T
Thomas Cameron
I have an application that connects to several domain controllers and
enabled a specified user account. The reason for this is that my company
required that administrative accounts be disabled at midnight every day,
and that a ticket be provided and logged before our operations staff will
enable the account.
The reason behind connecting to each domain controller individually is
that waiting for active directory to replicate to our foreign offices was
taking up to three hours! This was obviously not an option for those
users. Is there a better (or faster) way than connecting to each domain
controller?
When connecting to the DCs to enable an account I have used the directory
searcher and I have connected directly (via DirectoryEntry) to the user
object I want. However, there are problems with each. Using the searcher,
I iterate through the results from the searcher and execute:
mySearcher.GetDirectoryEntry.Properties("userAccountControl").Value =
ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT
After calling commitchanges(), I notice that this does not work. I'm not
receiving any errors, and my entire operation from search to commit in a
try...catch statement. Any ideas?
When using a straight entry such as:
Dim dirSupportUser As New
System.DirectoryServices.DirectoryEntry("LDAP://dc.domain.com/CN=adminuser,
OU=ITSUPPORT, DC=domain, DC=com", "domain\username", "password")
dirSupportUser.AuthenticationType = AuthenticationTypes.ServerBind
dirSupportUser.Properties("userAccountControl").Value =
ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT
There is no way to specify a timeout for the operation! This method DOES
enable the user account, but if a server happens to be down my program
will sit and wait. Or, worse yet, if a server is partially working due to
a crash my program will sit and wait forever.
My questions are: Is there a way to specify a timeout for method #2? Is
there something I am doing wrong in method #1? Could specifying a
"PropertiesToLoad" on method #1 have anything to do with my issues?
Thanks for any help that may be offered!
enabled a specified user account. The reason for this is that my company
required that administrative accounts be disabled at midnight every day,
and that a ticket be provided and logged before our operations staff will
enable the account.
The reason behind connecting to each domain controller individually is
that waiting for active directory to replicate to our foreign offices was
taking up to three hours! This was obviously not an option for those
users. Is there a better (or faster) way than connecting to each domain
controller?
When connecting to the DCs to enable an account I have used the directory
searcher and I have connected directly (via DirectoryEntry) to the user
object I want. However, there are problems with each. Using the searcher,
I iterate through the results from the searcher and execute:
mySearcher.GetDirectoryEntry.Properties("userAccountControl").Value =
ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT
After calling commitchanges(), I notice that this does not work. I'm not
receiving any errors, and my entire operation from search to commit in a
try...catch statement. Any ideas?
When using a straight entry such as:
Dim dirSupportUser As New
System.DirectoryServices.DirectoryEntry("LDAP://dc.domain.com/CN=adminuser,
OU=ITSUPPORT, DC=domain, DC=com", "domain\username", "password")
dirSupportUser.AuthenticationType = AuthenticationTypes.ServerBind
dirSupportUser.Properties("userAccountControl").Value =
ADS_USER_FLAG_ENUM.ADS_UF_NORMAL_ACCOUNT
There is no way to specify a timeout for the operation! This method DOES
enable the user account, but if a server happens to be down my program
will sit and wait. Or, worse yet, if a server is partially working due to
a crash my program will sit and wait forever.
My questions are: Is there a way to specify a timeout for method #2? Is
there something I am doing wrong in method #1? Could specifying a
"PropertiesToLoad" on method #1 have anything to do with my issues?
Thanks for any help that may be offered!