Hello all

In our project we have been using the samAccount name to authenticate users
against the active directory. As the samAccountName is limited to 20
characters, we are going to use the userPrincipalName. Unfortunately, i
couldtnt make it work until now. I ve got a .Net programm that access the
active directory through the third party dll "Interop.ActiveDs.dll"
(namespace ActiveDs). The code to create the user with using the
samAccountName looks like this:

DirectoryEntry newUser = mDirectoryEntry.Children.Add("CN=" + pLoginName,
"user");

newUser.Properties["samAccountName"].Value = pLoginName;

newUser.CommitChanges();

//get native object of the new user and add user to group

IADsUser nativeNewUser = (IADsUser)newUser.NativeObject;

for (int i = 0; i < pGroups.Length; i++) {

DirectoryEntry group = mDirectoryEntry.Children.Find(pGroups[i], "group");

group.Properties["member"].Add(newUser.Properties["distinguishedName"].Value);

group.CommitChanges(); // In order to work in AD: Group Properties->Managed
By -> "Manager can update membership list : must be set

}

//set properties for the new user

nativeNewUser.SetPassword(pPassword);

nativeNewUser.AccountDisabled = false;

nativeNewUser.Put("userPrincipalName", pLoginName);

int currSettings = (int)nativeNewUser.Get("userAccountControl");

currSettings |= UF_PASSWD_CANT_CHANGE;

currSettings |= UF_DONT_EXPIRE_PASSWD;

nativeNewUser.Put("userAccountControl", currSettings);

newUser.CommitChanges();







Now what do i have to change to make it run with the principelUsername. Ive
tried several variations like assigning the principelUsername the same way
as the samAccountName in the example above, or assigning only with put. Can
anybody help me with this. I would be very grateful. Thanks in advance

Daniel





PS: to verify whether creation of a user has been successfull i use the
following code:

private bool CheckPassword(string pLoginName, string pPassword) {

try {

DirectoryEntry usr = new DirectoryEntry(mProviderUrl, pLoginName, pPassword,
AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);

DirectorySearcher se = new DirectorySearcher(usr);

try {

SearchResult result = se.FindOne();

return true;

} catch(Exception ee) {

return false;

}

} catch(Exception exc) {

throw new Exception("Error while checking password for user " + pLoginName,
exc);

}

}

Hallo

Der grund war, dass der userPrincipalName eine suffix hat. z.B.
(E-Mail Removed) . Dieser musste angegeben werden (nicht bei der
erstellung aber bei operationen)

Gruss Dani

"Daniel Knöpfel" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hello all
>
> In our project we have been using the samAccount name to authenticate
> users against the active directory. As the samAccountName is limited to 20
> characters, we are going to use the userPrincipalName. Unfortunately, i
> couldtnt make it work until now. I ve got a .Net programm that access the
> active directory through the third party dll "Interop.ActiveDs.dll"
> (namespace ActiveDs). The code to create the user with using the
> samAccountName looks like this:
>
> DirectoryEntry newUser = mDirectoryEntry.Children.Add("CN=" + pLoginName,
> "user");
>
> newUser.Properties["samAccountName"].Value = pLoginName;
>
> newUser.CommitChanges();
>
> //get native object of the new user and add user to group
>
> IADsUser nativeNewUser = (IADsUser)newUser.NativeObject;
>
> for (int i = 0; i < pGroups.Length; i++) {
>
> DirectoryEntry group = mDirectoryEntry.Children.Find(pGroups[i], "group");
>
> group.Properties["member"].Add(newUser.Properties["distinguishedName"].Value);
>
> group.CommitChanges(); // In order to work in AD: Group
> Properties->Managed By -> "Manager can update membership list : must be
> set
>
> }
>
> //set properties for the new user
>
> nativeNewUser.SetPassword(pPassword);
>
> nativeNewUser.AccountDisabled = false;
>
> nativeNewUser.Put("userPrincipalName", pLoginName);
>
> int currSettings = (int)nativeNewUser.Get("userAccountControl");
>
> currSettings |= UF_PASSWD_CANT_CHANGE;
>
> currSettings |= UF_DONT_EXPIRE_PASSWD;
>
> nativeNewUser.Put("userAccountControl", currSettings);
>
> newUser.CommitChanges();
>
>
>
>
>
>
>
> Now what do i have to change to make it run with the principelUsername.
> Ive tried several variations like assigning the principelUsername the same
> way as the samAccountName in the example above, or assigning only with
> put. Can anybody help me with this. I would be very grateful. Thanks in
> advance
>
> Daniel
>
>
>
>
>
> PS: to verify whether creation of a user has been successfull i use the
> following code:
>
> private bool CheckPassword(string pLoginName, string pPassword) {
>
> try {
>
> DirectoryEntry usr = new DirectoryEntry(mProviderUrl, pLoginName,
> pPassword, AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);
>
> DirectorySearcher se = new DirectorySearcher(usr);
>
> try {
>
> SearchResult result = se.FindOne();
>
> return true;
>
> } catch(Exception ee) {
>
> return false;
>
> }
>
> } catch(Exception exc) {
>
> throw new Exception("Error while checking password for user " +
> pLoginName, exc);
>
> }
>
> }
>
>
>
>
>
>
>
>
>
>
>
>
>
>

Hello all

We have found a solution. The code listed below is actually correct. Just
accessing the user afterwards must be done differently as the
userPrincipalName has got an e-mail like suffix and the samAccountName a
prefix.

Greetings

Daniel

"Daniel Knöpfel" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hello all
>
> In our project we have been using the samAccount name to authenticate
> users against the active directory. As the samAccountName is limited to 20
> characters, we are going to use the userPrincipalName. Unfortunately, i
> couldtnt make it work until now. I ve got a .Net programm that access the
> active directory through the third party dll "Interop.ActiveDs.dll"
> (namespace ActiveDs). The code to create the user with using the
> samAccountName looks like this:
>
> DirectoryEntry newUser = mDirectoryEntry.Children.Add("CN=" + pLoginName,
> "user");
>
> newUser.Properties["samAccountName"].Value = pLoginName;
>
> newUser.CommitChanges();
>
> //get native object of the new user and add user to group
>
> IADsUser nativeNewUser = (IADsUser)newUser.NativeObject;
>
> for (int i = 0; i < pGroups.Length; i++) {
>
> DirectoryEntry group = mDirectoryEntry.Children.Find(pGroups[i], "group");
>
> group.Properties["member"].Add(newUser.Properties["distinguishedName"].Value);
>
> group.CommitChanges(); // In order to work in AD: Group
> Properties->Managed By -> "Manager can update membership list : must be
> set
>
> }
>
> //set properties for the new user
>
> nativeNewUser.SetPassword(pPassword);
>
> nativeNewUser.AccountDisabled = false;
>
> nativeNewUser.Put("userPrincipalName", pLoginName);
>
> int currSettings = (int)nativeNewUser.Get("userAccountControl");
>
> currSettings |= UF_PASSWD_CANT_CHANGE;
>
> currSettings |= UF_DONT_EXPIRE_PASSWD;
>
> nativeNewUser.Put("userAccountControl", currSettings);
>
> newUser.CommitChanges();
>
>
>
>
>
>
>
> Now what do i have to change to make it run with the principelUsername.
> Ive tried several variations like assigning the principelUsername the same
> way as the samAccountName in the example above, or assigning only with
> put. Can anybody help me with this. I would be very grateful. Thanks in
> advance
>
> Daniel
>
>
>
>
>
> PS: to verify whether creation of a user has been successfull i use the
> following code:
>
> private bool CheckPassword(string pLoginName, string pPassword) {
>
> try {
>
> DirectoryEntry usr = new DirectoryEntry(mProviderUrl, pLoginName,
> pPassword, AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);
>
> DirectorySearcher se = new DirectorySearcher(usr);
>
> try {
>
> SearchResult result = se.FindOne();
>
> return true;
>
> } catch(Exception ee) {
>
> return false;
>
> }
>
> } catch(Exception exc) {
>
> throw new Exception("Error while checking password for user " +
> pLoginName, exc);
>
> }
>
> }
>
>
>
>
>
>
>
>
>
>
>
>
>
>