object[] {userEntry.Path } );
groupEntry.Comm itChanges();
}
}

public static void Main() {
// Add domain Administrator to Guests
AddToGroup("Gue sts");
}

Willy.