Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Creating Active Directory Accounts Dynamically - Mandatory Profile

Posted on 2004-08-23
11
Medium Priority
?
351 Views
Last Modified: 2010-04-13
We are dynamically creating active directory accounts using a DirectoryEntry object. (similar to the example found in Wrox Professional C#)

Here is some sample code :

DirectoryEntry de = new DirectoryEntry();
de.Path = "LDAP//server/CN=Users, DC=mydomain, DC=com";

DirectoryEntries users = de.Children;

DirectoryEntry user = users.Add("CN=John Doe", "user");

user.Properties["samAccountName".Add("JDoe");
user.Properties"givenName"].Add("John");
user.Properties["sn"].Add("Doe");
etc....


How would we go about forcing this user we are creating to use a mandatory profile?

Thanks.
0
Comment
Question by:mrichmon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
11 Comments
 
LVL 2

Expert Comment

by:Ranidae
ID: 11882392
Hi,

the way to created mandatory profiles involves first logging on as a user.  Open all aplications that the user will need to ensure any profile stuff will be added.

Then, logoff.

Copy the content of this users profile to the location where you wish to have your mandatory profile.

Set permissions on the folder to everyone read & execute.

Rename ntuser.dat to ntuser.man

Point the newly created John Doe accounts profile to the location of the newly created mandatory profile.

Enjoy.
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11884053
That is not what I was asking.

I know the manual process to make the user use a mandatory profile.

I want to know how to do it when creating the account dynamically during acocunt creation since this is programatically done.
0
 
LVL 2

Accepted Solution

by:
Ranidae earned 2000 total points
ID: 11888330
In Vb Script throught WSH, we simply add the profile path:

objuserr.Put "profilepath", "\\410edu01\profiles\students\" & username

or in your case, direct it to the mandatory profile.
0
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

 
LVL 3

Expert Comment

by:JonIU17
ID: 11918728
Here's another good way to do multiple users at once very easily within the same OU.  

http://www.jsiinc.com/subp/tip7700/rh7785.htm

0
 
LVL 35

Author Comment

by:mrichmon
ID: 11954744
Sorry - got pulled away I should have a chance to test this soon, but from what I have seen I think Raindae your answer will be close.

It am guessing I will do this :

DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName + " [" + username+ "]", "user");
....
user.Properties["profilePath"].Value = "\\myserver\myprofileshare\mandatoryprofile.man\";

which should work (the above is C# whereas yours was VB)

After I test I will award you the points assuming this works.
0
 
LVL 2

Expert Comment

by:Ranidae
ID: 11955936
You typically don't need to point directly to the Man file... only to the folder the file is in... user profiles are contained within the folder and windows know to look for the *.dat or *.man files
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11956379
that is the folder. :o)

It is what is called a "Required Mandatory Profile" which is actually a step beyond simple mandatory profiles and that is indicated by a .man in the profile folder path name as well as changing the .dat to .man
0
 
LVL 2

Expert Comment

by:Ranidae
ID: 11958926
Sorry... thought you meant the actual ntuser file...
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11958964
no probelm :o)
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11966593
Okay for future readers following this thread here is the actual code that needs to be used to get this to work properly when creating a user account from scratch:

(C# code)

DirectoryEntry de = new DirectoryEntry();

// Set credentials of an AD account that is priveledged to be able to create users
de.Username = username;
de.Password = password;

// Set active LDAP path
de.Path = LDAPpath;

// Assign the users in the LDAPpath to a variable so we can manipulate it (add users)
DirectoryEntries users = de.Children;

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name
user.Properties["userPassword"].Add(password);

// Commit changes so far so we can then add additonal account properties
user.CommitChanges();

// Set the account to be a "normal account" (0x10000)
user.Properties["userAccountControl"].Value = ((int) user.Properties["userAccountControl"].Value) | 0x10000;

// Set the "account disable" to false (account disable = 0x2)
user.Properties["userAccountControl"].Value = ((int) user.Properties["userAccountControl"].Value) & ~0x2;

// Set profile path
user.Properties["profilePath"].Add(ProfilePath);

// Commit final changes
user.CommitChanges();

0
 
LVL 35

Author Comment

by:mrichmon
ID: 11966617
And you need :

using System.DirectoryServices;
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question