471,603 Members | 1,778 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,603 software developers and data experts.

ADSI - Creating an AD account but not forcing a "change password on first login"

Having a heck of a time trying to create a ton of AD user accounts in a specific
OU without having the users be forced to change their password upon a successful
login.

After creating the account (and committing the changes), I have the following
code that works:
// password info
userEntry.Invoke("SetPassword", new object[]{this.m_defaultPassword});
userEntry.Properties["pwdLastSet"].Value = 0;
userEntry.Properties["userAccountControl"].Value = 0x200; //ADS_UF_DONT_EXPIRE_PASSWD
userEntry.CommitChanges();

I've tried setting a value for the "pwdLastSet" property, and also trying
a few different combinations for the "userAccountControl" integer bitmap,
but no luck (either throwing exceptions or just not desireable results.

After searching various groups for solutions (managed or scripted), I'm still
at a loss, hence this posting. Any tips/pointers would be greatly appreciated.

--
-AC [MVP MCMS]
http://www.andrewconnell.com
http://www.andrewconnell.com/mvp
Feb 8 '06 #1
2 2531
>After creating the account (and committing the changes), I have the following
code that works:
// password info
userEntry.Invoke("SetPassword", new object[]{this.m_defaultPassword});
userEntry.Properties["pwdLastSet"].Value = 0;
userEntry.Properties["userAccountControl"].Value = 0x200; //ADS_UF_DONT_EXPIRE_PASSWD
userEntry.CommitChanges();


You just got the ADS_UF_DONT_EXPIRE_PASSWD wrong - that's all ;-)

0x0200 is "normal account"
0x2000 is "don't expire password"

and combined it would be 0x2200

Try setting it to that value - it ought to work if you do!;-)

HTH
Marc
Feb 8 '06 #2
Thanks for the reply Mark, unfortunately it didn't work, however you got
me in the right direction.

The hex you need to assign to the "userAccountControl" property is 0x220,
not 0x2200 (that was throwing a COMException). I also had to remove the line
containing the "pwdLastSet" property.

Thanks!

--
-AC [MVP MCMS]
http://www.andrewconnell.com
http://www.andrewconnell.com/mvp
After creating the account (and committing the changes), I have the
following
code that works:
// password info
userEntry.Invoke("SetPassword", new
object[]{this.m_defaultPassword});
userEntry.Properties["pwdLastSet"].Value = 0;
userEntry.Properties["userAccountControl"].Value = 0x200;
//ADS_UF_DONT_EXPIRE_PASSWD
userEntry.CommitChanges();

You just got the ADS_UF_DONT_EXPIRE_PASSWD wrong - that's all ;-)

0x0200 is "normal account"
0x2000 is "don't expire password"
and combined it would be 0x2200

Try setting it to that value - it ought to work if you do!;-)

HTH
Marc

Feb 8 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

3 posts views Thread by =?Utf-8?B?QXhlbCBEYWhtZW4=?= | last post: by
3 posts views Thread by groupie | last post: by
reply views Thread by leo001 | last post: by
reply views Thread by CCCYYYY | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.