Solved

Creating Active Directory Accounts Dynamically - Mandatory Profile

Posted on 2004-08-23
11
342 Views
Last Modified: 2010-04-13
We are dynamically creating active directory accounts using a DirectoryEntry object. (similar to the example found in Wrox Professional C#)

Here is some sample code :

DirectoryEntry de = new DirectoryEntry();
de.Path = "LDAP//server/CN=Users, DC=mydomain, DC=com";

DirectoryEntries users = de.Children;

DirectoryEntry user = users.Add("CN=John Doe", "user");

user.Properties["samAccountName".Add("JDoe");
user.Properties"givenName"].Add("John");
user.Properties["sn"].Add("Doe");
etc....


How would we go about forcing this user we are creating to use a mandatory profile?

Thanks.
0
Comment
Question by:mrichmon
  • 6
  • 4
11 Comments
 
LVL 2

Expert Comment

by:Ranidae
ID: 11882392
Hi,

the way to created mandatory profiles involves first logging on as a user.  Open all aplications that the user will need to ensure any profile stuff will be added.

Then, logoff.

Copy the content of this users profile to the location where you wish to have your mandatory profile.

Set permissions on the folder to everyone read & execute.

Rename ntuser.dat to ntuser.man

Point the newly created John Doe accounts profile to the location of the newly created mandatory profile.

Enjoy.
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11884053
That is not what I was asking.

I know the manual process to make the user use a mandatory profile.

I want to know how to do it when creating the account dynamically during acocunt creation since this is programatically done.
0
 
LVL 2

Accepted Solution

by:
Ranidae earned 500 total points
ID: 11888330
In Vb Script throught WSH, we simply add the profile path:

objuserr.Put "profilepath", "\\410edu01\profiles\students\" & username

or in your case, direct it to the mandatory profile.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 3

Expert Comment

by:JonIU17
ID: 11918728
Here's another good way to do multiple users at once very easily within the same OU.  

http://www.jsiinc.com/subp/tip7700/rh7785.htm

0
 
LVL 35

Author Comment

by:mrichmon
ID: 11954744
Sorry - got pulled away I should have a chance to test this soon, but from what I have seen I think Raindae your answer will be close.

It am guessing I will do this :

DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName + " [" + username+ "]", "user");
....
user.Properties["profilePath"].Value = "\\myserver\myprofileshare\mandatoryprofile.man\";

which should work (the above is C# whereas yours was VB)

After I test I will award you the points assuming this works.
0
 
LVL 2

Expert Comment

by:Ranidae
ID: 11955936
You typically don't need to point directly to the Man file... only to the folder the file is in... user profiles are contained within the folder and windows know to look for the *.dat or *.man files
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11956379
that is the folder. :o)

It is what is called a "Required Mandatory Profile" which is actually a step beyond simple mandatory profiles and that is indicated by a .man in the profile folder path name as well as changing the .dat to .man
0
 
LVL 2

Expert Comment

by:Ranidae
ID: 11958926
Sorry... thought you meant the actual ntuser file...
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11958964
no probelm :o)
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11966593
Okay for future readers following this thread here is the actual code that needs to be used to get this to work properly when creating a user account from scratch:

(C# code)

DirectoryEntry de = new DirectoryEntry();

// Set credentials of an AD account that is priveledged to be able to create users
de.Username = username;
de.Password = password;

// Set active LDAP path
de.Path = LDAPpath;

// Assign the users in the LDAPpath to a variable so we can manipulate it (add users)
DirectoryEntries users = de.Children;

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name
user.Properties["userPassword"].Add(password);

// Commit changes so far so we can then add additonal account properties
user.CommitChanges();

// Set the account to be a "normal account" (0x10000)
user.Properties["userAccountControl"].Value = ((int) user.Properties["userAccountControl"].Value) | 0x10000;

// Set the "account disable" to false (account disable = 0x2)
user.Properties["userAccountControl"].Value = ((int) user.Properties["userAccountControl"].Value) & ~0x2;

// Set profile path
user.Properties["profilePath"].Add(ProfilePath);

// Commit final changes
user.CommitChanges();

0
 
LVL 35

Author Comment

by:mrichmon
ID: 11966617
And you need :

using System.DirectoryServices;
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question