DirectoryEntry SetPassword issue

[Jessica]

When I create a single LDAP ActiveDirectory user and use
DirectoryEntry.Invoke("SetPassword"...), the user is created and the
password is set with no problems.

However, when I try to add more than one user by calling my CreateUser
method repeatedly, ADSI throws an exception when I try to set the
password of the second (and all subsequent) users I create. Does
anyone have a sense of why this is happening?

The error states that one or more input parameters are invalid, but if
I restart the program and use the same parameter for the password that
raised the exception in the previous run, no exception is thrown.

For example, if I use "u1" as user name and "p1" and password name for
the first user I create, and I use "u2" and "p2" for the second user,
when I call Invoke("SetPassword", object[]{"p2"}), I get the exception
below. However, if I restart the program and use "u2" and "p2" for the
first user I create, no exception is thrown.

Here is the error thrown.

System.Reflection.TargetInvocationException: Exception has been thrown
by the target of an invocation. --->
System.Runtime.InteropServices.COMException (0x80005008): One or more
input parameters are invalid


Here is the method used to create the user.
internal void CreateUser(string userName, string password)
{
//GetRootEntries() gets the LDAP entries in the root group to which I
am adding users.
DirectoryEntries entriesRoot = GetRootEntries();
string userPathName = "cn=" + userName;
DirectoryEntry entryCheck = null;
DirectoryEntry entry = null;

try
{ // *** Seek previous entry with the same name. This
will throw an exception if user does not exist.
entryCheck = entriesRoot.Find(userPathName);
}
catch(Exception)
{
//user does not exist, which is what you want when
creating a user.
}
try
{
if ( entryCheck != null)
{
//user already exists
}
else
{
entry = entriesRoot.Add(userPathName, "user"
);

entry.Properties["sAMAccountName"].Add(userName);
entry.Properties["sn"].Add("User");
entry.Properties["givenName"].Add(userName);
entry.CommitChanges();
// User has to be saved prior to this step
entry.Invoke("SetPassword", new object[]
{password} );

// Create a normal account and enable it -
ADS_UF_NORMAL_ACCOUNT; this is part of Windows SDK
(ADS_USER_FLAG_ENUM)
// and to my knowledge, not part of .net. JL
12/18/03
entry.Properties["userAccountControl"].Value =
0x200;
entry.CommitChanges();
entry.Close();
//cleanup; this is required for AD to store
changes fully and completely.
entry.Dispose();
entry = null;

}
}
catch ( Exception e2)
{
//custom error handling here...
}
entriesRoot = null;
}
}

Thanks is advance for shedding light on this,
Jessica

 

[Willy Denoyette [MVP]]

Jessica,

Make sure you bind securely when calling SetPassword, something like this
should work.....

....
// re-bind using a secure authentication type when calling SetPassword
using (DirectoryEntry userEntry = new DirectoryEntry(entry.Path,
bindUser,bindPwd,
AuthenticationTypes.Secure | AuthenticationTypes.ServerBind))
{
object[] password = new object[] {"somepassword"};
object ret = userEntry.Invoke("SetPassword", password );
userEntry.Properties["userAccountControl"].Value = 0x200;
userEntry.CommitChanges();
}
....

Willy.

When I create a single LDAP ActiveDirectory user and use
DirectoryEntry.Invoke("SetPassword"...), the user is created and the
password is set with no problems.

However, when I try to add more than one user by calling my CreateUser
method repeatedly, ADSI throws an exception when I try to set the
password of the second (and all subsequent) users I create. Does
anyone have a sense of why this is happening?

The error states that one or more input parameters are invalid, but if
I restart the program and use the same parameter for the password that
raised the exception in the previous run, no exception is thrown.

For example, if I use "u1" as user name and "p1" and password name for
the first user I create, and I use "u2" and "p2" for the second user,
when I call Invoke("SetPassword", object[]{"p2"}), I get the exception
below. However, if I restart the program and use "u2" and "p2" for the
first user I create, no exception is thrown.

Here is the error thrown.

System.Reflection.TargetInvocationException: Exception has been thrown
by the target of an invocation. --->
System.Runtime.InteropServices.COMException (0x80005008): One or more
input parameters are invalid


Here is the method used to create the user.
internal void CreateUser(string userName, string password)
{
//GetRootEntries() gets the LDAP entries in the root group to which I
am adding users.
DirectoryEntries entriesRoot = GetRootEntries();
string userPathName = "cn=" + userName;
DirectoryEntry entryCheck = null;
DirectoryEntry entry = null;

try
{ // *** Seek previous entry with the same name. This
will throw an exception if user does not exist.
entryCheck = entriesRoot.Find(userPathName);
}
catch(Exception)
{
//user does not exist, which is what you want when
creating a user.
}
try
{
if ( entryCheck != null)
{
//user already exists
}
else
{
entry = entriesRoot.Add(userPathName, "user"
);

entry.Properties["sAMAccountName"].Add(userName);
entry.Properties["sn"].Add("User");
entry.Properties["givenName"].Add(userName);
entry.CommitChanges();
// User has to be saved prior to this step
entry.Invoke("SetPassword", new object[]
{password} );

// Create a normal account and enable it -
ADS_UF_NORMAL_ACCOUNT; this is part of Windows SDK
(ADS_USER_FLAG_ENUM)
// and to my knowledge, not part of .net. JL
12/18/03
entry.Properties["userAccountControl"].Value =
0x200;
entry.CommitChanges();
entry.Close();
//cleanup; this is required for AD to store
changes fully and completely.
entry.Dispose();
entry = null;

}
}
catch ( Exception e2)
{
//custom error handling here...
}
entriesRoot = null;
}
}

Thanks is advance for shedding light on this,
Jessica

 

[Guest]

Willy,
I have a few questions. How will binding securely solve
the problem I posted? Why do you think I am seeing the
error "One or more input parameters are invalid"?
Second, after you create a user and before you have set
the password, what value do you use for the password when
creating a new DirectoryEntry? I tried creating a new
DirectoryEntry as you suggested, using string.Empty as
the password, thinking this would be the correct value
before the password was ever set on the entry, but when I
tried to set the password, I got the exception "Logon
failure: unknown user name or bad password".

Thanks,
Jessica

-----Original Message-----
Jessica,

Make sure you bind securely when calling SetPassword, something like this
should work.....

....
// re-bind using a secure authentication type when calling SetPassword
using (DirectoryEntry userEntry = new DirectoryEntry (entry.Path,
bindUser,bindPwd,
AuthenticationTypes.Secure | AuthenticationTypes.ServerBind))
{
object[] password = new object[] {"somepassword"};
object ret = userEntry.Invoke("SetPassword", password );
userEntry.Properties["userAccountControl"].Value = 0x200;
userEntry.CommitChanges();
}
....

Willy.

When I create a single LDAP ActiveDirectory user and use
DirectoryEntry.Invoke("SetPassword"...), the user is created and the
password is set with no problems.

However, when I try to add more than one user by calling my CreateUser
method repeatedly, ADSI throws an exception when I try to set the
password of the second (and all subsequent) users I create. Does
anyone have a sense of why this is happening?

The error states that one or more input parameters are invalid, but if
I restart the program and use the same parameter for the password that
raised the exception in the previous run, no exception is thrown.

For example, if I use "u1" as user name and "p1" and password name for
the first user I create, and I use "u2" and "p2" for the second user,
when I call Invoke("SetPassword", object[]{"p2"}), I get the exception
below. However, if I restart the program and use "u2" and "p2" for the
first user I create, no exception is thrown.

Here is the error thrown.

System.Reflection.TargetInvocationException: Exception has been thrown
by the target of an invocation. --->
System.Runtime.InteropServices.COMException (0x80005008): One or more
input parameters are invalid


Here is the method used to create the user.
internal void CreateUser(string userName, string password)
{
//GetRootEntries() gets the LDAP entries in the root group to which I
am adding users.
DirectoryEntries entriesRoot = GetRootEntries();
string userPathName = "cn=" + userName;
DirectoryEntry entryCheck = null;
DirectoryEntry entry = null;

try
{ // *** Seek previous entry with the same name. This
will throw an exception if user does not exist.
entryCheck = entriesRoot.Find (userPathName);
}
catch(Exception)
{
//user does not exist, which is what you want when
creating a user.
}
try
{
if ( entryCheck != null)
{
//user already exists
}
else
{
entry = entriesRoot.Add (userPathName, "user"
);

entry.Properties["sAMAccountName"].Add(userName);
entry.Properties["sn"].Add ("User");
entry.Properties ["givenName"].Add(userName);
entry.CommitChanges();
// User has to be saved prior to this step
entry.Invoke("SetPassword", new object[]
{password} );

// Create a normal account and enable it -
ADS_UF_NORMAL_ACCOUNT; this is part of Windows SDK
(ADS_USER_FLAG_ENUM)
// and to my knowledge, not part of .net. JL
12/18/03
entry.Properties ["userAccountControl"].Value =
0x200;
entry.CommitChanges();
entry.Close();
//cleanup; this is required for AD to store
changes fully and completely.
entry.Dispose();
entry = null;

}
}
catch ( Exception e2)
{
//custom error handling here...
}
entriesRoot = null;
}
}

Thanks is advance for shedding light on this,
Jessica

.