471,354 Members | 2,121 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,354 software developers and data experts.

Creating a user using Active Directory

Hi,

I'm using the following code to create a user:

Dim strNodeName As String = "test user"
Dim NewUser As DirectoryEntry
Dim AD As New DirectoryEntry("WinNT://MYCOMPUTER")

'delete user when existing
Try
NewUser = AD.Children.Find(strNodeName, "User")
AD.Children.Remove(NewUser)
'catch 'not found' exception
Catch comEx As COMException
Console.WriteLine(comEx.Message)
End Try

'add user using the user schema
NewUser = AD.Children.Add(strNodeName, "user")
NewUser.Properties("description").Add("test user")

'set user flags, sets normal user and pwd cant change
NewUser.Properties("userFlags").Add(UF_NORMAL_ACCO UNT Or
UF_PASSWD_CANT_CHANGE)

'invoke native method 'Setpassword; before comitting
NewUser.Invoke("SetPassword", New Object() {"mysecret"})
NewUser.CommitChanges()

'add user toguest alias
Dim grp As DirectoryEntry = AD.Children.Find("Administrators", "group")
If Not grp.Name Is Nothing Then
grp.Invoke("Add", New Object() {NewUser.Path.ToString()})
Console.WriteLine("Account Created Successfully")
End If

This works fine if I set the domain to be the computer that the code runs on
but if I set it to be our companies domain then I get a
System.UnauthorizedAccessException. So I when instntiating 'AD' I aslo
passed in the username and password of the administrator on the domain who
is allowed to add users.

I then don;t get an exception, everything runs fine but no user is added to
the local machine, even after reboot. What am I doing wrong?

TIA

Jul 21 '05 #1
1 5015
>Dim strNodeName As String = "test user"
Dim AD As New DirectoryEntry("WinNT://MYCOMPUTER")
NewUser = AD.Children.Add(strNodeName, "user")
This works fine if I set the domain to be the computer that the code runs on
but if I set it to be our companies domain then I get a
System.UnauthorizedAccessException.


Well, first of all, if you have a "company domain", I would STRONGLY
suggest using the LDAP:// provider rather than the WinNT:// provider.
This WinNT codebae is really only provided as a backwards
compatibility mechanism for NT4 domains, and should be avoided
whenever possible. Also, the WinNT provider does NOT support your
Active Directory hierarchy - you can't create users in specific OU's
(since the WinNT provider only knows about a flat, non-hierarchical
model without OU's).

So I'd suggest using something like:

Dim AD As New DirectoryEntry("LDAP://cn=Users,dc=YourCOmpany,dc=com");
Dim NewUser as DirectoryEntry
NewUser = AD.Children.Add("cn=YourUserName", "user");
'' set properties for NewUser, then store them back to AD
NewUser.CommitChanges();

Secondly, in a corporate domain environment, your default user might
not have permissions to do such things as create a new user - you
possibly need to a) grant your user admin rights (at least on the OU
you're interested in), or b) use another user (and specify it in your
call to "New DirectoryEntry()".

Also, if you're in an ASP.NET environment, often this "serverless
binding" as mentioned above won't work, and you'd need to specify a
particular DC by machine name which should be used for your binding
operations:

Dim AD As New
DirectoryEntry("LDAP://DC01.YourCompan.com/cn=Users,dc=YourCOmpany,dc=com");
HTH
Marc
================================================== ==============
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch
Jul 21 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by B. Zuidgeest | last post: by
2 posts views Thread by Technical Group | last post: by
6 posts views Thread by Leo_Surf | last post: by
1 post views Thread by elziko | last post: by
1 post views Thread by Carlettus | last post: by
7 posts views Thread by Vio | last post: by
reply views Thread by XIAOLAOHU | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.