Solved

Creating Active Directory Accounts Dynamically - Mandatory Profile

Posted on 2004-08-23
11
347 Views
Last Modified: 2010-04-13
We are dynamically creating active directory accounts using a DirectoryEntry object. (similar to the example found in Wrox Professional C#)

Here is some sample code :

DirectoryEntry de = new DirectoryEntry();
de.Path = "LDAP//server/CN=Users, DC=mydomain, DC=com";

DirectoryEntries users = de.Children;

DirectoryEntry user = users.Add("CN=John Doe", "user");

user.Properties["samAccountName".Add("JDoe");
user.Properties"givenName"].Add("John");
user.Properties["sn"].Add("Doe");
etc....


How would we go about forcing this user we are creating to use a mandatory profile?

Thanks.
0
Comment
Question by:mrichmon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
11 Comments
 
LVL 2

Expert Comment

by:Ranidae
ID: 11882392
Hi,

the way to created mandatory profiles involves first logging on as a user.  Open all aplications that the user will need to ensure any profile stuff will be added.

Then, logoff.

Copy the content of this users profile to the location where you wish to have your mandatory profile.

Set permissions on the folder to everyone read & execute.

Rename ntuser.dat to ntuser.man

Point the newly created John Doe accounts profile to the location of the newly created mandatory profile.

Enjoy.
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11884053
That is not what I was asking.

I know the manual process to make the user use a mandatory profile.

I want to know how to do it when creating the account dynamically during acocunt creation since this is programatically done.
0
 
LVL 2

Accepted Solution

by:
Ranidae earned 500 total points
ID: 11888330
In Vb Script throught WSH, we simply add the profile path:

objuserr.Put "profilepath", "\\410edu01\profiles\students\" & username

or in your case, direct it to the mandatory profile.
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 3

Expert Comment

by:JonIU17
ID: 11918728
Here's another good way to do multiple users at once very easily within the same OU.  

http://www.jsiinc.com/subp/tip7700/rh7785.htm

0
 
LVL 35

Author Comment

by:mrichmon
ID: 11954744
Sorry - got pulled away I should have a chance to test this soon, but from what I have seen I think Raindae your answer will be close.

It am guessing I will do this :

DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName + " [" + username+ "]", "user");
....
user.Properties["profilePath"].Value = "\\myserver\myprofileshare\mandatoryprofile.man\";

which should work (the above is C# whereas yours was VB)

After I test I will award you the points assuming this works.
0
 
LVL 2

Expert Comment

by:Ranidae
ID: 11955936
You typically don't need to point directly to the Man file... only to the folder the file is in... user profiles are contained within the folder and windows know to look for the *.dat or *.man files
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11956379
that is the folder. :o)

It is what is called a "Required Mandatory Profile" which is actually a step beyond simple mandatory profiles and that is indicated by a .man in the profile folder path name as well as changing the .dat to .man
0
 
LVL 2

Expert Comment

by:Ranidae
ID: 11958926
Sorry... thought you meant the actual ntuser file...
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11958964
no probelm :o)
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11966593
Okay for future readers following this thread here is the actual code that needs to be used to get this to work properly when creating a user account from scratch:

(C# code)

DirectoryEntry de = new DirectoryEntry();

// Set credentials of an AD account that is priveledged to be able to create users
de.Username = username;
de.Password = password;

// Set active LDAP path
de.Path = LDAPpath;

// Assign the users in the LDAPpath to a variable so we can manipulate it (add users)
DirectoryEntries users = de.Children;

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name
user.Properties["userPassword"].Add(password);

// Commit changes so far so we can then add additonal account properties
user.CommitChanges();

// Set the account to be a "normal account" (0x10000)
user.Properties["userAccountControl"].Value = ((int) user.Properties["userAccountControl"].Value) | 0x10000;

// Set the "account disable" to false (account disable = 0x2)
user.Properties["userAccountControl"].Value = ((int) user.Properties["userAccountControl"].Value) & ~0x2;

// Set profile path
user.Properties["profilePath"].Add(ProfilePath);

// Commit final changes
user.CommitChanges();

0
 
LVL 35

Author Comment

by:mrichmon
ID: 11966617
And you need :

using System.DirectoryServices;
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question