Solved

Problems setting password when creating AD user

Posted on 2004-09-03
11
2,001 Views
Last Modified: 2011-05-16
I have been trying everything to create a user account with ASP.NET C# and have it successfully set the password.  It is not working.  Looking all over the web it appears that many people are having this problem.  Note that the problem is not restricted to C#.

Initially I tried the code in the WROX book "Professional C# 2nd Edtition" which is as follows :

DirectoryEntry de = new DirectoryEntry();

// Set credentials of an AD account that is priveledged to be able to create users
de.Username = username;
de.Password = password;

// Set active LDAP path
de.Path = LDAPpath;

// Assign the users in the LDAPpath to a variable so we can manipulate it (add users)
DirectoryEntries users = de.Children;

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name
user.Properties["userPassword"].Add(Mypassword);

// Commit changes
user.CommitChanges();

This does not produce an error, but leaves the password blank.

Next I tried moving the password line to after commiting the changes like this :

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name

// Commit changes
user.CommitChanges();

user.Properties["userPassword"].Add(Mypassword);
// Commit password changes
user.CommitChanges();

But this had the same result.

So then I tried the following code after the first CommitChanges():
user.Invoke("SetPassword", new object[] {Mypassword});

and it worked....  Only Once.

When I tried to set a second account it failed with the error :

-----------------------------------
 One or more input parameters are invalid
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: One or more input parameters are invalid
----------------------------------

This pattern of  allowing one and then failing on a second or more one is repeatable, but you have to wait a long time - or restart services - to get the "first one" to work.

I also tried it like this :
user.Invoke("SetPassword", Mypassword);

with the same results - 1st one worked - subsequent ones didn't.

So next I tried the code from this page :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adam/adam/setting_a_user_password.asp

But always got the error "The server is unwilling to process your request."

Finally I tried this code :

ActiveDs.IADsUser tester = (ActiveDs.IADsUser)user.NativeObject;
tester.SetPassword(Mypassword);

And again got the "first one" to work with the subsequent ones erroring, but the error this time was :

------------------------------------------
 Exception from HRESULT: 0x80005008.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: Exception from HRESULT: 0x80005008.
-------------------------------------------


After searching all of these errors on the web (and even just how to set the password) I found that MANY MANY people are having this exact problem.

I found one page :
http://www.gotdotnet.com/Community/MessageBoard/Thread.aspx?id=157773

That indicated that Microsoft had a hotfix for this issue. However, it also mentions that the fix will be included in the next .NET Framework service pack, which came out this week and we installed it.

Any ideas on how to get this to work?
0
Comment
Question by:mrichmon
  • 5
  • 4
11 Comments
 
LVL 35

Author Comment

by:mrichmon
ID: 11975403
Workaround (although NOT a fix) :

Instead of setting the password you can use the fact that it defaults to blank and then change it like so :

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name

// Commit changes
user.CommitChanges();

ActiveDs.IADsUser tester = (ActiveDs.IADsUser)user.NativeObject;
tester.ChangePassword("", Mypassword);

// Commit password changes
user.CommitChanges();
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12183670
Anyone?
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12189818
mrichmon,
are you still finding a solution for this question?
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12191475
Yes I would still like an actual fix for this rather than just a work-around, but I think that may not be possible based on somethings I have heard on Microsoft newsgroups...
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12310457

Hi mrichmon,

After read your first post, I remembered that I came across to this problem before. I couldn't create a new user account and set password at once, but user account has to be created first, then set password, then set other account flags.

The following code should work without any error and leaves user account password blank. My guess for you is that this is the correct behaviour (if it's not a bug). Since a new created user account is always disabled and has pwdLastSet equal to 0 which means user must change password at the next logon and at this point any password set is ignored.

user.Properties["sAMAccountName"].Add(username);
user.Properties["givenName"].Add(FirstName);
user.Properties["sn"].Add(LastName);
user.Properties["userPassword"].Add(Mypassword);
user.CommitChanges();

I'm not sure what is exactly the problem you have, but it seems the binding user account has no enough permission to call SetPassword. The code below is to create a new user account and I have a similar code which is running in my production server without any problem.

class MyClass
{
      private const int ADS_UF_ACCOUNTDISABLEADS_UF_ACCOUNTDISABLE =  2;

      [STAThread]
      static void Main(string[] args)
      {
            String ldapPath = "LDAP://myMachine:389/CN=Users,DC=myDomain,DC=local";
            DirectoryEntry users = null;
            DirectoryEntry user  = null;
            try
            {
                  users = new DirectoryEntry();
                  users.Username = @"myDomain\admin";
                  users.Password = "Abcde123";
                  users.Path = ldapPath;
                  users.AuthenticationType = AuthenticationTypes.ServerBind;
                  users.RefreshCache();

                  user = users.Children.Add( "TestUser", "user" );

                  user.Properties["sAMAccountName"].Value = "TestUser";
                  user.Properties["givenName"].Value = "myFirstName";
                  user.Properties["sn"].Value = "myLastName";
                  user.CommitChanges();

                  user.Invoke( "SetPassword", new object[] { "Abcde123" } );
                  user.CommitChanges();

                  user.RefreshCache( new String[] { "userAccountControl" } );
                  int f = 0;
                  if ( user.Properties.Contains("userAccountControl") ) {
                        f = (int) user.Properties["userAccountControl"].Value;
                        user.Properties["userAccountControl"].Value = f & ~ADS_UF_ACCOUNTDISABLEADS_UF_ACCOUNTDISABLE;
                  }
                  user.CommitChanges();

            }
            catch (COMException)
            {
                  throw;
            }
            finally
            {
                  if ( users != null ) { users.Close(); users.Dispose(); }
                  if ( user != null ) { user.Close(); user.Dispose(); }
            }
            Console.Read();
      }
}
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 35

Author Comment

by:mrichmon
ID: 12310494
Actually that code doesn't work.

There is a bug that causes it to work about once per server/service restart - then it throws a heap error.

A lot of people have mentioned this bug.  One person mentioned that Microsoft gave them a hotfix, but that it has not been publically released yet...
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12310545

I tried your code several times, just now..I don't seem have any exception except couldn't get the password set properly. I'm working with Windows 2003.
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12310571
And this is the code I used,

user.Properties["sAMAccountName"].Value = username;
user.Properties["givenName"].Value = FirstName;
user.Properties["sn"].Value = LastName;
user.Properties["userPassword"].Value  = Mypassword;
user.CommitChanges();
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12311041
Yes my servers were win 2003 also.

No that code doesn't actually set the password as I noted.

The code I ended up using as a work around used the ChangePassword command (see my first follow-up post to this one...)
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12574183
Closed, 500 points refunded.

modulo
Community Support Moderator
Experts Exchange
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This video discusses moving either the default database or any database to a new volume.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now