2

I'm writing an application that will add users to Active Directory. I'm trying to use this code to connect to the "Users" shared folder in AD

LDAP://celtestdomdc1.celtestdom.local/CN=Users,DC=celtestdom,DC=local

However it adds the user in with the shared folders, instead of within the "Users" shared folder. Shouldn't CN=Users mean it will add it to the "Users" folder?

Thanks

Improve this question
1
  • I think marc_s is correct in your case. If you post some code, we might be able to show you the changes that would be needed. Commented Mar 21, 2012 at 21:08

1 Answer 1

Reset to default
3

If you're creating a user, you need to

  • bind to the container you want to create the user in
  • create the new user account as a child of that container

Just by setting the LDAP path, you are not defining where the user will go!

Try something like this (C# sample - should be trivial to convert to VB.NET):

DirectoryEntry cnUsers = new DirectoryEntry("LDAP://CN=Users,DC=celtestdom,DC=local");

// create a user directory entry in the container
DirectoryEntry newUser = container.Children.Add("cn=NewUserAccount", "user");

// add the samAccountName mandatory attribute
newUser.Properties["sAMAccountName"].Value = "NewUser";

// add any optional attributes
newUser.Properties["givenName"].Value = "User";
newUser.Properties["sn"].Value = "One";

// save to the directory
newUser.CommitChanges();

// set a password for the user account
// using Invoke method and IadsUser.SetPassword
newUser.Invoke("SetPassword", new object[] { "pAssw0rdO1" });

// require that the password must be changed on next logon
newUser.Properties["pwdLastSet"].Value = 0;

// save to the directory
newUser.CommitChanges();

Or if you're using .NET 3.5 or newer, you could also use the new System.DirectoryServices.AccountManagement namespace that makes lots of things easier.

Then the code looks a bit simpler:

// create a context for a domain and define "base" container to use
PrincipalContext ctx = new PrincipalContext(ContextType.Domain,
         "celtestdom", "CN=Users,DC=celtestdom,DC=local");

// create a user principal object
UserPrincipal user = new UserPrincipal(ctx, "NewUser", "pass@1w0rd01", true);

// assign some properties to the user principal
user.GivenName = "User";
user.Surname = "One";

// force the user to change password at next logon
user.ExpirePasswordNow();

// save the user to the directory
user.Save();

Check out more about the System.DirectoryServices.AccountManagement (S.DS.AM) namespace here:

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.