Solved

Creating Active Directory Accounts Dynamically - Mandatory Profile

Posted on 2004-08-23
11
344 Views
Last Modified: 2010-04-13
We are dynamically creating active directory accounts using a DirectoryEntry object. (similar to the example found in Wrox Professional C#)

Here is some sample code :

DirectoryEntry de = new DirectoryEntry();
de.Path = "LDAP//server/CN=Users, DC=mydomain, DC=com";

DirectoryEntries users = de.Children;

DirectoryEntry user = users.Add("CN=John Doe", "user");

user.Properties["samAccountName".Add("JDoe");
user.Properties"givenName"].Add("John");
user.Properties["sn"].Add("Doe");
etc....


How would we go about forcing this user we are creating to use a mandatory profile?

Thanks.
0
Comment
Question by:mrichmon
  • 6
  • 4
11 Comments
 
LVL 2

Expert Comment

by:Ranidae
ID: 11882392
Hi,

the way to created mandatory profiles involves first logging on as a user.  Open all aplications that the user will need to ensure any profile stuff will be added.

Then, logoff.

Copy the content of this users profile to the location where you wish to have your mandatory profile.

Set permissions on the folder to everyone read & execute.

Rename ntuser.dat to ntuser.man

Point the newly created John Doe accounts profile to the location of the newly created mandatory profile.

Enjoy.
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11884053
That is not what I was asking.

I know the manual process to make the user use a mandatory profile.

I want to know how to do it when creating the account dynamically during acocunt creation since this is programatically done.
0
 
LVL 2

Accepted Solution

by:
Ranidae earned 500 total points
ID: 11888330
In Vb Script throught WSH, we simply add the profile path:

objuserr.Put "profilepath", "\\410edu01\profiles\students\" & username

or in your case, direct it to the mandatory profile.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 3

Expert Comment

by:JonIU17
ID: 11918728
Here's another good way to do multiple users at once very easily within the same OU.  

http://www.jsiinc.com/subp/tip7700/rh7785.htm

0
 
LVL 35

Author Comment

by:mrichmon
ID: 11954744
Sorry - got pulled away I should have a chance to test this soon, but from what I have seen I think Raindae your answer will be close.

It am guessing I will do this :

DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName + " [" + username+ "]", "user");
....
user.Properties["profilePath"].Value = "\\myserver\myprofileshare\mandatoryprofile.man\";

which should work (the above is C# whereas yours was VB)

After I test I will award you the points assuming this works.
0
 
LVL 2

Expert Comment

by:Ranidae
ID: 11955936
You typically don't need to point directly to the Man file... only to the folder the file is in... user profiles are contained within the folder and windows know to look for the *.dat or *.man files
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11956379
that is the folder. :o)

It is what is called a "Required Mandatory Profile" which is actually a step beyond simple mandatory profiles and that is indicated by a .man in the profile folder path name as well as changing the .dat to .man
0
 
LVL 2

Expert Comment

by:Ranidae
ID: 11958926
Sorry... thought you meant the actual ntuser file...
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11958964
no probelm :o)
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11966593
Okay for future readers following this thread here is the actual code that needs to be used to get this to work properly when creating a user account from scratch:

(C# code)

DirectoryEntry de = new DirectoryEntry();

// Set credentials of an AD account that is priveledged to be able to create users
de.Username = username;
de.Password = password;

// Set active LDAP path
de.Path = LDAPpath;

// Assign the users in the LDAPpath to a variable so we can manipulate it (add users)
DirectoryEntries users = de.Children;

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name
user.Properties["userPassword"].Add(password);

// Commit changes so far so we can then add additonal account properties
user.CommitChanges();

// Set the account to be a "normal account" (0x10000)
user.Properties["userAccountControl"].Value = ((int) user.Properties["userAccountControl"].Value) | 0x10000;

// Set the "account disable" to false (account disable = 0x2)
user.Properties["userAccountControl"].Value = ((int) user.Properties["userAccountControl"].Value) & ~0x2;

// Set profile path
user.Properties["profilePath"].Add(ProfilePath);

// Commit final changes
user.CommitChanges();

0
 
LVL 35

Author Comment

by:mrichmon
ID: 11966617
And you need :

using System.DirectoryServices;
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Building a cohesive image for your brand is vital to making an impression on consumers. When the economy is tough, brands do better than unbranded  products. This can have a huge impact on your long-term profits, as the economy goes up and down.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question