Adding users to AD using LDAP
If you're creating a user, you need to
- bind to the container you want to create the user in
- create the new user account as a child of that container
Just by setting the LDAP path, you are not defining where the user will go!
Try something like this (C# sample - should be trivial to convert to VB.NET):
DirectoryEntry cnUsers = new DirectoryEntry("LDAP://CN=Users,DC=celtestdom,DC=local");
// create a user directory entry in the container
DirectoryEntry newUser = container.Children.Add("cn=NewUserAccount", "user");
// add the samAccountName mandatory attribute
newUser.Properties["sAMAccountName"].Value = "NewUser";
// add any optional attributes
newUser.Properties["givenName"].Value = "User";
newUser.Properties["sn"].Value = "One";
// save to the directory
newUser.CommitChanges();
// set a password for the user account
// using Invoke method and IadsUser.SetPassword
newUser.Invoke("SetPassword", new object[] { "pAssw0rdO1" });
// require that the password must be changed on next logon
newUser.Properties["pwdLastSet"].Value = 0;
// save to the directory
newUser.CommitChanges();
Or if you're using .NET 3.5 or newer, you could also use the new System.DirectoryServices.AccountManagement
namespace that makes lots of things easier.
Then the code looks a bit simpler:
// create a context for a domain and define "base" container to use
PrincipalContext ctx = new PrincipalContext(ContextType.Domain,
"celtestdom", "CN=Users,DC=celtestdom,DC=local");
// create a user principal object
UserPrincipal user = new UserPrincipal(ctx, "NewUser", "pass@1w0rd01", true);
// assign some properties to the user principal
user.GivenName = "User";
user.Surname = "One";
// force the user to change password at next logon
user.ExpirePasswordNow();
// save the user to the directory
user.Save();
Check out more about the System.DirectoryServices.AccountManagement
(S.DS.AM) namespace here:
- Managing Directory Security Principals in the .NET Framework 3.5
- MSDN docs on System.DirectoryServices.AccountManagement
Pickle
Updated on June 04, 2022Comments
-
Pickle almost 2 years
I'm writing an application that will add users to Active Directory. I'm trying to use this code to connect to the "Users" shared folder in AD
LDAP://celtestdomdc1.celtestdom.local/CN=Users,DC=celtestdom,DC=local
However it adds the user in with the shared folders, instead of within the "Users" shared folder. Shouldn't CN=Users mean it will add it to the "Users" folder?
Thanks