• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 353
  • Last Modified:

Creating Active Directory Accounts Dynamically - Mandatory Profile

We are dynamically creating active directory accounts using a DirectoryEntry object. (similar to the example found in Wrox Professional C#)

Here is some sample code :

DirectoryEntry de = new DirectoryEntry();
de.Path = "LDAP//server/CN=Users, DC=mydomain, DC=com";

DirectoryEntries users = de.Children;

DirectoryEntry user = users.Add("CN=John Doe", "user");

user.Properties["samAccountName".Add("JDoe");
user.Properties"givenName"].Add("John");
user.Properties["sn"].Add("Doe");
etc....


How would we go about forcing this user we are creating to use a mandatory profile?

Thanks.
0
mrichmon
Asked:
mrichmon
  • 6
  • 4
1 Solution
 
RanidaeCommented:
Hi,

the way to created mandatory profiles involves first logging on as a user.  Open all aplications that the user will need to ensure any profile stuff will be added.

Then, logoff.

Copy the content of this users profile to the location where you wish to have your mandatory profile.

Set permissions on the folder to everyone read & execute.

Rename ntuser.dat to ntuser.man

Point the newly created John Doe accounts profile to the location of the newly created mandatory profile.

Enjoy.
0
 
mrichmonAuthor Commented:
That is not what I was asking.

I know the manual process to make the user use a mandatory profile.

I want to know how to do it when creating the account dynamically during acocunt creation since this is programatically done.
0
 
RanidaeCommented:
In Vb Script throught WSH, we simply add the profile path:

objuserr.Put "profilepath", "\\410edu01\profiles\students\" & username

or in your case, direct it to the mandatory profile.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
JonIU17Commented:
Here's another good way to do multiple users at once very easily within the same OU.  

http://www.jsiinc.com/subp/tip7700/rh7785.htm

0
 
mrichmonAuthor Commented:
Sorry - got pulled away I should have a chance to test this soon, but from what I have seen I think Raindae your answer will be close.

It am guessing I will do this :

DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName + " [" + username+ "]", "user");
....
user.Properties["profilePath"].Value = "\\myserver\myprofileshare\mandatoryprofile.man\";

which should work (the above is C# whereas yours was VB)

After I test I will award you the points assuming this works.
0
 
RanidaeCommented:
You typically don't need to point directly to the Man file... only to the folder the file is in... user profiles are contained within the folder and windows know to look for the *.dat or *.man files
0
 
mrichmonAuthor Commented:
that is the folder. :o)

It is what is called a "Required Mandatory Profile" which is actually a step beyond simple mandatory profiles and that is indicated by a .man in the profile folder path name as well as changing the .dat to .man
0
 
RanidaeCommented:
Sorry... thought you meant the actual ntuser file...
0
 
mrichmonAuthor Commented:
no probelm :o)
0
 
mrichmonAuthor Commented:
Okay for future readers following this thread here is the actual code that needs to be used to get this to work properly when creating a user account from scratch:

(C# code)

DirectoryEntry de = new DirectoryEntry();

// Set credentials of an AD account that is priveledged to be able to create users
de.Username = username;
de.Password = password;

// Set active LDAP path
de.Path = LDAPpath;

// Assign the users in the LDAPpath to a variable so we can manipulate it (add users)
DirectoryEntries users = de.Children;

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name
user.Properties["userPassword"].Add(password);

// Commit changes so far so we can then add additonal account properties
user.CommitChanges();

// Set the account to be a "normal account" (0x10000)
user.Properties["userAccountControl"].Value = ((int) user.Properties["userAccountControl"].Value) | 0x10000;

// Set the "account disable" to false (account disable = 0x2)
user.Properties["userAccountControl"].Value = ((int) user.Properties["userAccountControl"].Value) & ~0x2;

// Set profile path
user.Properties["profilePath"].Add(ProfilePath);

// Commit final changes
user.CommitChanges();

0
 
mrichmonAuthor Commented:
And you need :

using System.DirectoryServices;
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now