We are having a problem creating an Active Directory USer (DirectoryEntry) programmatically using the .NET framework 1.1

In our development environment we are able to bind to AD using LDAP and create a new directory entry. We comit this and the DirectoryEntry is created using a blank password as shown below:

DirectoryEntry user = users.Add("CN=" + myUsername, "user");

user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name

...other properties...

user.CommitChanges();

We are then able to Invoke SetPassword method to change the password.

Unfortunately this will not work in production since a password policy with a minimum password length is in force. It is not possible to create an Active Directory user with a blank password.

The following error is thrown in this case:

The server is unwilling to process the request.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: The server is unwilling to process the request.

If we try and set the password property as follows:


DirectoryEntry user = users.Add("CN=" + myUsername, "user");

user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name

...other properties...

user.Properties["userPassword"].Add(Mypassword);

user.CommitChanges();


The password is till not set and therefore fails in an environment with a minium length password policy in place.

How we can create a DirectoryEntry where a minimum length password policy exists?

Generally, you want to do it like this:

Create the object and CommitChanges
Then, call SetPassword and CommitChanges
Then, set userAccountControl to enable the object and call CommitChanges one
last time.

Joe K.

"Paul Gallagher" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> We are having a problem creating an Active Directory USer (DirectoryEntry)
> programmatically using the .NET framework 1.1
>
> In our development environment we are able to bind to AD using LDAP and
> create a new directory entry. We comit this and the DirectoryEntry is
> created using a blank password as shown below:
>
> DirectoryEntry user = users.Add("CN=" + myUsername, "user");
>
> user.Properties["samAccountName"].Add(username); // Login name
> user.Properties["givenName"].Add(FirstName); // First Name
> user.Properties["sn"].Add(LastName); // Last Name
>
> ..other properties...
>
> user.CommitChanges();
>
> We are then able to Invoke SetPassword method to change the password.
>
> Unfortunately this will not work in production since a password policy
> with a minimum password length is in force. It is not possible to create
> an Active Directory user with a blank password.
>
> The following error is thrown in this case:
>
> The server is unwilling to process the request.
> Description: An unhandled exception occurred during the execution of the
> current web request. Please review the stack trace for more information
> about the error and where it originated in the code.
>
> Exception Details: System.Runtime.InteropServices.COMException: The server
> is unwilling to process the request.
>
> If we try and set the password property as follows:
>
>
> DirectoryEntry user = users.Add("CN=" + myUsername, "user");
>
> user.Properties["samAccountName"].Add(username); // Login name
> user.Properties["givenName"].Add(FirstName); // First Name
> user.Properties["sn"].Add(LastName); // Last Name
>
> ..other properties...
>
> user.Properties["userPassword"].Add(Mypassword);
>
> user.CommitChanges();
>
>
> The password is till not set and therefore fails in an environment with a
> minium length password policy in place.
>
> How we can create a DirectoryEntry where a minimum length password policy
> exists?

>In our development environment we are able to bind to AD using LDAP and create a new directory entry.
>We comit this and the DirectoryEntry is created using a blank password as shown below:
>We are then able to Invoke SetPassword method to change the password.
>Unfortunately this will not work in production since a password policy with a minimum password length
>is in force. It is not possible to create an Active Directory user with a blank password.

Steps:

1) Create the user with the "ADS_UF_PASSWD_NOTREQD" flag (password not
required) being set to the "userAccountControl" flag of the user
object. This *should* work even in your production environment.

2) Then set the user's password to match the minimum length and
complexity requirements (.SetPassword)

3) Then update the user object again, to enable it (remove the
ADS_UF_ACCOUNTDISABLE flag), and to require a password for it (remove
the ADS_UF_PASSWD_NOTREQD flag).

Now you should have a user account, freshly created, enabled, and with
a password.

Marc

________________________________________________________________
Marc Scheuner ** mscheuner -at- mvps.org ** http://adsi.mvps.org
Microsoft MVP for Directory Services Programming
http://www.dirteam.com/blogs/mscheuner/default.aspx
Come see http://groups.yahoo.com/group/ADSIANDDirectoryServices/

Hi!!

I developed a C# aplication to create users in active directory and el
following code create a user and a mailbox.

NewUser.Properties["userPrincipalName"].Value = userName+"@pruebas.es";
NewUser.Properties["name"].Value = name;
NewUser.Properties["samAccountName"].Value = userName;
NewUser.Properties["description"].Value=description;
NewUser.Properties["pwdLastSet"].Value = -1;
NewUser.Properties["givenName"].Value=name;
NewUser.CommitChanges();

NewUser.Invoke("ChangePassword", new object[] {"",password});
NewUser.CommitChanges();

NewUser.Properties["userAccountControl"].Value=0x200;
NewUser.CommitChanges();

CDOEXM.IMailboxStore mailbox;
mailbox = (IMailboxStore)NewUser.NativeObject;
mailbox.CreateMailbox(homeMDB);
NewUser.CommitChanges();

The problem is that now I'm testing this code in other domain control and
it's doesn't work!!!
My question is, my code is correct? or can be a problem of the domain
controler? (permissions...)

Thanks in advance

"Marc Scheuner" escribió:
>In our development environment we are able to bind to AD using LDAP and
create a new directory entry.
> >We comit this and the DirectoryEntry is created using a blank password as shown below:
> >We are then able to Invoke SetPassword method to change the password.
> >Unfortunately this will not work in production since a password policy with a minimum password length
> >is in force. It is not possible to create an Active Directory user with a blank password.
>
> Steps:
>
> 1) Create the user with the "ADS_UF_PASSWD_NOTREQD" flag (password not
> required) being set to the "userAccountControl" flag of the user
> object. This *should* work even in your production environment.
>
> 2) Then set the user's password to match the minimum length and
> complexity requirements (.SetPassword)
>
> 3) Then update the user object again, to enable it (remove the
> ADS_UF_ACCOUNTDISABLE flag), and to require a password for it (remove
> the ADS_UF_PASSWD_NOTREQD flag).
>
> Now you should have a user account, freshly created, enabled, and with
> a password.
>
> Marc
>
> ________________________________________________________________
> Marc Scheuner ** mscheuner -at- mvps.org ** http://adsi.mvps.org
> Microsoft MVP for Directory Services Programming
> http://www.dirteam.com/blogs/mscheuner/default.aspx
> Come see http://groups.yahoo.com/group/ADSIANDDirectoryServices/
>

You should use SetPassword for creating an initial password. Otherwise,
what isn't working? What exception do you get?

Joe K.

"worldjam" <(E-Mail Removed)> wrote in message
news:0DD3BC32-7960-4B05-8A1A-(E-Mail Removed)...
> Hi!!
>
> I developed a C# aplication to create users in active directory and el
> following code create a user and a mailbox.
>
> NewUser.Properties["userPrincipalName"].Value = userName+"@pruebas.es";
> NewUser.Properties["name"].Value = name;
> NewUser.Properties["samAccountName"].Value = userName;
> NewUser.Properties["description"].Value=description;
> NewUser.Properties["pwdLastSet"].Value = -1;
> NewUser.Properties["givenName"].Value=name;
> NewUser.CommitChanges();
>
> NewUser.Invoke("ChangePassword", new object[] {"",password});
> NewUser.CommitChanges();
>
> NewUser.Properties["userAccountControl"].Value=0x200;
> NewUser.CommitChanges();
>
> CDOEXM.IMailboxStore mailbox;
> mailbox = (IMailboxStore)NewUser.NativeObject;
> mailbox.CreateMailbox(homeMDB);
> NewUser.CommitChanges();
>
> The problem is that now I'm testing this code in other domain control and
> it's doesn't work!!!
> My question is, my code is correct? or can be a problem of the domain
> controler? (permissions...)
>
> Thanks in advance
>
> "Marc Scheuner" escribió:
> >In our development environment we are able to bind to AD using LDAP and
> create a new directory entry.
>> >We comit this and the DirectoryEntry is created using a blank password
>> >as shown below:
>> >We are then able to Invoke SetPassword method to change the password.
>> >Unfortunately this will not work in production since a password policy
>> >with a minimum password length
>> >is in force. It is not possible to create an Active Directory user with
>> >a blank password.
>>
>> Steps:
>>
>> 1) Create the user with the "ADS_UF_PASSWD_NOTREQD" flag (password not
>> required) being set to the "userAccountControl" flag of the user
>> object. This *should* work even in your production environment.
>>
>> 2) Then set the user's password to match the minimum length and
>> complexity requirements (.SetPassword)
>>
>> 3) Then update the user object again, to enable it (remove the
>> ADS_UF_ACCOUNTDISABLE flag), and to require a password for it (remove
>> the ADS_UF_PASSWD_NOTREQD flag).
>>
>> Now you should have a user account, freshly created, enabled, and with
>> a password.
>>
>> Marc
>>
>> ________________________________________________________________
>> Marc Scheuner ** mscheuner -at- mvps.org ** http://adsi.mvps.org
>> Microsoft MVP for Directory Services Programming
>> http://www.dirteam.com/blogs/mscheuner/default.aspx
>> Come see http://groups.yahoo.com/group/ADSIANDDirectoryServices/
>>

Hi!!

I got several exceptions.
1-When I use
NewUser.Invoke("SetPassword", new object[] {password});
2-When I use
NewUser.Properties["userAccountControl"].Value=0x200;
3-When I try to create the mailbox

The exceptions:
1-It can not found net path
2-The domain is busy or it can be found or you can not enought privileges
3-Specified cast is not valid (when I ty to create the mailbox)

Otherwise I can use Setpassword, it never worked, but if I use
ChangePassword it worked!!
I don't know what can I do, because this code worked in the development
enviroment!!

Thanks



"Joe Kaplan (MVP - ADSI)" wrote:

> You should use SetPassword for creating an initial password. Otherwise,
> what isn't working? What exception do you get?
>
> Joe K.
>
> "worldjam" <(E-Mail Removed)> wrote in message
> news:0DD3BC32-7960-4B05-8A1A-(E-Mail Removed)...
> > Hi!!
> >
> > I developed a C# aplication to create users in active directory and el
> > following code create a user and a mailbox.
> >
> > NewUser.Properties["userPrincipalName"].Value = userName+"@pruebas.es";
> > NewUser.Properties["name"].Value = name;
> > NewUser.Properties["samAccountName"].Value = userName;
> > NewUser.Properties["description"].Value=description;
> > NewUser.Properties["pwdLastSet"].Value = -1;
> > NewUser.Properties["givenName"].Value=name;
> > NewUser.CommitChanges();
> >
> > NewUser.Invoke("ChangePassword", new object[] {"",password});
> > NewUser.CommitChanges();
> >
> > NewUser.Properties["userAccountControl"].Value=0x200;
> > NewUser.CommitChanges();
> >
> > CDOEXM.IMailboxStore mailbox;
> > mailbox = (IMailboxStore)NewUser.NativeObject;
> > mailbox.CreateMailbox(homeMDB);
> > NewUser.CommitChanges();
> >
> > The problem is that now I'm testing this code in other domain control and
> > it's doesn't work!!!
> > My question is, my code is correct? or can be a problem of the domain
> > controler? (permissions...)
> >
> > Thanks in advance
> >
> > "Marc Scheuner" escribió:
> > >In our development environment we are able to bind to AD using LDAP and
> > create a new directory entry.
> >> >We comit this and the DirectoryEntry is created using a blank password
> >> >as shown below:
> >> >We are then able to Invoke SetPassword method to change the password.
> >> >Unfortunately this will not work in production since a password policy
> >> >with a minimum password length
> >> >is in force. It is not possible to create an Active Directory user with
> >> >a blank password.
> >>
> >> Steps:
> >>
> >> 1) Create the user with the "ADS_UF_PASSWD_NOTREQD" flag (password not
> >> required) being set to the "userAccountControl" flag of the user
> >> object. This *should* work even in your production environment.
> >>
> >> 2) Then set the user's password to match the minimum length and
> >> complexity requirements (.SetPassword)
> >>
> >> 3) Then update the user object again, to enable it (remove the
> >> ADS_UF_ACCOUNTDISABLE flag), and to require a password for it (remove
> >> the ADS_UF_PASSWD_NOTREQD flag).
> >>
> >> Now you should have a user account, freshly created, enabled, and with
> >> a password.
> >>
> >> Marc
> >>
> >> ________________________________________________________________
> >> Marc Scheuner ** mscheuner -at- mvps.org ** http://adsi.mvps.org
> >> Microsoft MVP for Directory Services Programming
> >> http://www.dirteam.com/blogs/mscheuner/default.aspx
> >> Come see http://groups.yahoo.com/group/ADSIANDDirectoryServices/
> >>
>
>
>

SetPassword should work. I'd suggest concentrating on getting that working.
Just out of curiosity, does your domain support SSL (can you bind with
AuthenticationTypes.SecureSocketsLayer)?

Regarding setting userAccountControl, that should work too. If you are
getting permissions errors, are you sure you have enough rights?

Regarding the mailbox creation, did you install the Exchange System Manager
on the system?

Joe K.

"worldjam" <(E-Mail Removed)> wrote in message
news:AA25ED1F-7B2F-4AA5-BC04-(E-Mail Removed)...
> Hi!!
>
> I got several exceptions.
> 1-When I use
> NewUser.Invoke("SetPassword", new object[] {password});
> 2-When I use
> NewUser.Properties["userAccountControl"].Value=0x200;
> 3-When I try to create the mailbox
>
> The exceptions:
> 1-It can not found net path
> 2-The domain is busy or it can be found or you can not enought privileges
> 3-Specified cast is not valid (when I ty to create the mailbox)
>
> Otherwise I can use Setpassword, it never worked, but if I use
> ChangePassword it worked!!
> I don't know what can I do, because this code worked in the development
> enviroment!!
>
> Thanks
>
>
>
> "Joe Kaplan (MVP - ADSI)" wrote:
>
>> You should use SetPassword for creating an initial password. Otherwise,
>> what isn't working? What exception do you get?
>>
>> Joe K.
>>
>> "worldjam" <(E-Mail Removed)> wrote in message
>> news:0DD3BC32-7960-4B05-8A1A-(E-Mail Removed)...
>> > Hi!!
>> >
>> > I developed a C# aplication to create users in active directory and el
>> > following code create a user and a mailbox.
>> >
>> > NewUser.Properties["userPrincipalName"].Value = userName+"@pruebas.es";
>> > NewUser.Properties["name"].Value = name;
>> > NewUser.Properties["samAccountName"].Value = userName;
>> > NewUser.Properties["description"].Value=description;
>> > NewUser.Properties["pwdLastSet"].Value = -1;
>> > NewUser.Properties["givenName"].Value=name;
>> > NewUser.CommitChanges();
>> >
>> > NewUser.Invoke("ChangePassword", new object[] {"",password});
>> > NewUser.CommitChanges();
>> >
>> > NewUser.Properties["userAccountControl"].Value=0x200;
>> > NewUser.CommitChanges();
>> >
>> > CDOEXM.IMailboxStore mailbox;
>> > mailbox = (IMailboxStore)NewUser.NativeObject;
>> > mailbox.CreateMailbox(homeMDB);
>> > NewUser.CommitChanges();
>> >
>> > The problem is that now I'm testing this code in other domain control
>> > and
>> > it's doesn't work!!!
>> > My question is, my code is correct? or can be a problem of the domain
>> > controler? (permissions...)
>> >
>> > Thanks in advance
>> >
>> > "Marc Scheuner" escribió:
>> > >In our development environment we are able to bind to AD using LDAP
>> > >and
>> > create a new directory entry.
>> >> >We comit this and the DirectoryEntry is created using a blank
>> >> >password
>> >> >as shown below:
>> >> >We are then able to Invoke SetPassword method to change the password.
>> >> >Unfortunately this will not work in production since a password
>> >> >policy
>> >> >with a minimum password length
>> >> >is in force. It is not possible to create an Active Directory user
>> >> >with
>> >> >a blank password.
>> >>
>> >> Steps:
>> >>
>> >> 1) Create the user with the "ADS_UF_PASSWD_NOTREQD" flag (password not
>> >> required) being set to the "userAccountControl" flag of the user
>> >> object. This *should* work even in your production environment.
>> >>
>> >> 2) Then set the user's password to match the minimum length and
>> >> complexity requirements (.SetPassword)
>> >>
>> >> 3) Then update the user object again, to enable it (remove the
>> >> ADS_UF_ACCOUNTDISABLE flag), and to require a password for it (remove
>> >> the ADS_UF_PASSWD_NOTREQD flag).
>> >>
>> >> Now you should have a user account, freshly created, enabled, and with
>> >> a password.
>> >>
>> >> Marc
>> >>
>> >> ________________________________________________________________
>> >> Marc Scheuner ** mscheuner -at- mvps.org ** http://adsi.mvps.org
>> >> Microsoft MVP for Directory Services Programming
>> >> http://www.dirteam.com/blogs/mscheuner/default.aspx
>> >> Come see http://groups.yahoo.com/group/ADSIANDDirectoryServices/
>> >>
>>
>>
>>

Hi Joe!!

I'm trying to run my code in the domain controler and it's worked, except
create mailbox, but I've seen that it has not install exchange tools!! and
the error is "specifid cast is not valid". If I try to run the code since a
client in other domain (there are trush between domains) I obtain the
following exception "The server is unwilling to process your request" when I
invoke to SetPassword. I think is a problem with permissions! What do you
think?

Thanks in advance!


"Joe Kaplan (MVP - ADSI)" escribió:

> SetPassword should work. I'd suggest concentrating on getting that working.
> Just out of curiosity, does your domain support SSL (can you bind with
> AuthenticationTypes.SecureSocketsLayer)?
>
> Regarding setting userAccountControl, that should work too. If you are
> getting permissions errors, are you sure you have enough rights?
>
> Regarding the mailbox creation, did you install the Exchange System Manager
> on the system?
>
> Joe K.
>
> "worldjam" <(E-Mail Removed)> wrote in message
> news:AA25ED1F-7B2F-4AA5-BC04-(E-Mail Removed)...
> > Hi!!
> >
> > I got several exceptions.
> > 1-When I use
> > NewUser.Invoke("SetPassword", new object[] {password});
> > 2-When I use
> > NewUser.Properties["userAccountControl"].Value=0x200;
> > 3-When I try to create the mailbox
> >
> > The exceptions:
> > 1-It can not found net path
> > 2-The domain is busy or it can be found or you can not enought privileges
> > 3-Specified cast is not valid (when I ty to create the mailbox)
> >
> > Otherwise I can use Setpassword, it never worked, but if I use
> > ChangePassword it worked!!
> > I don't know what can I do, because this code worked in the development
> > enviroment!!
> >
> > Thanks
> >
> >
> >
> > "Joe Kaplan (MVP - ADSI)" wrote:
> >
> >> You should use SetPassword for creating an initial password. Otherwise,
> >> what isn't working? What exception do you get?
> >>
> >> Joe K.
> >>
> >> "worldjam" <(E-Mail Removed)> wrote in message
> >> news:0DD3BC32-7960-4B05-8A1A-(E-Mail Removed)...
> >> > Hi!!
> >> >
> >> > I developed a C# aplication to create users in active directory and el
> >> > following code create a user and a mailbox.
> >> >
> >> > NewUser.Properties["userPrincipalName"].Value = userName+"@pruebas.es";
> >> > NewUser.Properties["name"].Value = name;
> >> > NewUser.Properties["samAccountName"].Value = userName;
> >> > NewUser.Properties["description"].Value=description;
> >> > NewUser.Properties["pwdLastSet"].Value = -1;
> >> > NewUser.Properties["givenName"].Value=name;
> >> > NewUser.CommitChanges();
> >> >
> >> > NewUser.Invoke("ChangePassword", new object[] {"",password});
> >> > NewUser.CommitChanges();
> >> >
> >> > NewUser.Properties["userAccountControl"].Value=0x200;
> >> > NewUser.CommitChanges();
> >> >
> >> > CDOEXM.IMailboxStore mailbox;
> >> > mailbox = (IMailboxStore)NewUser.NativeObject;
> >> > mailbox.CreateMailbox(homeMDB);
> >> > NewUser.CommitChanges();
> >> >
> >> > The problem is that now I'm testing this code in other domain control
> >> > and
> >> > it's doesn't work!!!
> >> > My question is, my code is correct? or can be a problem of the domain
> >> > controler? (permissions...)
> >> >
> >> > Thanks in advance
> >> >
> >> > "Marc Scheuner" escribió:
> >> > >In our development environment we are able to bind to AD using LDAP
> >> > >and
> >> > create a new directory entry.
> >> >> >We comit this and the DirectoryEntry is created using a blank
> >> >> >password
> >> >> >as shown below:
> >> >> >We are then able to Invoke SetPassword method to change the password.
> >> >> >Unfortunately this will not work in production since a password
> >> >> >policy
> >> >> >with a minimum password length
> >> >> >is in force. It is not possible to create an Active Directory user
> >> >> >with
> >> >> >a blank password.
> >> >>
> >> >> Steps:
> >> >>
> >> >> 1) Create the user with the "ADS_UF_PASSWD_NOTREQD" flag (password not
> >> >> required) being set to the "userAccountControl" flag of the user
> >> >> object. This *should* work even in your production environment.
> >> >>
> >> >> 2) Then set the user's password to match the minimum length and
> >> >> complexity requirements (.SetPassword)
> >> >>
> >> >> 3) Then update the user object again, to enable it (remove the
> >> >> ADS_UF_ACCOUNTDISABLE flag), and to require a password for it (remove
> >> >> the ADS_UF_PASSWD_NOTREQD flag).
> >> >>
> >> >> Now you should have a user account, freshly created, enabled, and with
> >> >> a password.
> >> >>
> >> >> Marc
> >> >>
> >> >> ________________________________________________________________
> >> >> Marc Scheuner ** mscheuner -at- mvps.org ** http://adsi.mvps.org
> >> >> Microsoft MVP for Directory Services Programming
> >> >> http://www.dirteam.com/blogs/mscheuner/default.aspx
> >> >> Come see http://groups.yahoo.com/group/ADSIANDDirectoryServices/
> >> >>
> >>
> >>
> >>
>
>
>

"Unwilling to process" on a password change usually means that an SSL/LDAP
connection could not be established with the other domain, although there
are other potential reasons I think.

Can you connect to the other domain over SSL/port 636 using ldp.exe?

You definitely need the Exchange System Manager tools installed to use
CDOEXM.

Joe K.

"worldjam" <(E-Mail Removed)> wrote in message
news:178B13EB-A256-4450-854E-(E-Mail Removed)...
> Hi Joe!!
>
> I'm trying to run my code in the domain controler and it's worked, except
> create mailbox, but I've seen that it has not install exchange tools!! and
> the error is "specifid cast is not valid". If I try to run the code since
> a
> client in other domain (there are trush between domains) I obtain the
> following exception "The server is unwilling to process your request" when
> I
> invoke to SetPassword. I think is a problem with permissions! What do you
> think?
>
> Thanks in advance!
>
>
> "Joe Kaplan (MVP - ADSI)" escribió:
>
>> SetPassword should work. I'd suggest concentrating on getting that
>> working.
>> Just out of curiosity, does your domain support SSL (can you bind with
>> AuthenticationTypes.SecureSocketsLayer)?
>>
>> Regarding setting userAccountControl, that should work too. If you are
>> getting permissions errors, are you sure you have enough rights?
>>
>> Regarding the mailbox creation, did you install the Exchange System
>> Manager
>> on the system?
>>
>> Joe K.
>>
>> "worldjam" <(E-Mail Removed)> wrote in message
>> news:AA25ED1F-7B2F-4AA5-BC04-(E-Mail Removed)...
>> > Hi!!
>> >
>> > I got several exceptions.
>> > 1-When I use
>> > NewUser.Invoke("SetPassword", new object[] {password});
>> > 2-When I use
>> > NewUser.Properties["userAccountControl"].Value=0x200;
>> > 3-When I try to create the mailbox
>> >
>> > The exceptions:
>> > 1-It can not found net path
>> > 2-The domain is busy or it can be found or you can not enought
>> > privileges
>> > 3-Specified cast is not valid (when I ty to create the mailbox)
>> >
>> > Otherwise I can use Setpassword, it never worked, but if I use
>> > ChangePassword it worked!!
>> > I don't know what can I do, because this code worked in the development
>> > enviroment!!
>> >
>> > Thanks
>> >
>> >
>> >
>> > "Joe Kaplan (MVP - ADSI)" wrote:
>> >
>> >> You should use SetPassword for creating an initial password.
>> >> Otherwise,
>> >> what isn't working? What exception do you get?
>> >>
>> >> Joe K.
>> >>
>> >> "worldjam" <(E-Mail Removed)> wrote in message
>> >> news:0DD3BC32-7960-4B05-8A1A-(E-Mail Removed)...
>> >> > Hi!!
>> >> >
>> >> > I developed a C# aplication to create users in active directory and
>> >> > el
>> >> > following code create a user and a mailbox.
>> >> >
>> >> > NewUser.Properties["userPrincipalName"].Value =
>> >> > userName+"@pruebas.es";
>> >> > NewUser.Properties["name"].Value = name;
>> >> > NewUser.Properties["samAccountName"].Value = userName;
>> >> > NewUser.Properties["description"].Value=description;
>> >> > NewUser.Properties["pwdLastSet"].Value = -1;
>> >> > NewUser.Properties["givenName"].Value=name;
>> >> > NewUser.CommitChanges();
>> >> >
>> >> > NewUser.Invoke("ChangePassword", new object[] {"",password});
>> >> > NewUser.CommitChanges();
>> >> >
>> >> > NewUser.Properties["userAccountControl"].Value=0x200;
>> >> > NewUser.CommitChanges();
>> >> >
>> >> > CDOEXM.IMailboxStore mailbox;
>> >> > mailbox = (IMailboxStore)NewUser.NativeObject;
>> >> > mailbox.CreateMailbox(homeMDB);
>> >> > NewUser.CommitChanges();
>> >> >
>> >> > The problem is that now I'm testing this code in other domain
>> >> > control
>> >> > and
>> >> > it's doesn't work!!!
>> >> > My question is, my code is correct? or can be a problem of the
>> >> > domain
>> >> > controler? (permissions...)
>> >> >
>> >> > Thanks in advance
>> >> >
>> >> > "Marc Scheuner" escribió:
>> >> > >In our development environment we are able to bind to AD using LDAP
>> >> > >and
>> >> > create a new directory entry.
>> >> >> >We comit this and the DirectoryEntry is created using a blank
>> >> >> >password
>> >> >> >as shown below:
>> >> >> >We are then able to Invoke SetPassword method to change the
>> >> >> >password.
>> >> >> >Unfortunately this will not work in production since a password
>> >> >> >policy
>> >> >> >with a minimum password length
>> >> >> >is in force. It is not possible to create an Active Directory user
>> >> >> >with
>> >> >> >a blank password.
>> >> >>
>> >> >> Steps:
>> >> >>
>> >> >> 1) Create the user with the "ADS_UF_PASSWD_NOTREQD" flag (password
>> >> >> not
>> >> >> required) being set to the "userAccountControl" flag of the user
>> >> >> object. This *should* work even in your production environment.
>> >> >>
>> >> >> 2) Then set the user's password to match the minimum length and
>> >> >> complexity requirements (.SetPassword)
>> >> >>
>> >> >> 3) Then update the user object again, to enable it (remove the
>> >> >> ADS_UF_ACCOUNTDISABLE flag), and to require a password for it
>> >> >> (remove
>> >> >> the ADS_UF_PASSWD_NOTREQD flag).
>> >> >>
>> >> >> Now you should have a user account, freshly created, enabled, and
>> >> >> with
>> >> >> a password.
>> >> >>
>> >> >> Marc
>> >> >>
>> >> >> ________________________________________________________________
>> >> >> Marc Scheuner ** mscheuner -at- mvps.org ** http://adsi.mvps.org
>> >> >> Microsoft MVP for Directory Services Programming
>> >> >> http://www.dirteam.com/blogs/mscheuner/default.aspx
>> >> >> Come see http://groups.yahoo.com/group/ADSIANDDirectoryServices/
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>