ADSI and C#

[Victor Pereira]

Hi,

I'm trying to rename the Administrator Login, and i want to know if my
approach is right:
void RenameUsr(string hostname, string admusr)

{

DirectoryEntry entry = new DirectoryEntry("WinNT://" + hostname + "/" +
"Administrator" + ",user");

entry.Properties["UserPrincipalName"].Value = admusr;

entry.CommitChanges();

}

Thanks,

Victor

 

[Marc Scheuner [MVP ADSI]]

I'm trying to rename the Administrator Login, and i want to know if my

approach is right:

What do you mean by "rename"? What name (there are plenty!) do you
want to change? The actual logon name? The LDAP object name? The
display name ?

Also, are you running on a local machine, or in a network?? If you're
on a network, I'd STRONGLY recommend using LDAP instead of the
deprecated WinNT provider.

Marc

 

[Victor Pereira]

Hi Marc,
I want to rename the logon name. Now i changed my approach and now i'm using
WMI. But my problem is: This code does not work in W2k, just in XP and 2003.
Do you know how can i do it in a W2k Enviroment ?
Look my code:

void RenameUsr(string hostname, string admusr)

{


try

{

ConnectionOptions oConn = new ConnectionOptions();

string myMachine = @"\\" + hostname + @"\root\cimv2" ;

string myQuery = "Select * from Win32_UserAccount WHERE Domain = " + "'" +
hostname + "'" + " AND SIDType = 1 ";

ManagementScope oMs = new ManagementScope(myMachine, oConn);

ObjectQuery oQuery = new ObjectQuery(myQuery);

ManagementObjectSearcher oSearcher = new
ManagementObjectSearcher(oMs,oQuery);

ManagementObjectCollection queryCollection1 = oSearcher.Get();

foreach( ManagementObject mo in queryCollection1 )

{


try

{

string sLogin = mo["Name"].ToString();

if(sLogin.StartsWith("Admin"))

{

ManagementBaseObject iPar = mo.GetMethodParameters("Rename");

iPar["Name"] = admusr;

ManagementBaseObject outPar= mo.InvokeMethod("Rename", iPar, null);

uint ret = (uint)outPar.Properties["ReturnValue"].Value;

if(ret != 0)

{

MessageBox.Show("Error " + ret.ToString() + " trying to rename user");

}

}

}

catch(Exception ez)

{

MessageBox.Show(hostname + " " + admusr + " " + ez.Message);

}

}

}

catch(Exception zz)

{

MessageBox.Show(hostname + " " + admusr + " " + zz.Message);

}

}

}

Thanks in advance,

Victor

 

[Marc Scheuner [MVP ADSI]]

I want to rename the logon name.

Again: are you dealing with a local machine and a local account, or is
this an account on a network / in a network domain?

AFAIK, WMI is read-only by design - I don't think you can update
anything through it, really.

If you're dealing with a domain and a user account in a domain, your
best choice is to use ADSI and the LDAP provider - find the user in
question (either by just knowing his LDAP path, or by searching for
it), and then update the appropriate name (in your case: the
"sAMAccountName"), and save the changes back to the store.

Something like:

DirectoryEntry deUser = new
DirectoryEntry("LDAP://cn=JohnDoe,cn=Users,dc=fabrikam,dc=com");

deUser.Properties["sAMAccountName"].Value = "new_logon_name";
deUser.CommitChanges();

Marc

 

[Victor Pereira]

Hi Marc,
WMI isn't read-only and my pasted code is working but just in windows xp and
2003.
I'm working with local machine, so that's why i'm not using the LDAP
provider. My problem is: I want to rename the local Administrator in a
"Windows 2000 enviroment".

Thanks for your help,

Victor

I want to rename the logon name.

Again: are you dealing with a local machine and a local account, or is
this an account on a network / in a network domain?

AFAIK, WMI is read-only by design - I don't think you can update
anything through it, really.

If you're dealing with a domain and a user account in a domain, your
best choice is to use ADSI and the LDAP provider - find the user in
question (either by just knowing his LDAP path, or by searching for
it), and then update the appropriate name (in your case: the
"sAMAccountName"), and save the changes back to the store.

Something like:

DirectoryEntry deUser = new
DirectoryEntry("LDAP://cn=JohnDoe,cn=Users,dc=fabrikam,dc=com");

deUser.Properties["sAMAccountName"].Value = "new_logon_name";
deUser.CommitChanges();

Marc

 

[Willy Denoyette [MVP]]

Again: are you dealing with a local machine and a local account, or is
this an account on a network / in a network domain?

AFAIK, WMI is read-only by design - I don't think you can update
anything through it, really.

This is not true, WMI is R/W by design, only thing is that some
classes/properties are read only.

Willy.

 

[Willy Denoyette [MVP]]

Hi Marc,
I want to rename the logon name. Now i changed my approach and now i'm
using
WMI. But my problem is: This code does not work in W2k, just in XP and
2003.
Do you know how can i do it in a W2k Enviroment ?

You can't call Rename on W2K, it's only supported on XP, W2K and higher.
Only thing you can do is delete and recreate the account using
DirectoryServices with the WinNT provider. You are also aware of the dangers
of renaming the administrator account do you?

Willy.

 

[Victor Pereira]

Hi Willy,
Thanks for your reply.. two MVPs aswering my questions.. that is a honor!

But when you sad that i must create and delete i think your wrong and here
is a function to proof it!

void RenameUser(string hostname,string admusr)

{

try

{

DirectoryEntry entry = new DirectoryEntry("WinNT://" + hostname +
",computer");

DirectoryEntry cEntry = entry.Children.Find("administrator");

MessageBox.Show(cEntry.Path.ToString());

cEntry.MoveTo(entry,admusr);

cEntry.CommitChanges();

}

catch(Exception cc)

{

MessageBox.Show(cc.Message.ToString());

}

}



Reguards,

Victor Pereira MVP-WannaBe

 

[Willy Denoyette [MVP]]

Hi Willy,
Thanks for your reply.. two MVPs aswering my questions.. that is a honor!

But when you sad that i must create and delete i think your wrong and here
is a function to proof it!

void RenameUser(string hostname,string admusr)

{

try

{

DirectoryEntry entry = new DirectoryEntry("WinNT://" + hostname +
",computer");

DirectoryEntry cEntry = entry.Children.Find("administrator");

MessageBox.Show(cEntry.Path.ToString());

cEntry.MoveTo(entry,admusr);

cEntry.CommitChanges();

}

catch(Exception cc)

{

MessageBox.Show(cc.Message.ToString());

}

}



Reguards,

Victor Pereira MVP-WannaBe

Yes, but you probably know there are different ways to skin a cat, here is
another one.

DirectoryEntry cEntry = userEntry.Children.Find("administrator");
cEntry.Rename(admuser);
cEntry.CommitChanges();

All depends what you realy wanna do, do you need a completely new entry
(that is a new SID) or do you need to keep the SID associated with a new
name?.
Note that someone who knows the SID of the original administrator, can also
find the name of the new administrator when using MoveTo and Rename.


Willy.

 

[Victor Pereira]

Hi Willy,

I tried this "DirectoryEntry cEntry = userEntry.Find("admin"), but did'nt
worked."

Thanks for your reply,

Victor

 

[Willy Denoyette [MVP]]

Missing Children in ...
userEntry.Find

Willy.

Hi Willy,

I tried this "DirectoryEntry cEntry = userEntry.Find("admin"), but did'nt
worked."

Thanks for your reply,

Victor

 

[Marc Scheuner [MVP ADSI]]

I tried this "DirectoryEntry cEntry = userEntry.Find("admin"), but did'nt

worked."

First of all, as Willy pointed out, you need to search in the
userEntry.Children collection.

Secondly, you need to prefix your user with the cn= moniker.

And thirdly, I'd suggest using the other overload of this function,
where you can specify the class name as well.

So I'd search like this:

DirectoryEntry cEntry = userEntry.Children.Find("cn=admin", "user");

Also mind you - you need to use the actual object name in Active
Directory - *NOT* it's sam account name (which you'd use to log on).

Marc

================================================================
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch

 

[Victor Pereira]

Marc and Willy,
Thanks!

First of all, as Willy pointed out, you need to search in the
userEntry.Children collection.

Secondly, you need to prefix your user with the cn= moniker.

And thirdly, I'd suggest using the other overload of this function,
where you can specify the class name as well.

So I'd search like this:

DirectoryEntry cEntry = userEntry.Children.Find("cn=admin", "user");

Also mind you - you need to use the actual object name in Active
Directory - *NOT* it's sam account name (which you'd use to log on).

Marc

================================================================
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch