Creating a user using Active Directory

[elziko]

Hi,

I'm using the following code to create a user:

Dim strNodeName As String = "test user"
Dim NewUser As DirectoryEntry
Dim AD As New DirectoryEntry("WinNT://MYCOMPUTER")

'delete user when existing
Try
NewUser = AD.Children.Find(strNodeName, "User")
AD.Children.Remove(NewUser)
'catch 'not found' exception
Catch comEx As COMException
Console.WriteLine(comEx.Message)
End Try

'add user using the user schema
NewUser = AD.Children.Add(strNodeName, "user")
NewUser.Properties("description").Add("test user")

'set user flags, sets normal user and pwd cant change
NewUser.Properties("userFlags").Add(UF_NORMAL_ACCOUNT Or
UF_PASSWD_CANT_CHANGE)

'invoke native method 'Setpassword; before comitting
NewUser.Invoke("SetPassword", New Object() {"mysecret"})
NewUser.CommitChanges()

'add user toguest alias
Dim grp As DirectoryEntry = AD.Children.Find("Administrators", "group")
If Not grp.Name Is Nothing Then
grp.Invoke("Add", New Object() {NewUser.Path.ToString()})
Console.WriteLine("Account Created Successfully")
End If

This works fine if I set the domain to be the computer that the code runs on
but if I set it to be our companies domain then I get a
System.UnauthorizedAccessException. So I when instntiating 'AD' I aslo
passed in the username and password of the administrator on the domain who
is allowed to add users.

I then don;t get an exception, everything runs fine but no user is added to
the local machine, even after reboot. What am I doing wrong?

TIA

 

[Marc Scheuner [MVP ADSI]]

Dim strNodeName As String = "test user"

Dim AD As New DirectoryEntry("WinNT://MYCOMPUTER")
NewUser = AD.Children.Add(strNodeName, "user")
This works fine if I set the domain to be the computer that the code runs on
but if I set it to be our companies domain then I get a
System.UnauthorizedAccessException.

Well, first of all, if you have a "company domain", I would STRONGLY
suggest using the LDAP:// provider rather than the WinNT:// provider.
This WinNT codebae is really only provided as a backwards
compatibility mechanism for NT4 domains, and should be avoided
whenever possible. Also, the WinNT provider does NOT support your
Active Directory hierarchy - you can't create users in specific OU's
(since the WinNT provider only knows about a flat, non-hierarchical
model without OU's).

So I'd suggest using something like:

Dim AD As New DirectoryEntry("LDAP://cn=Users,dc=YourCOmpany,dc=com");
Dim NewUser as DirectoryEntry
NewUser = AD.Children.Add("cn=YourUserName", "user");
'' set properties for NewUser, then store them back to AD
NewUser.CommitChanges();

Secondly, in a corporate domain environment, your default user might
not have permissions to do such things as create a new user - you
possibly need to a) grant your user admin rights (at least on the OU
you're interested in), or b) use another user (and specify it in your
call to "New DirectoryEntry()".

Also, if you're in an ASP.NET environment, often this "serverless
binding" as mentioned above won't work, and you'd need to specify a
particular DC by machine name which should be used for your binding
operations:

Dim AD As New
DirectoryEntry("LDAP://DC01.YourCompan.com/cn=Users,dc=YourCOmpany,dc=com");


HTH
Marc
================================================================
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch