Disable/enable user in ADSI

G

Guest

To change a password for a user I use this code

DirectoryEntry myDirectoryEntry
myDirectoryEntry = new DirectoryEntry(@"WinNT://" + domain +"/"+username+",User")
myDirectoryEntry.Invoke("setPassword", password)
myDirectoryEntry.CommitChanges()

But if I wan't to enable or disable an account, how do I do that

Regards
Anders Aleborg
 
W

Willy Denoyette [MVP]

Aleborg said:
To change a password for a user I use this code:

DirectoryEntry myDirectoryEntry;
myDirectoryEntry = new DirectoryEntry(@"WinNT://" + domain
+"/"+username+",User");
myDirectoryEntry.Invoke("setPassword", password);
myDirectoryEntry.CommitChanges();

But if I wan't to enable or disable an account, how do I do that?

Regards
Anders Aleborg
Click to expand...

Search the MSDN platform doc's for UserFlag properties, note that the
DiretoryServices are thin wrappers around ADSI, so it's a good idea to have
the ADSI doc's handy.
Following snip illustrates how to enable/disable an account.

// UserFlags used to set user properties see ADSI doc's in MSDN

const int UF_SCRIPT = 0x0001;
const int UF_ACCOUNTDISABLE = 0x0002;
const int UF_HOMEDIR_REQUIRED = 0x0008;
const int UF_LOCKOUT = 0x0010;
const int UF_PASSWD_NOTREQD = 0x0020;
const int UF_PASSWD_CANT_CHANGE = 0x0040;
const int UF_TEMP_DUPLICATE_ACCOUNT = 0x0100;
const int UF_NORMAL_ACCOUNT = 0x0200;
const int UF_DONT_EXPIRE_PASSWD = 0x10000;
const int UF_PASSWORD_EXPIRED = 0x800000;

.....
// Flip AccountDisable bit to enable/disable account.
myDirectoryEntry.Properties["UserFlags"].Value =
((int)NewUser.Properties["userFlags"].Value) ^ UF_ACCOUNTDISABLE;
....

Willy.
 
G

Guest

Thanks but where do you get "NewUser" from
I've got this code now

const int UF_ACCOUNTDISABLE = 0x0002

DirectoryEntry myDirectoryEntry
myDirectoryEntry = new DirectoryEntry(@"WinNT://" + domain +"/"+username+",User")
myDirectoryEntry.Properties["UserFlags"].Value = ((int)myDirectoryEntry.Properties["userFlags"].Value) ^ UF_ACCOUNTDISABLE
myDirectoryEntry.CommitChanges()

And I get the error
System.Runtime.InteropServices.COMException: Unspecified erro
 
G

Guest

But shouldn't my code work

const int UF_ACCOUNTDISABLE = 0x0002

DirectoryEntry myDirectoryEntry
myDirectoryEntry = new DirectoryEntry(@"WinNT://" + domain +"/"+username+",User")
myDirectoryEntry.Properties["UserFlags"].Value = ((int)myDirectoryEntry.Properties["userFlags"].Value) ^ UF_ACCOUNTDISABLE
myDirectoryEntry.CommitChanges()

I get the error
System.Runtime.InteropServices.COMException: Unspecified erro

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[COMException (0x80004005): Unspecified error
System.DirectoryServices.Interop.IAds.PutEx(Int32 lnControlCode, String bstrName, Object vProp) +
System.DirectoryServices.PropertyValueCollection.OnClearComplete() +5
System.DirectoryServices.PropertyValueCollection.set_Value(Object value) +8
WebCreSiterWeb.CreateWinAccount.Disable(
WebCreSiterWeb.reseller.reseller_settings.Submit2_ServerClick(Object sender, EventArgs e
System.Web.UI.HtmlControls.HtmlInputButton.OnServerClick(EventArgs e) +10
System.Web.UI.HtmlControls.HtmlInputButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +5
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +1
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +3
System.Web.UI.Page.ProcessRequestMain() +127

Regard

Anders Aleborg
 
J

Jeffrey Tan[MSFT]

Hi Anders,

This code does not work for you?

For building the connection string using ADSI, please refer to:
"Binding String"
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/b
inding_string.asp
"WinNT ADsPath"
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/w
innt_adspath.asp

As stated in the document, I think your syntax may have no big problem, the
point you should be careful of is that the connection string is
case-sensitive, please ensure this in your code. Thanks.

Actually, there is a sample of "Enabling and Disabling the User Account"
through C#:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sds/sds/ena
bling_and_disabling_the_user_account.asp

If this still does not work, please use VBScript to do this to see if the
problem is due to .Net Framework.

Thank you for your patience and cooperation. If you have any questions or
concerns, please feel free to post it in the group. I am standing by to be
of assistance.

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
W

Willy Denoyette [MVP]

Yes, it should work, I suggest you try this from a console program first.

Willy.
 
W

Willy Denoyette [MVP]

The property "userAccountControl" is non existent when using the "WinNT"
provider, why did you change that?
Again, try these things from a small console program, you might have a
security issue.
Willy.
 
G

Guest

No it don't work from console either
The code runs as admin

const int UF_ACCOUNTDISABLE = 0x0002

tr

DirectoryEntry myDirectoryEntry
myDirectoryEntry = new DirectoryEntry("WinNT://" + domain +"/"+username+",User")

myDirectoryEntry.Properties["UserFlags"].Value = ((int)myDirectoryEntry.Properties["UserFlags"].Value) ^ UF_ACCOUNTDISABLE

myDirectoryEntry.CommitChanges()
return "ok"

catch(Exception ex

return ex.ToString()


Error
System.Runtime.InteropServices.COMException (0x80004005): Unspecified erro
at System.DirectoryServices.Interop.IAds.PutEx(Int32 lnControlCode, String b
trName, Object vProp
at System.DirectoryServices.PropertyValueCollection.OnClearComplete(
at System.DirectoryServices.PropertyValueCollection.set_Value(Object value
at WebCreSiterWeb.CreateWinAccount.Disable() in c:\inetpub\wwwroot\webcresit
rweb\website.cs:line 77

line 772
myDirectoryEntry.Properties["UserFlags"].Value = ((int)myDirectoryEntry.Properties["UserFlags"].Value) ^ UF_ACCOUNTDISABLE;
 
W

Willy Denoyette [MVP]

I would like to see your domain name, and the OS version you are running
this on.

Willy.


Aleborg said:
No it don't work from console either.
The code runs as admin:
Click to expand...
;
 
G

Guest

The domain and user:
myDirectoryEntry = new DirectoryEntry("WinNT://aleborg-w2k-2/user127,User")

We're using Win 2003 Server Web Edition, we don't have a domain-controller. It works to chang password, create and delete users.
 
W

Willy Denoyette [MVP]

Are you sure this name is the hostname?
Could you try using the IP address?
WinNT://xxx.xxx.xxx.xxx/.....


Willy.
 
M

Marc Scheuner [MVP ADSI]

We're using Win 2003 Server Web Edition, we don't have a domain-controller.

Then what are you trying to enable / disable?? The enable/disable flag
signifies whether or not a user can log on to the DOMAIN - if you
don't have one, trying to enable a user is pretty much
pointless.......

Marc

================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch
 
G

Guest

YES Willy, the host is correct, the same host is used to add, delete and change password for users without problems

If we disable the user, he cant log in to FTP, quite simple really
Just tried to disable an account localy and tried to login with FTP and got denied, enabled the account and could log in to the FTP, so I don't know what you're talking about Marc
 
G

Guest

Found the error! You gave me this code
myDirectoryEntry.Properties["UserFlags"].Value = ((int)myDirectoryEntry.Properties["UserFlags"].Value) ^ UF_ACCOUNTDISABLE
it should be
myDirectoryEntry.Properties["UserFlags"].Add(((int)myDirectoryEntry.Properties["UserFlags"].Value) ^ UF_ACCOUNTDISABLE)

Thank
Anders Aleborg
 
J

Jeffrey Tan[MSFT]

Hi Anders,

Thanks for your feedback.

I am glad your problem finally resolved. :) If you have further concern,
please feel free to post, let's work on it together, thanks.

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
 
W

Willy Denoyette [MVP]

"Add" should be used when the property doesn't exist, that is when creating
a new user and prior to CommitChanges.
The code I gave you is to enable/disable an existing object (user), like you
originally requested. Therefore I suggest you to post complete runable
samples.

Willy.
 
W

Willy Denoyette [MVP]

Marc,

OP is creating local accounts.

Willy.

Marc Scheuner said:
Then what are you trying to enable / disable?? The enable/disable flag
signifies whether or not a user can log on to the DOMAIN - if you
don't have one, trying to enable a user is pretty much
pointless.......

Marc

================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Create SID? 4
setting password to ADS object 2
enable a user account in Active Directory? 1
user creation and adding user to a group using WMI 2
Active Directory: Disable *another* users account 2
Remove user from local group 2
Getting local admin groups and users on a windows server using ADSI 4
C# Exchange create mailbox 2

Top