locked
Creating user into AD from Sharepoint RRS feed

  • Question

  • Hello again and please bear me ;)

    I got frustrated with my previous solution and as I have a habit, I tried to make my own solution. I understand that this might be wrong forum, but please direct me tio the right one if this is the case.

    So, I decided to try to make a webpart, which allows end users (workspace admins) to create new users that should go to AD. I can create the user but there remains two problems (which probably are tangled):

    1. The user remains disabled and trying to enable it, the server says something "The server is unwilling to do the operation". Given the extended error messge it seems that this is because the user pasword isn't strong enogh according the AD rules - which leads us to the problem #

    2. Trying to set the password either just plainly crashes the application or at least don't work whatever I try.

    Here is the code that I have...WHERE is the problem?

    This shouldn't be a problem of user rights, the same user credentials works fine with Bamboo web part.

    So here comes the code:

                string ldapPath = "10.0.0.100:389/OU=Testing,DC=ad,DC=domain,DC=com";
                try
                {
                    string connectionPrefix = "LDAP://" + ldapPath;
                    DirectoryEntry directoryEntry = new DirectoryEntry(connectionPrefix, "ldapuser", "password");
                    DirectoryEntry newUser = directoryEntry.Children.Add("CN=" + firstname.Text + " " + surname.Text, "user");
                    newUser.Properties["samAccountName"].Value = userlogin.Text;
                    newUser.CommitChanges();
                    string password = "password@This1";
    // if I comment next line out, the next after that gives me an error on exception 
    // but if I eave this here it crashes
    // commenting both lines works neatly but my two problems are of course there...
                    newUser.Invoke("SetPassword", new object[] { password });
                    newUser.Properties["userAccountControl"].Value = 512;
                    newUser.CommitChanges();
                    directoryEntry.Close();        
                    newUser.Close();
                }
                catch (System.DirectoryServices.DirectoryServicesCOMException E)
                {
                    outputString = outputString + E.Message.ToString() + "<br>" + E.ExtendedErrorMessage.ToString(); ;
                }
    
    

     Help, anybody?

     hank, the frustrated (once more)

    • Moved by Shimin Huang Tuesday, November 8, 2011 2:43 AM AD Related (From:SharePoint 2010 - Using Visual Studio with SharePoint and other programming)
    Sunday, November 6, 2011 7:22 AM

All replies

  • Can you just once try to add a user to AD manually with the same username, firstname, lastname and password that you want to create programmatically.
    Sunday, November 6, 2011 11:01 PM
  • I have done that with half of the citizens of Duckburg :)

    Actually there is another webpart with Bamboo User Account Setup on the same page, running with same credentials which works just fine (but has some minor problems like wrong language).

    hank

    Monday, November 7, 2011 4:43 AM
  • Humm...

    I tried this anyway in the production AD and it works there...

    Basically this makes this thread obsolete, but I still would like to understand why it doesn't work on the other AD, so I won't close this thread as solved (though for my current practical needs it is)

    hank the relieved (somewhat)

    Monday, November 7, 2011 6:50 AM
  • Hi,

    It seems that you have forgot to enable the user, please try using following code. run the code under user who has add user access on AD.

    public void CreateUserAccountAd()   
         {        
        string strUser = "CN=username";   
      string strPassword = "ssss#1234";   
             string strpath = "LDAP://xxxxx.com/OU=xxxx,DC=xxxx,DC=com";  DirectoryEntry de = new DirectoryEntry(strpath);   
                 DirectoryEntries child = de.Children;   
                 DirectoryEntry deuser = child.Add(strUser,"user");          
          deuser.Properties["sAMAccountName"].Add(strUserId);           
         deuser.CommitChanges();              
      SetPassword(deuser, strPassword);           
         Enable(deuser);     
       } 
    private static void SetPassword(DirectoryEntry UE, string password)
            {
                object[] oPassword = new object[] {password};            object ret = UE.Invoke("SetPassword", oPassword );            UE.CommitChanges();     
       }
     public void Enable(DirectoryEntry dr)  
          {            
        ActiveDs.IADsUser user1 = (ActiveDs.IADsUser) dr.NativeObject;            
        user1.AccountDisabled =false;     
               dr.CommitChanges();     
       }
    
    
    
    

     


    Thanks.... ________________ Baba
    Monday, November 7, 2011 7:34 AM
  • Thank you very much

    My code tried to enable the user but with different method, which failed because there was no password (setting of which is the problem).

    I'll check this new code for the earlier AD, but it will take a little time. Now I have to concentrate the current project on the production AD...

    hank

    Monday, November 7, 2011 7:48 AM
  • Do you have a different password policy in your DEV environment that enforces insanely complicated passwords?
    http://donahoo-development.com
    Monday, November 7, 2011 3:50 PM
  • A good point. It shouldn't be so, but I'll check it

    hank

    Tuesday, November 8, 2011 4:39 AM