468,765 Members | 1,058 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,765 developers. It's quick & easy.

Active directory user creation with c# (question concerning principalUsername and samAccountName)

Hello all

In our project we have been using the samAccount name to authenticate users
against the active directory. As the samAccountName is limited to 20
characters, we are going to use the userPrincipalName. Unfortunately, i
couldtnt make it work until now. I ve got a .Net programm that access the
active directory through the third party dll "Interop.ActiveDs.dll"
(namespace ActiveDs). The code to create the user with using the
samAccountName looks like this:

DirectoryEntry newUser = mDirectoryEntry.Children.Add("CN=" + pLoginName,
"user");

newUser.Properties["samAccountName"].Value = pLoginName;

newUser.CommitChanges();

//get native object of the new user and add user to group

IADsUser nativeNewUser = (IADsUser)newUser.NativeObject;

for (int i = 0; i < pGroups.Length; i++) {

DirectoryEntry group = mDirectoryEntry.Children.Find(pGroups[i], "group");

group.Properties["member"].Add(newUser.Properties["distinguishedName"].Value);

group.CommitChanges(); // In order to work in AD: Group Properties->Managed
By -> "Manager can update membership list : must be set

}

//set properties for the new user

nativeNewUser.SetPassword(pPassword);

nativeNewUser.AccountDisabled = false;

nativeNewUser.Put("userPrincipalName", pLoginName);

int currSettings = (int)nativeNewUser.Get("userAccountControl");

currSettings |= UF_PASSWD_CANT_CHANGE;

currSettings |= UF_DONT_EXPIRE_PASSWD;

nativeNewUser.Put("userAccountControl", currSettings);

newUser.CommitChanges();



Now what do i have to change to make it run with the principelUsername. Ive
tried several variations like assigning the principelUsername the same way
as the samAccountName in the example above, or assigning only with put. Can
anybody help me with this. I would be very grateful. Thanks in advance

Daniel

PS: to verify whether creation of a user has been successfull i use the
following code:

private bool CheckPassword(string pLoginName, string pPassword) {

try {

DirectoryEntry usr = new DirectoryEntry(mProviderUrl, pLoginName, pPassword,
AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);

DirectorySearcher se = new DirectorySearcher(usr);

try {

SearchResult result = se.FindOne();

return true;

} catch(Exception ee) {

return false;

}

} catch(Exception exc) {

throw new Exception("Error while checking password for user " + pLoginName,
exc);

}

}




Jun 29 '06 #1
2 9853
Hallo

Der grund war, dass der userPrincipalName eine suffix hat. z.B.
us***************@domain.com . Dieser musste angegeben werden (nicht bei der
erstellung aber bei operationen)

Gruss Dani

"Daniel Knöpfel" <dd****@iphch.chwrote in message
news:%2****************@TK2MSFTNGP04.phx.gbl...
Hello all

In our project we have been using the samAccount name to authenticate
users against the active directory. As the samAccountName is limited to 20
characters, we are going to use the userPrincipalName. Unfortunately, i
couldtnt make it work until now. I ve got a .Net programm that access the
active directory through the third party dll "Interop.ActiveDs.dll"
(namespace ActiveDs). The code to create the user with using the
samAccountName looks like this:

DirectoryEntry newUser = mDirectoryEntry.Children.Add("CN=" + pLoginName,
"user");

newUser.Properties["samAccountName"].Value = pLoginName;

newUser.CommitChanges();

//get native object of the new user and add user to group

IADsUser nativeNewUser = (IADsUser)newUser.NativeObject;

for (int i = 0; i < pGroups.Length; i++) {

DirectoryEntry group = mDirectoryEntry.Children.Find(pGroups[i], "group");

group.Properties["member"].Add(newUser.Properties["distinguishedName"].Value);

group.CommitChanges(); // In order to work in AD: Group
Properties->Managed By -"Manager can update membership list : must be
set

}

//set properties for the new user

nativeNewUser.SetPassword(pPassword);

nativeNewUser.AccountDisabled = false;

nativeNewUser.Put("userPrincipalName", pLoginName);

int currSettings = (int)nativeNewUser.Get("userAccountControl");

currSettings |= UF_PASSWD_CANT_CHANGE;

currSettings |= UF_DONT_EXPIRE_PASSWD;

nativeNewUser.Put("userAccountControl", currSettings);

newUser.CommitChanges();



Now what do i have to change to make it run with the principelUsername.
Ive tried several variations like assigning the principelUsername the same
way as the samAccountName in the example above, or assigning only with
put. Can anybody help me with this. I would be very grateful. Thanks in
advance

Daniel

PS: to verify whether creation of a user has been successfull i use the
following code:

private bool CheckPassword(string pLoginName, string pPassword) {

try {

DirectoryEntry usr = new DirectoryEntry(mProviderUrl, pLoginName,
pPassword, AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);

DirectorySearcher se = new DirectorySearcher(usr);

try {

SearchResult result = se.FindOne();

return true;

} catch(Exception ee) {

return false;

}

} catch(Exception exc) {

throw new Exception("Error while checking password for user " +
pLoginName, exc);

}

}






Jul 6 '06 #2
Hello all

We have found a solution. The code listed below is actually correct. Just
accessing the user afterwards must be done differently as the
userPrincipalName has got an e-mail like suffix and the samAccountName a
prefix.

Greetings

Daniel

"Daniel Knöpfel" <dd****@iphch.chwrote in message
news:%2****************@TK2MSFTNGP04.phx.gbl...
Hello all

In our project we have been using the samAccount name to authenticate
users against the active directory. As the samAccountName is limited to 20
characters, we are going to use the userPrincipalName. Unfortunately, i
couldtnt make it work until now. I ve got a .Net programm that access the
active directory through the third party dll "Interop.ActiveDs.dll"
(namespace ActiveDs). The code to create the user with using the
samAccountName looks like this:

DirectoryEntry newUser = mDirectoryEntry.Children.Add("CN=" + pLoginName,
"user");

newUser.Properties["samAccountName"].Value = pLoginName;

newUser.CommitChanges();

//get native object of the new user and add user to group

IADsUser nativeNewUser = (IADsUser)newUser.NativeObject;

for (int i = 0; i < pGroups.Length; i++) {

DirectoryEntry group = mDirectoryEntry.Children.Find(pGroups[i], "group");

group.Properties["member"].Add(newUser.Properties["distinguishedName"].Value);

group.CommitChanges(); // In order to work in AD: Group
Properties->Managed By -"Manager can update membership list : must be
set

}

//set properties for the new user

nativeNewUser.SetPassword(pPassword);

nativeNewUser.AccountDisabled = false;

nativeNewUser.Put("userPrincipalName", pLoginName);

int currSettings = (int)nativeNewUser.Get("userAccountControl");

currSettings |= UF_PASSWD_CANT_CHANGE;

currSettings |= UF_DONT_EXPIRE_PASSWD;

nativeNewUser.Put("userAccountControl", currSettings);

newUser.CommitChanges();



Now what do i have to change to make it run with the principelUsername.
Ive tried several variations like assigning the principelUsername the same
way as the samAccountName in the example above, or assigning only with
put. Can anybody help me with this. I would be very grateful. Thanks in
advance

Daniel

PS: to verify whether creation of a user has been successfull i use the
following code:

private bool CheckPassword(string pLoginName, string pPassword) {

try {

DirectoryEntry usr = new DirectoryEntry(mProviderUrl, pLoginName,
pPassword, AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);

DirectorySearcher se = new DirectorySearcher(usr);

try {

SearchResult result = se.FindOne();

return true;

} catch(Exception ee) {

return false;

}

} catch(Exception exc) {

throw new Exception("Error while checking password for user " +
pLoginName, exc);

}

}






Jul 25 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Technical Group | last post: by
1 post views Thread by tangus via DotNetMonster.com | last post: by
3 posts views Thread by =?Utf-8?B?YXppZWdsZXI=?= | last post: by
1 post views Thread by Carlettus | last post: by
1 post views Thread by CARIGAR | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.