?
Solved

Problems setting password when creating AD user

Posted on 2004-09-03
11
Medium Priority
?
2,116 Views
Last Modified: 2011-05-16
I have been trying everything to create a user account with ASP.NET C# and have it successfully set the password.  It is not working.  Looking all over the web it appears that many people are having this problem.  Note that the problem is not restricted to C#.

Initially I tried the code in the WROX book "Professional C# 2nd Edtition" which is as follows :

DirectoryEntry de = new DirectoryEntry();

// Set credentials of an AD account that is priveledged to be able to create users
de.Username = username;
de.Password = password;

// Set active LDAP path
de.Path = LDAPpath;

// Assign the users in the LDAPpath to a variable so we can manipulate it (add users)
DirectoryEntries users = de.Children;

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name
user.Properties["userPassword"].Add(Mypassword);

// Commit changes
user.CommitChanges();

This does not produce an error, but leaves the password blank.

Next I tried moving the password line to after commiting the changes like this :

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name

// Commit changes
user.CommitChanges();

user.Properties["userPassword"].Add(Mypassword);
// Commit password changes
user.CommitChanges();

But this had the same result.

So then I tried the following code after the first CommitChanges():
user.Invoke("SetPassword", new object[] {Mypassword});

and it worked....  Only Once.

When I tried to set a second account it failed with the error :

-----------------------------------
 One or more input parameters are invalid
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: One or more input parameters are invalid
----------------------------------

This pattern of  allowing one and then failing on a second or more one is repeatable, but you have to wait a long time - or restart services - to get the "first one" to work.

I also tried it like this :
user.Invoke("SetPassword", Mypassword);

with the same results - 1st one worked - subsequent ones didn't.

So next I tried the code from this page :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adam/adam/setting_a_user_password.asp

But always got the error "The server is unwilling to process your request."

Finally I tried this code :

ActiveDs.IADsUser tester = (ActiveDs.IADsUser)user.NativeObject;
tester.SetPassword(Mypassword);

And again got the "first one" to work with the subsequent ones erroring, but the error this time was :

------------------------------------------
 Exception from HRESULT: 0x80005008.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: Exception from HRESULT: 0x80005008.
-------------------------------------------


After searching all of these errors on the web (and even just how to set the password) I found that MANY MANY people are having this exact problem.

I found one page :
http://www.gotdotnet.com/Community/MessageBoard/Thread.aspx?id=157773

That indicated that Microsoft had a hotfix for this issue. However, it also mentions that the fix will be included in the next .NET Framework service pack, which came out this week and we installed it.

Any ideas on how to get this to work?
0
Comment
Question by:mrichmon
  • 5
  • 4
10 Comments
 
LVL 35

Author Comment

by:mrichmon
ID: 11975403
Workaround (although NOT a fix) :

Instead of setting the password you can use the fact that it defaults to blank and then change it like so :

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name

// Commit changes
user.CommitChanges();

ActiveDs.IADsUser tester = (ActiveDs.IADsUser)user.NativeObject;
tester.ChangePassword("", Mypassword);

// Commit password changes
user.CommitChanges();
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12183670
Anyone?
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12189818
mrichmon,
are you still finding a solution for this question?
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 35

Author Comment

by:mrichmon
ID: 12191475
Yes I would still like an actual fix for this rather than just a work-around, but I think that may not be possible based on somethings I have heard on Microsoft newsgroups...
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12310457

Hi mrichmon,

After read your first post, I remembered that I came across to this problem before. I couldn't create a new user account and set password at once, but user account has to be created first, then set password, then set other account flags.

The following code should work without any error and leaves user account password blank. My guess for you is that this is the correct behaviour (if it's not a bug). Since a new created user account is always disabled and has pwdLastSet equal to 0 which means user must change password at the next logon and at this point any password set is ignored.

user.Properties["sAMAccountName"].Add(username);
user.Properties["givenName"].Add(FirstName);
user.Properties["sn"].Add(LastName);
user.Properties["userPassword"].Add(Mypassword);
user.CommitChanges();

I'm not sure what is exactly the problem you have, but it seems the binding user account has no enough permission to call SetPassword. The code below is to create a new user account and I have a similar code which is running in my production server without any problem.

class MyClass
{
      private const int ADS_UF_ACCOUNTDISABLEADS_UF_ACCOUNTDISABLE =  2;

      [STAThread]
      static void Main(string[] args)
      {
            String ldapPath = "LDAP://myMachine:389/CN=Users,DC=myDomain,DC=local";
            DirectoryEntry users = null;
            DirectoryEntry user  = null;
            try
            {
                  users = new DirectoryEntry();
                  users.Username = @"myDomain\admin";
                  users.Password = "Abcde123";
                  users.Path = ldapPath;
                  users.AuthenticationType = AuthenticationTypes.ServerBind;
                  users.RefreshCache();

                  user = users.Children.Add( "TestUser", "user" );

                  user.Properties["sAMAccountName"].Value = "TestUser";
                  user.Properties["givenName"].Value = "myFirstName";
                  user.Properties["sn"].Value = "myLastName";
                  user.CommitChanges();

                  user.Invoke( "SetPassword", new object[] { "Abcde123" } );
                  user.CommitChanges();

                  user.RefreshCache( new String[] { "userAccountControl" } );
                  int f = 0;
                  if ( user.Properties.Contains("userAccountControl") ) {
                        f = (int) user.Properties["userAccountControl"].Value;
                        user.Properties["userAccountControl"].Value = f & ~ADS_UF_ACCOUNTDISABLEADS_UF_ACCOUNTDISABLE;
                  }
                  user.CommitChanges();

            }
            catch (COMException)
            {
                  throw;
            }
            finally
            {
                  if ( users != null ) { users.Close(); users.Dispose(); }
                  if ( user != null ) { user.Close(); user.Dispose(); }
            }
            Console.Read();
      }
}
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12310494
Actually that code doesn't work.

There is a bug that causes it to work about once per server/service restart - then it throws a heap error.

A lot of people have mentioned this bug.  One person mentioned that Microsoft gave them a hotfix, but that it has not been publically released yet...
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12310545

I tried your code several times, just now..I don't seem have any exception except couldn't get the password set properly. I'm working with Windows 2003.
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12310571
And this is the code I used,

user.Properties["sAMAccountName"].Value = username;
user.Properties["givenName"].Value = FirstName;
user.Properties["sn"].Value = LastName;
user.Properties["userPassword"].Value  = Mypassword;
user.CommitChanges();
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12311041
Yes my servers were win 2003 also.

No that code doesn't actually set the password as I noted.

The code I ended up using as a work around used the ChangePassword command (see my first follow-up post to this one...)
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12574183
Closed, 500 points refunded.

modulo
Community Support Moderator
Experts Exchange
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
MSSQL DB-maintenance also needs implementation of multiple activities. However, unprecedented errors can hamper the database management. In that case, deploying Stellar SQL Database Toolkit ensures fast and accurate database and backup repair as wel…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question