sellersjr
asked on
C++ Example For NetJoinDomain API Call
I found a question by Dan Kennedy which asked the following:
Hi,
Does anyone have any example code or information on programatically joining a computer to an NT/2000 domain using C code?
I'm looking for the names of API calls or example code (even better).
Thanks!
Comments were made about tne NetJoinDomain() API call in the answers to his question, however, I am unable to get the API to work properly.
Our situation is that we are adding computers that have NT and XP to our new Active Directory Domain. I am able to unjoin the computers programatically via the NetUnjoinDomain, but have not had luck joining the computers to the Active Directory. I end up with "ERROR_NONE_MAPPED: No mapping between account names and security IDs was done."
For simplicity purposes (or the KISS principle as it were...) I have the following to demonstrate what I was attempting (trimmed out of test program):
#ifndef UNICODE
#define UNICODE
#endif
#include <iostream>
#include <shlwapi.h>
#include "stdafx.h"
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <windows.h>
#include <lm.h>
#include "ntsecapi.h"
using std::string;
NET_API_STATUS fnTest() {
LPCWSTR ml_Domain ;
LPCWSTR ml_OUPath ;
LPCWSTR ml_UserName ;
LPCWSTR ml_UserPWD ;
NET_API_STATUS m_Result ;
ml_Domain = L"MFAD\\MFADIR00" ;
ml_OUPath = L"OU=EED,OU=Computers,OU=M
ml_UserName = L"MFAD\\Account"; // <-- Domain/Account here ;
ml_UserPWD = L"password"; // <-- PASSWORD HERE
m_Result = NetJoinDomain(NULL, ml_Domain,
ml_OUPath, ml_UserName,
ml_UserPWD,
NETSETUP_JOIN_DOMAIN
|| NETSETUP_ACCT_CREATE);
return m_Result;
}
As an alternate method I attempted:
WCHAR m_Domain[ 257] ;
WCHAR m_UserName[UNLEN+1] ;
WCHAR m_UserPWD[ PWLEN+1] ;
WCHAR m_OUPath[ 257] ;
char ms_UserName[UNLEN+1];
char ms_UserPWD[PWLEN+1];
char ms_OUPath[257];
char ms_Domain[257];
::ZeroMemory(ms_UserName, UNLEN);
::ZeroMemory(ms_UserPWD , PWLEN);
::ZeroMemory(ms_OUPath , 256);
::ZeroMemory(ms_Domain , 256);
sprintf(ms_UserName, "MFAD\\ACCOUNT");
sprintf(ms_UserPWD , "password"); //<-- PASSWORD HERE
sprintf(ms_OUPath , "OU=EED,OU=Computers,OU=MC
sprintf(ms_Domain , "MFAD\\MFADIR00");
MultiByteToWideChar( CP_ACP, 0, ms_UserName, strlen(ms_UserName)+1, m_UserName, sizeof(m_UserName)/sizeof(
MultiByteToWideChar( CP_ACP, 0, ms_UserPWD , strlen(ms_UserPWD )+1, m_UserPWD , sizeof(m_UserPWD )/sizeof(m_UserPWD[ 0]));
MultiByteToWideChar( CP_ACP, 0, ms_OUPath , strlen(ms_OUPath )+1, m_OUPath , sizeof(m_OUPath )/sizeof(m_OUPath[ 0]));
MultiByteToWideChar( CP_ACP, 0, ms_Domain , strlen(ms_Domain )+1, m_Domain , sizeof(m_Domain )/sizeof(m_Domain[ 0]));
m_Result = NetJoinDomain(NULL, m_Domain, m_OUPath, m_UserName, m_UserPWD, NETSETUP_JOIN_DOMAIN || NETSETUP_ACCT_CREATE);
With the same results...
Any Ideas, or have a sample of code that works?
Thanks,
Bob
Hi,
Does anyone have any example code or information on programatically joining a computer to an NT/2000 domain using C code?
I'm looking for the names of API calls or example code (even better).
Thanks!
Comments were made about tne NetJoinDomain() API call in the answers to his question, however, I am unable to get the API to work properly.
Our situation is that we are adding computers that have NT and XP to our new Active Directory Domain. I am able to unjoin the computers programatically via the NetUnjoinDomain, but have not had luck joining the computers to the Active Directory. I end up with "ERROR_NONE_MAPPED: No mapping between account names and security IDs was done."
For simplicity purposes (or the KISS principle as it were...) I have the following to demonstrate what I was attempting (trimmed out of test program):
#ifndef UNICODE
#define UNICODE
#endif
#include <iostream>
#include <shlwapi.h>
#include "stdafx.h"
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <windows.h>
#include <lm.h>
#include "ntsecapi.h"
using std::string;
NET_API_STATUS fnTest() {
LPCWSTR ml_Domain ;
LPCWSTR ml_OUPath ;
LPCWSTR ml_UserName ;
LPCWSTR ml_UserPWD ;
NET_API_STATUS m_Result ;
ml_Domain = L"MFAD\\MFADIR00" ;
ml_OUPath = L"OU=EED,OU=Computers,OU=M
ml_UserName = L"MFAD\\Account"; // <-- Domain/Account here ;
ml_UserPWD = L"password"; // <-- PASSWORD HERE
m_Result = NetJoinDomain(NULL, ml_Domain,
ml_OUPath, ml_UserName,
ml_UserPWD,
NETSETUP_JOIN_DOMAIN
|| NETSETUP_ACCT_CREATE);
return m_Result;
}
As an alternate method I attempted:
WCHAR m_Domain[ 257] ;
WCHAR m_UserName[UNLEN+1] ;
WCHAR m_UserPWD[ PWLEN+1] ;
WCHAR m_OUPath[ 257] ;
char ms_UserName[UNLEN+1];
char ms_UserPWD[PWLEN+1];
char ms_OUPath[257];
char ms_Domain[257];
::ZeroMemory(ms_UserName, UNLEN);
::ZeroMemory(ms_UserPWD , PWLEN);
::ZeroMemory(ms_OUPath , 256);
::ZeroMemory(ms_Domain , 256);
sprintf(ms_UserName, "MFAD\\ACCOUNT");
sprintf(ms_UserPWD , "password"); //<-- PASSWORD HERE
sprintf(ms_OUPath , "OU=EED,OU=Computers,OU=MC
sprintf(ms_Domain , "MFAD\\MFADIR00");
MultiByteToWideChar( CP_ACP, 0, ms_UserName, strlen(ms_UserName)+1, m_UserName, sizeof(m_UserName)/sizeof(
MultiByteToWideChar( CP_ACP, 0, ms_UserPWD , strlen(ms_UserPWD )+1, m_UserPWD , sizeof(m_UserPWD )/sizeof(m_UserPWD[ 0]));
MultiByteToWideChar( CP_ACP, 0, ms_OUPath , strlen(ms_OUPath )+1, m_OUPath , sizeof(m_OUPath )/sizeof(m_OUPath[ 0]));
MultiByteToWideChar( CP_ACP, 0, ms_Domain , strlen(ms_Domain )+1, m_Domain , sizeof(m_Domain )/sizeof(m_Domain[ 0]));
m_Result = NetJoinDomain(NULL, m_Domain, m_OUPath, m_UserName, m_UserPWD, NETSETUP_JOIN_DOMAIN || NETSETUP_ACCT_CREATE);
With the same results...
Any Ideas, or have a sample of code that works?
Thanks,
Bob
ERROR_NONE_MAPPED is a roundabout way of saying the user account could not be looked up.
Maybe take slightly smaller steps, just do the API to lookup the user sid first and see if that works?
Maybe take slightly smaller steps, just do the API to lookup the user sid first and see if that works?
ASKER
Although the join did work by changing MFAD\\MFADIR00 to MFAD, the issue is that we want to join the computers to a specific domain controller rather than the default controller. This is to avoid the delay caused by the addition replicating to the various domain controllers within MFAD.
Does NetJoinDomain allow connection to a specific controller? or just to the domain itself?
Does NetJoinDomain allow connection to a specific controller? or just to the domain itself?
ASKER
As an update of sorts, I was able to get the API call to work with MFAD\MFADIR00 on a system which had not been added to MFAD. The problem, apparently, may be part of replication and accounts.
Scenerio:
I add a computer to MFAD\MFADIR00 via API.
I use Active Directory Management to remove the account I just created.
I can run the program again and it re-adds the account.
Wait 10-20 minutes (replication time is around 15 minutes) and I then get the error I posted above ("ERROR_NONE_MAPPED: No mapping between account names and security IDs was done.").
A co-worker has a VB.Net application which calls the API with the same parameters that I use, and the VB.Net application adds the computer successfully every time.
To test my application I use the VB.Net to add the computer and then run mine -- and my code then works as the account exists in MFAD. (as the VB.Net program had previously created the account in MFAD)
Is there some difference in the API libraries when called from .Net?
Scenerio:
I add a computer to MFAD\MFADIR00 via API.
I use Active Directory Management to remove the account I just created.
I can run the program again and it re-adds the account.
Wait 10-20 minutes (replication time is around 15 minutes) and I then get the error I posted above ("ERROR_NONE_MAPPED: No mapping between account names and security IDs was done.").
A co-worker has a VB.Net application which calls the API with the same parameters that I use, and the VB.Net application adds the computer successfully every time.
To test my application I use the VB.Net to add the computer and then run mine -- and my code then works as the account exists in MFAD. (as the VB.Net program had previously created the account in MFAD)
Is there some difference in the API libraries when called from .Net?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will wear the Dunce cap for a while on that one... And I've looked at that line with others for longer than I should have...
Apparently it has been a while since I did bitwise ORs, and comparing it with VB code didn't help matters any...
I was able to join against a specific domain controller as well.
Many Thanks!
Bob
Apparently it has been a while since I did bitwise ORs, and comparing it with VB code didn't help matters any...
I was able to join against a specific domain controller as well.
Many Thanks!
Bob
>> I will wear the Dunce cap for a while on that one...
No need for that - we have a proverb here that hits the nail on the head by stating to be "unable to spot the forest because of all those trees around you" :o)
No need for that - we have a proverb here that hits the nail on the head by stating to be "unable to spot the forest because of all those trees around you" :o)
ml_Domain = L"MFAD" ;
ml_OUPath = L"OU=EED,OU=Computers,OU=M
ml_UserName = L"MFAD\\Account"; // <-- Domain/Account here ;
ml_UserPWD = L"password"; // <-- PASSWORD HERE