?
Solved

Problems setting password when creating AD user

Posted on 2004-09-03
11
Medium Priority
?
2,068 Views
Last Modified: 2011-05-16
I have been trying everything to create a user account with ASP.NET C# and have it successfully set the password.  It is not working.  Looking all over the web it appears that many people are having this problem.  Note that the problem is not restricted to C#.

Initially I tried the code in the WROX book "Professional C# 2nd Edtition" which is as follows :

DirectoryEntry de = new DirectoryEntry();

// Set credentials of an AD account that is priveledged to be able to create users
de.Username = username;
de.Password = password;

// Set active LDAP path
de.Path = LDAPpath;

// Assign the users in the LDAPpath to a variable so we can manipulate it (add users)
DirectoryEntries users = de.Children;

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name
user.Properties["userPassword"].Add(Mypassword);

// Commit changes
user.CommitChanges();

This does not produce an error, but leaves the password blank.

Next I tried moving the password line to after commiting the changes like this :

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name

// Commit changes
user.CommitChanges();

user.Properties["userPassword"].Add(Mypassword);
// Commit password changes
user.CommitChanges();

But this had the same result.

So then I tried the following code after the first CommitChanges():
user.Invoke("SetPassword", new object[] {Mypassword});

and it worked....  Only Once.

When I tried to set a second account it failed with the error :

-----------------------------------
 One or more input parameters are invalid
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: One or more input parameters are invalid
----------------------------------

This pattern of  allowing one and then failing on a second or more one is repeatable, but you have to wait a long time - or restart services - to get the "first one" to work.

I also tried it like this :
user.Invoke("SetPassword", Mypassword);

with the same results - 1st one worked - subsequent ones didn't.

So next I tried the code from this page :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adam/adam/setting_a_user_password.asp

But always got the error "The server is unwilling to process your request."

Finally I tried this code :

ActiveDs.IADsUser tester = (ActiveDs.IADsUser)user.NativeObject;
tester.SetPassword(Mypassword);

And again got the "first one" to work with the subsequent ones erroring, but the error this time was :

------------------------------------------
 Exception from HRESULT: 0x80005008.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: Exception from HRESULT: 0x80005008.
-------------------------------------------


After searching all of these errors on the web (and even just how to set the password) I found that MANY MANY people are having this exact problem.

I found one page :
http://www.gotdotnet.com/Community/MessageBoard/Thread.aspx?id=157773

That indicated that Microsoft had a hotfix for this issue. However, it also mentions that the fix will be included in the next .NET Framework service pack, which came out this week and we installed it.

Any ideas on how to get this to work?
0
Comment
Question by:mrichmon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
11 Comments
 
LVL 35

Author Comment

by:mrichmon
ID: 11975403
Workaround (although NOT a fix) :

Instead of setting the password you can use the fact that it defaults to blank and then change it like so :

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name

// Commit changes
user.CommitChanges();

ActiveDs.IADsUser tester = (ActiveDs.IADsUser)user.NativeObject;
tester.ChangePassword("", Mypassword);

// Commit password changes
user.CommitChanges();
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12183670
Anyone?
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12189818
mrichmon,
are you still finding a solution for this question?
0
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

 
LVL 35

Author Comment

by:mrichmon
ID: 12191475
Yes I would still like an actual fix for this rather than just a work-around, but I think that may not be possible based on somethings I have heard on Microsoft newsgroups...
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12310457

Hi mrichmon,

After read your first post, I remembered that I came across to this problem before. I couldn't create a new user account and set password at once, but user account has to be created first, then set password, then set other account flags.

The following code should work without any error and leaves user account password blank. My guess for you is that this is the correct behaviour (if it's not a bug). Since a new created user account is always disabled and has pwdLastSet equal to 0 which means user must change password at the next logon and at this point any password set is ignored.

user.Properties["sAMAccountName"].Add(username);
user.Properties["givenName"].Add(FirstName);
user.Properties["sn"].Add(LastName);
user.Properties["userPassword"].Add(Mypassword);
user.CommitChanges();

I'm not sure what is exactly the problem you have, but it seems the binding user account has no enough permission to call SetPassword. The code below is to create a new user account and I have a similar code which is running in my production server without any problem.

class MyClass
{
      private const int ADS_UF_ACCOUNTDISABLEADS_UF_ACCOUNTDISABLE =  2;

      [STAThread]
      static void Main(string[] args)
      {
            String ldapPath = "LDAP://myMachine:389/CN=Users,DC=myDomain,DC=local";
            DirectoryEntry users = null;
            DirectoryEntry user  = null;
            try
            {
                  users = new DirectoryEntry();
                  users.Username = @"myDomain\admin";
                  users.Password = "Abcde123";
                  users.Path = ldapPath;
                  users.AuthenticationType = AuthenticationTypes.ServerBind;
                  users.RefreshCache();

                  user = users.Children.Add( "TestUser", "user" );

                  user.Properties["sAMAccountName"].Value = "TestUser";
                  user.Properties["givenName"].Value = "myFirstName";
                  user.Properties["sn"].Value = "myLastName";
                  user.CommitChanges();

                  user.Invoke( "SetPassword", new object[] { "Abcde123" } );
                  user.CommitChanges();

                  user.RefreshCache( new String[] { "userAccountControl" } );
                  int f = 0;
                  if ( user.Properties.Contains("userAccountControl") ) {
                        f = (int) user.Properties["userAccountControl"].Value;
                        user.Properties["userAccountControl"].Value = f & ~ADS_UF_ACCOUNTDISABLEADS_UF_ACCOUNTDISABLE;
                  }
                  user.CommitChanges();

            }
            catch (COMException)
            {
                  throw;
            }
            finally
            {
                  if ( users != null ) { users.Close(); users.Dispose(); }
                  if ( user != null ) { user.Close(); user.Dispose(); }
            }
            Console.Read();
      }
}
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12310494
Actually that code doesn't work.

There is a bug that causes it to work about once per server/service restart - then it throws a heap error.

A lot of people have mentioned this bug.  One person mentioned that Microsoft gave them a hotfix, but that it has not been publically released yet...
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12310545

I tried your code several times, just now..I don't seem have any exception except couldn't get the password set properly. I'm working with Windows 2003.
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12310571
And this is the code I used,

user.Properties["sAMAccountName"].Value = username;
user.Properties["givenName"].Value = FirstName;
user.Properties["sn"].Value = LastName;
user.Properties["userPassword"].Value  = Mypassword;
user.CommitChanges();
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12311041
Yes my servers were win 2003 also.

No that code doesn't actually set the password as I noted.

The code I ended up using as a work around used the ChangePassword command (see my first follow-up post to this one...)
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12574183
Closed, 500 points refunded.

modulo
Community Support Moderator
Experts Exchange
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question