Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 448
  • Last Modified:

Active directory programming - setting user password

I have the following code :

(C# code)

DirectoryEntry de = new DirectoryEntry();

// Set credentials of an AD account that is priveledged to be able to create users
de.Username = username;
de.Password = password;

// Set active LDAP path
de.Path = LDAPpath;

// Assign the users in the LDAPpath to a variable so we can manipulate it (add users)
DirectoryEntries users = de.Children;

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name
user.Properties["userPassword"].Add(password);

// Commit changes so far so we can then add additonal account properties
user.CommitChanges();

// Set the account to be a "normal account" (0x10000)
user.Properties["userAccountControl"].Value = ((int) user.Properties["userAccountControl"].Value) | 0x10000;

// Set the "account disable" to false (account disable = 0x2)
user.Properties["userAccountControl"].Value = ((int) user.Properties["userAccountControl"].Value) & ~0x2;

// Set profile path
user.Properties["profilePath"].Add(ProfilePath);

// Commit final changes
user.CommitChanges();


However, I have found out that it doesn't work.

The account is created, but I cannot log in using the password that was set in this line :
user.Properties["userPassword"].Add(password);


This code is basically adapted from the WROX Professional C# 2nd edition book and they use that method to set the password.

I even tried hardcoding in a string - no luck.

Any ideas on how to create a password for a new account created in programatically?

PS If I go onto the Domain controller and reset the password for the account then it works so I know that other than the password the account is getting correctly created.

Thanks.
0
mrichmon
Asked:
mrichmon
  • 2
  • 2
1 Solution
 
eternal_21Commented:
Instead of:

  user.Properties["userPassword"].Add(password);

Try this:

  user.Invoke("SetPassword", new object[] {password});
0
 
mrichmonAuthor Commented:
The answer was that I needed to commit changes after setting the userPrincipalName before it allows the pasword to be set - otherwise it sets the password to blank.
0
 
eternal_21Commented:
Did you try using user.Invoke("SetPassword", new object[] {password}) *before* doing your commit?
0
 
mrichmonAuthor Commented:
yes.

didn't  work.

In both cases the commitchanges needed to happen BEFORE any password commands could be issued.  I actually found documentation from Microsoft verifying this.

It was not true on Win NT 4, but is true of the newer AD domains according to the article....
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now