Peter Steele said:
Thanks for this code, I'll have to give it a try. Is there similar
technique for creating a domain account using DirectoryServices? I
basically want to do something like NetUserAdd to add user X to domain Y
and there is a possibility that the workstation where I am running the
code will not be in the domain.
Sure, check this
http://msdn.microsoft.com/library/d...n-us/sds/sds/binding_to_directory_objects.asp
Note that most of the samples in
http://msdn.microsoft.com/library/en-us/sds/sds/quick_list_for_c__code_examples.asp?
are for AD domain management using the LDAP provider interface, NT4
domains only support a limitted subset of the AD properties and the
semantics and syntax can differ significantly, check MSDN for differences.
To get you started, here's a sample that creates a local account in the
Guest alias.
using System.DirectoryServices;
using System.Runtime.InteropServices;
using System;
class AdsiUser
{
// User flags used to set user properties see AdSI doc's in MSDN
const int UF_SCRIPT = 0x0001;
const int UF_ACCOUNTDISABLE = 0x0002;
const int UF_HOMEDIR_REQUIRED = 0x0008;
const int UF_LOCKOUT = 0x0010;
const int UF_PASSWD_NOTREQD = 0x0020;
const int UF_PASSWD_CANT_CHANGE = 0x0040;
const int UF_TEMP_DUPLICATE_ACCOUNT = 0x0100;
const int UF_NORMAL_ACCOUNT = 0x0200;
const int UF_DONT_EXPIRE_PASSWD = 0x10000;
const int UF_PASSWORD_EXPIRED = 0x800000;
public static void Main()
{
string userName = "Tester";
DirectoryEntry NewUser;
//Bind and get the local computer container object using WinNT provider
// Use LDAP as provider to bind against an AD domain
using(DirectoryEntry computer = new DirectoryEntry("WinNT://" +
Environment.MachineName + ",computer", ".\\Administrator", "kevin"))
{
// delete user when existing
NewUser = computer.Children.Find(userName, "User");
if (NewUser != null)
computer.Children.Remove(NewUser);
// Add entry using the user schema
NewUser = computer.Children.Add(userName, "user");
NewUser.Properties["fullname"].Add("Tester account");
NewUser.Properties["description"].Add("test user acount");
NewUser.Properties["PasswordExpired"].Add(1); // user must change
password at next login
// Set some user flags
// this flag is different when binding to computer domain using LDAP
NewUser.Properties["userFlags"].Add(UF_NORMAL_ACCOUNT
|UF_DONT_EXPIRE_PASSWD
);
// invoke native method 'SetPassword' before commiting
// for computer domain accounts this must be done after commiting
NewUser.Invoke("SetPassword", new Object[] {"#12345Abc"});
NewUser.CommitChanges();
foreach(string s in NewUser.Properties.PropertyNames)
Console.WriteLine(s + " " + (NewUser.Properties
)[0]);
// Add user to guests alias
DirectoryEntry grp = computer.Children.Find("guests", "group");
try {
if (grp.Name != null)
grp.Invoke("Add", new Object[] {NewUser.Path.ToString()});
Console.WriteLine("Account Created Successfully");
}
catch(Exception ex)
{
Console.WriteLine(ex);
}
}
}
}
Willy.