Active directory programming - setting user password

I have the following code :

(C# code)

DirectoryEntry de = new DirectoryEntry();

// Set credentials of an AD account that is priveledged to be able to create users
de.Username = username;
de.Password = password;

// Set active LDAP path
de.Path = LDAPpath;

// Assign the users in the LDAPpath to a variable so we can manipulate it (add users)
DirectoryEntries users = de.Children;

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name

// Commit changes so far so we can then add additonal account properties

// Set the account to be a "normal account" (0x10000)
user.Properties["userAccountControl"].Value = ((int) user.Properties["userAccountControl"].Value) | 0x10000;

// Set the "account disable" to false (account disable = 0x2)
user.Properties["userAccountControl"].Value = ((int) user.Properties["userAccountControl"].Value) & ~0x2;

// Set profile path

// Commit final changes

However, I have found out that it doesn't work.

The account is created, but I cannot log in using the password that was set in this line :

This code is basically adapted from the WROX Professional C# 2nd edition book and they use that method to set the password.

I even tried hardcoding in a string - no luck.

Any ideas on how to create a password for a new account created in programatically?

PS If I go onto the Domain controller and reset the password for the account then it works so I know that other than the password the account is getting correctly created.

LVL 35
Who is Participating?
mrichmonConnect With a Mentor Author Commented:
The answer was that I needed to commit changes after setting the userPrincipalName before it allows the pasword to be set - otherwise it sets the password to blank.
Instead of:


Try this:

  user.Invoke("SetPassword", new object[] {password});
Did you try using user.Invoke("SetPassword", new object[] {password}) *before* doing your commit?
mrichmonAuthor Commented:

didn't  work.

In both cases the commitchanges needed to happen BEFORE any password commands could be issued.  I actually found documentation from Microsoft verifying this.

It was not true on Win NT 4, but is true of the newer AD domains according to the article....
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.