LDAP connection to create AD Account for non-admin user


  • I am creating a small application to allow 2 non-admin staff members to do some basic management of AD User. Just creating accounts, resetting passwords and deactivating accounts. The code below works fine for admin users, how can I alter it so that these 2 can create accounts:

     Public Sub CreateAdAccount(ByVal sUserName As String, ByVal sPassword As String, ByVal sFirstName As String, ByVal sLastName As String, ByVal sGroupName As String, ByVal DisplayName As String)
            ' Dim catalog As Catalog = New Catalog()
            Dim dirEntry As New DirectoryEntry("LDAP://Server/CN=Users, DC=Domain", "AdminUser", "AdminPassword", AuthenticationTypes.Secure)
            Dim adUsers As DirectoryEntries = dirEntry.Children
            Dim newUser As DirectoryEntry = adUsers.Add("CN=" & DisplayName, "user")
            'search.Filter = ("(&(objectClass=user)(objectCategory=person)(department=" & departmentName & "))")
            SetADProperty(newUser, "givenname", sFirstName)
            SetADProperty(newUser, "sn", sLastName)
            SetADProperty(newUser, "SAMAccountName", sUserName)
            SetADProperty(newUser, "userPrincipalName", sUserName)
            SetADProperty(newUser, "Department", Userdata.Item(3).ToString.ToLower)
            SetADProperty(newUser, "displayName", DisplayName)
            SetADProperty(newUser, "pwdLastSet", 0)
            SetADProperty(newUser, "userWorkStations", "tablet2,tablet3,tablet4,tablet5,tablet6,tablet7,tablet8")
                    SetADProperty(newUser, "ProfilePath", "\\Server\tabletdata$\%username%")
                SetPassword(newUser, sPassword)
                AddUserToGroup(dirEntry, newUser, "Users")
            Catch ex As Exception
                MsgBox("Unable to create this user" & ex.InnerException.ToString)
            End Try
            Dim NewLocation As New DirectoryEntry("LDAP://Server/CN=Users, DC=Juvenile", "AdminUser", "AdminPassword", AuthenticationTypes.Secure)
            AddUserToGroup(dirEntry, newUser, "Tablet_Redirection")
            AddUserToGroup(dirEntry, newUser, "TabletUsers")
            MsgBox("New login for" & sUserName & " has been created." & Chr(13) & Chr(13) & "The password has been set to: " & sPassword & Chr(13) & Chr(13) & "User will be required to change the passowrd at their next login.", MsgBoxStyle.OkOnly, "SUCCESS!")
        End Sub

    Or is it even possible to do?

    Wednesday, December 9, 2015 9:44 PM


All replies

  • >The code below works fine for admin users, how can I alter it so that these 2 can create accounts:

    Which aspect of the code fails for these non-admin accounts?

    Assuming your code isn't assuming more privileges than it needs, the
    solution would be to give those particular users permission to
    create/change whatever is needed.


    Wednesday, December 9, 2015 10:12 PM
  • Turns out the problem seemed to be in a different part of the code. 

    Thursday, December 10, 2015 5:06 PM
  • Hi gspeed316,

    This forum is discuss Visual Studio WPF/SL Designer, Visual Studio Guidance Automation Toolkit, Developer Documentation and Help System, and Visual Studio Editor.

    I'm glad that you have turns out the problem. Thanks for sharing your solution here and please mark your reply as answer, which is benefit to other communities who has the same problem.

    Best Regards,

    Monday, December 14, 2015 10:08 AM