473,385 Members | 1,610 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,385 software developers and data experts.

Active directory user creation with c# (question concerning principalUsername and samAccountName)

Hello all

In our project we have been using the samAccount name to authenticate users
against the active directory. As the samAccountName is limited to 20
characters, we are going to use the userPrincipalName. Unfortunately, i
couldtnt make it work until now. I ve got a .Net programm that access the
active directory through the third party dll "Interop.ActiveDs.dll"
(namespace ActiveDs). The code to create the user with using the
samAccountName looks like this:

DirectoryEntry newUser = mDirectoryEntry.Children.Add("CN=" + pLoginName,
"user");

newUser.Properties["samAccountName"].Value = pLoginName;

newUser.CommitChanges();

//get native object of the new user and add user to group

IADsUser nativeNewUser = (IADsUser)newUser.NativeObject;

for (int i = 0; i < pGroups.Length; i++) {

DirectoryEntry group = mDirectoryEntry.Children.Find(pGroups[i], "group");

group.Properties["member"].Add(newUser.Properties["distinguishedName"].Value);

group.CommitChanges(); // In order to work in AD: Group Properties->Managed
By -> "Manager can update membership list : must be set

}

//set properties for the new user

nativeNewUser.SetPassword(pPassword);

nativeNewUser.AccountDisabled = false;

nativeNewUser.Put("userPrincipalName", pLoginName);

int currSettings = (int)nativeNewUser.Get("userAccountControl");

currSettings |= UF_PASSWD_CANT_CHANGE;

currSettings |= UF_DONT_EXPIRE_PASSWD;

nativeNewUser.Put("userAccountControl", currSettings);

newUser.CommitChanges();



Now what do i have to change to make it run with the principelUsername. Ive
tried several variations like assigning the principelUsername the same way
as the samAccountName in the example above, or assigning only with put. Can
anybody help me with this. I would be very grateful. Thanks in advance

Daniel

PS: to verify whether creation of a user has been successfull i use the
following code:

private bool CheckPassword(string pLoginName, string pPassword) {

try {

DirectoryEntry usr = new DirectoryEntry(mProviderUrl, pLoginName, pPassword,
AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);

DirectorySearcher se = new DirectorySearcher(usr);

try {

SearchResult result = se.FindOne();

return true;

} catch(Exception ee) {

return false;

}

} catch(Exception exc) {

throw new Exception("Error while checking password for user " + pLoginName,
exc);

}

}




Jun 29 '06 #1
2 10085
Hallo

Der grund war, dass der userPrincipalName eine suffix hat. z.B.
us***************@domain.com . Dieser musste angegeben werden (nicht bei der
erstellung aber bei operationen)

Gruss Dani

"Daniel Knöpfel" <dd****@iphch.chwrote in message
news:%2****************@TK2MSFTNGP04.phx.gbl...
Hello all

In our project we have been using the samAccount name to authenticate
users against the active directory. As the samAccountName is limited to 20
characters, we are going to use the userPrincipalName. Unfortunately, i
couldtnt make it work until now. I ve got a .Net programm that access the
active directory through the third party dll "Interop.ActiveDs.dll"
(namespace ActiveDs). The code to create the user with using the
samAccountName looks like this:

DirectoryEntry newUser = mDirectoryEntry.Children.Add("CN=" + pLoginName,
"user");

newUser.Properties["samAccountName"].Value = pLoginName;

newUser.CommitChanges();

//get native object of the new user and add user to group

IADsUser nativeNewUser = (IADsUser)newUser.NativeObject;

for (int i = 0; i < pGroups.Length; i++) {

DirectoryEntry group = mDirectoryEntry.Children.Find(pGroups[i], "group");

group.Properties["member"].Add(newUser.Properties["distinguishedName"].Value);

group.CommitChanges(); // In order to work in AD: Group
Properties->Managed By -"Manager can update membership list : must be
set

}

//set properties for the new user

nativeNewUser.SetPassword(pPassword);

nativeNewUser.AccountDisabled = false;

nativeNewUser.Put("userPrincipalName", pLoginName);

int currSettings = (int)nativeNewUser.Get("userAccountControl");

currSettings |= UF_PASSWD_CANT_CHANGE;

currSettings |= UF_DONT_EXPIRE_PASSWD;

nativeNewUser.Put("userAccountControl", currSettings);

newUser.CommitChanges();



Now what do i have to change to make it run with the principelUsername.
Ive tried several variations like assigning the principelUsername the same
way as the samAccountName in the example above, or assigning only with
put. Can anybody help me with this. I would be very grateful. Thanks in
advance

Daniel

PS: to verify whether creation of a user has been successfull i use the
following code:

private bool CheckPassword(string pLoginName, string pPassword) {

try {

DirectoryEntry usr = new DirectoryEntry(mProviderUrl, pLoginName,
pPassword, AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);

DirectorySearcher se = new DirectorySearcher(usr);

try {

SearchResult result = se.FindOne();

return true;

} catch(Exception ee) {

return false;

}

} catch(Exception exc) {

throw new Exception("Error while checking password for user " +
pLoginName, exc);

}

}






Jul 6 '06 #2
Hello all

We have found a solution. The code listed below is actually correct. Just
accessing the user afterwards must be done differently as the
userPrincipalName has got an e-mail like suffix and the samAccountName a
prefix.

Greetings

Daniel

"Daniel Knöpfel" <dd****@iphch.chwrote in message
news:%2****************@TK2MSFTNGP04.phx.gbl...
Hello all

In our project we have been using the samAccount name to authenticate
users against the active directory. As the samAccountName is limited to 20
characters, we are going to use the userPrincipalName. Unfortunately, i
couldtnt make it work until now. I ve got a .Net programm that access the
active directory through the third party dll "Interop.ActiveDs.dll"
(namespace ActiveDs). The code to create the user with using the
samAccountName looks like this:

DirectoryEntry newUser = mDirectoryEntry.Children.Add("CN=" + pLoginName,
"user");

newUser.Properties["samAccountName"].Value = pLoginName;

newUser.CommitChanges();

//get native object of the new user and add user to group

IADsUser nativeNewUser = (IADsUser)newUser.NativeObject;

for (int i = 0; i < pGroups.Length; i++) {

DirectoryEntry group = mDirectoryEntry.Children.Find(pGroups[i], "group");

group.Properties["member"].Add(newUser.Properties["distinguishedName"].Value);

group.CommitChanges(); // In order to work in AD: Group
Properties->Managed By -"Manager can update membership list : must be
set

}

//set properties for the new user

nativeNewUser.SetPassword(pPassword);

nativeNewUser.AccountDisabled = false;

nativeNewUser.Put("userPrincipalName", pLoginName);

int currSettings = (int)nativeNewUser.Get("userAccountControl");

currSettings |= UF_PASSWD_CANT_CHANGE;

currSettings |= UF_DONT_EXPIRE_PASSWD;

nativeNewUser.Put("userAccountControl", currSettings);

newUser.CommitChanges();



Now what do i have to change to make it run with the principelUsername.
Ive tried several variations like assigning the principelUsername the same
way as the samAccountName in the example above, or assigning only with
put. Can anybody help me with this. I would be very grateful. Thanks in
advance

Daniel

PS: to verify whether creation of a user has been successfull i use the
following code:

private bool CheckPassword(string pLoginName, string pPassword) {

try {

DirectoryEntry usr = new DirectoryEntry(mProviderUrl, pLoginName,
pPassword, AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);

DirectorySearcher se = new DirectorySearcher(usr);

try {

SearchResult result = se.FindOne();

return true;

} catch(Exception ee) {

return false;

}

} catch(Exception exc) {

throw new Exception("Error while checking password for user " +
pLoginName, exc);

}

}






Jul 25 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: Sara | last post by:
Dear Sir, I want to access to a special group in active directory but with this function I could just see that a special user is exist in active directory or not, I mean I want to see that a user...
10
by: huzz | last post by:
I have web application that quaries the Active Directory to get user details.. everything works fine but someday I'll get System.Runtime.InteropServices.COMExection and if I restart the client...
2
by: Technical Group | last post by:
Friends, Can anybody help me out by sending a piece of C# code showing how to add an active directory user to a particular user group? If the group does not exist, then create it. Thanks in...
1
by: tangus via DotNetMonster.com | last post by:
Hello all, I'm really struggling with getting some Active Directory code to work in ASP.NET. Can you please provide assistance? I am executing the following code: Dim enTry As DirectoryEntry =...
0
by: Sara | last post by:
Dear Sir, I want to access to a special group in active directory but with this function I could just see that a special user is exist in active directory or not, I mean I want to see that a user...
18
by: Arthur | last post by:
Hi All, I would like to get the name of the user given their networkID, is this something Active Directory would be useful for?(For intranet users) If so, can you please point me to some sample...
3
by: =?Utf-8?B?YXppZWdsZXI=?= | last post by:
Hello, everybody. I'd like to do this: For a big program (a web service) I need information about the usergroups an active-directory-user is member of. To be more precise, I need to know if a...
1
by: Carlettus | last post by:
Dear All, sorry but I'm not sure if this is the right place to post my problem. I was using the following asp code to create users in Active Directory. Suddenly, and I don't know the reason, users...
0
by: justintaitt | last post by:
Hi, I am new to active directory and am trying to query it for the user name and ID of members of a group to populate a drop down list in the form: firstname lastname (userID) When I run the page...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
0
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
0
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
0
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.