Adding users to AD using LDAP

vb.net active-directory ldap
10,557

If you're creating a user, you need to

  • bind to the container you want to create the user in
  • create the new user account as a child of that container

Just by setting the LDAP path, you are not defining where the user will go!

Try something like this (C# sample - should be trivial to convert to VB.NET):

DirectoryEntry cnUsers = new DirectoryEntry("LDAP://CN=Users,DC=celtestdom,DC=local");

// create a user directory entry in the container
DirectoryEntry newUser = container.Children.Add("cn=NewUserAccount", "user");

// add the samAccountName mandatory attribute
newUser.Properties["sAMAccountName"].Value = "NewUser";

// add any optional attributes
newUser.Properties["givenName"].Value = "User";
newUser.Properties["sn"].Value = "One";

// save to the directory
newUser.CommitChanges();

// set a password for the user account
// using Invoke method and IadsUser.SetPassword
newUser.Invoke("SetPassword", new object[] { "pAssw0rdO1" });

// require that the password must be changed on next logon
newUser.Properties["pwdLastSet"].Value = 0;

// save to the directory
newUser.CommitChanges();

Or if you're using .NET 3.5 or newer, you could also use the new System.DirectoryServices.AccountManagement namespace that makes lots of things easier.

Then the code looks a bit simpler:

// create a context for a domain and define "base" container to use
PrincipalContext ctx = new PrincipalContext(ContextType.Domain,
         "celtestdom", "CN=Users,DC=celtestdom,DC=local");

// create a user principal object
UserPrincipal user = new UserPrincipal(ctx, "NewUser", "pass@1w0rd01", true);

// assign some properties to the user principal
user.GivenName = "User";
user.Surname = "One";

// force the user to change password at next logon
user.ExpirePasswordNow();

// save the user to the directory
user.Save();

Check out more about the System.DirectoryServices.AccountManagement (S.DS.AM) namespace here:

Share:
10,557
Pickle
Author by

Pickle

Updated on June 04, 2022

Comments

  • Pickle
    Pickle almost 2 years

    I'm writing an application that will add users to Active Directory. I'm trying to use this code to connect to the "Users" shared folder in AD

    LDAP://celtestdomdc1.celtestdom.local/CN=Users,DC=celtestdom,DC=local

    However it adds the user in with the shared folders, instead of within the "Users" shared folder. Shouldn't CN=Users mean it will add it to the "Users" folder?

    Thanks

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How best to recursively query AD Group membership in ASP.NET (using vb)
What are the other alternative to test a LDAP connection on linux machine
Query active directory to get a user's roles in .NET
LDAP Error "User Name Not Found"
LDAP: How to add a new user to a group inside an OU
How to retrieve DirectoryEntry from a DirectoryEntry and a DN
Query Active Directory from ASP.NET and bind result to List View
Using LDAP functions to get Active Directory tokenGroups attribute in PHP
LDAP exclude sub OU from search
How to get all members of AD group via LDAP in Java