Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Problems setting password when creating AD user

Posted on 2004-09-03
11
Medium Priority
?
2,089 Views
Last Modified: 2011-05-16
I have been trying everything to create a user account with ASP.NET C# and have it successfully set the password.  It is not working.  Looking all over the web it appears that many people are having this problem.  Note that the problem is not restricted to C#.

Initially I tried the code in the WROX book "Professional C# 2nd Edtition" which is as follows :

DirectoryEntry de = new DirectoryEntry();

// Set credentials of an AD account that is priveledged to be able to create users
de.Username = username;
de.Password = password;

// Set active LDAP path
de.Path = LDAPpath;

// Assign the users in the LDAPpath to a variable so we can manipulate it (add users)
DirectoryEntries users = de.Children;

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name
user.Properties["userPassword"].Add(Mypassword);

// Commit changes
user.CommitChanges();

This does not produce an error, but leaves the password blank.

Next I tried moving the password line to after commiting the changes like this :

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name

// Commit changes
user.CommitChanges();

user.Properties["userPassword"].Add(Mypassword);
// Commit password changes
user.CommitChanges();

But this had the same result.

So then I tried the following code after the first CommitChanges():
user.Invoke("SetPassword", new object[] {Mypassword});

and it worked....  Only Once.

When I tried to set a second account it failed with the error :

-----------------------------------
 One or more input parameters are invalid
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: One or more input parameters are invalid
----------------------------------

This pattern of  allowing one and then failing on a second or more one is repeatable, but you have to wait a long time - or restart services - to get the "first one" to work.

I also tried it like this :
user.Invoke("SetPassword", Mypassword);

with the same results - 1st one worked - subsequent ones didn't.

So next I tried the code from this page :
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adam/adam/setting_a_user_password.asp

But always got the error "The server is unwilling to process your request."

Finally I tried this code :

ActiveDs.IADsUser tester = (ActiveDs.IADsUser)user.NativeObject;
tester.SetPassword(Mypassword);

And again got the "first one" to work with the subsequent ones erroring, but the error this time was :

------------------------------------------
 Exception from HRESULT: 0x80005008.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: Exception from HRESULT: 0x80005008.
-------------------------------------------


After searching all of these errors on the web (and even just how to set the password) I found that MANY MANY people are having this exact problem.

I found one page :
http://www.gotdotnet.com/Community/MessageBoard/Thread.aspx?id=157773

That indicated that Microsoft had a hotfix for this issue. However, it also mentions that the fix will be included in the next .NET Framework service pack, which came out this week and we installed it.

Any ideas on how to get this to work?
0
Comment
Question by:mrichmon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
11 Comments
 
LVL 35

Author Comment

by:mrichmon
ID: 11975403
Workaround (although NOT a fix) :

Instead of setting the password you can use the fact that it defaults to blank and then change it like so :

// Add user account
DirectoryEntry user = users.Add("CN=" + LastName + "\\, " + FirstName, "user");

// Set additional properties of new account
user.Properties["samAccountName"].Add(username); // Login name
user.Properties["givenName"].Add(FirstName); // First Name
user.Properties["sn"].Add(LastName); // Last Name

// Commit changes
user.CommitChanges();

ActiveDs.IADsUser tester = (ActiveDs.IADsUser)user.NativeObject;
tester.ChangePassword("", Mypassword);

// Commit password changes
user.CommitChanges();
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12183670
Anyone?
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12189818
mrichmon,
are you still finding a solution for this question?
0
Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

 
LVL 35

Author Comment

by:mrichmon
ID: 12191475
Yes I would still like an actual fix for this rather than just a work-around, but I think that may not be possible based on somethings I have heard on Microsoft newsgroups...
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12310457

Hi mrichmon,

After read your first post, I remembered that I came across to this problem before. I couldn't create a new user account and set password at once, but user account has to be created first, then set password, then set other account flags.

The following code should work without any error and leaves user account password blank. My guess for you is that this is the correct behaviour (if it's not a bug). Since a new created user account is always disabled and has pwdLastSet equal to 0 which means user must change password at the next logon and at this point any password set is ignored.

user.Properties["sAMAccountName"].Add(username);
user.Properties["givenName"].Add(FirstName);
user.Properties["sn"].Add(LastName);
user.Properties["userPassword"].Add(Mypassword);
user.CommitChanges();

I'm not sure what is exactly the problem you have, but it seems the binding user account has no enough permission to call SetPassword. The code below is to create a new user account and I have a similar code which is running in my production server without any problem.

class MyClass
{
      private const int ADS_UF_ACCOUNTDISABLEADS_UF_ACCOUNTDISABLE =  2;

      [STAThread]
      static void Main(string[] args)
      {
            String ldapPath = "LDAP://myMachine:389/CN=Users,DC=myDomain,DC=local";
            DirectoryEntry users = null;
            DirectoryEntry user  = null;
            try
            {
                  users = new DirectoryEntry();
                  users.Username = @"myDomain\admin";
                  users.Password = "Abcde123";
                  users.Path = ldapPath;
                  users.AuthenticationType = AuthenticationTypes.ServerBind;
                  users.RefreshCache();

                  user = users.Children.Add( "TestUser", "user" );

                  user.Properties["sAMAccountName"].Value = "TestUser";
                  user.Properties["givenName"].Value = "myFirstName";
                  user.Properties["sn"].Value = "myLastName";
                  user.CommitChanges();

                  user.Invoke( "SetPassword", new object[] { "Abcde123" } );
                  user.CommitChanges();

                  user.RefreshCache( new String[] { "userAccountControl" } );
                  int f = 0;
                  if ( user.Properties.Contains("userAccountControl") ) {
                        f = (int) user.Properties["userAccountControl"].Value;
                        user.Properties["userAccountControl"].Value = f & ~ADS_UF_ACCOUNTDISABLEADS_UF_ACCOUNTDISABLE;
                  }
                  user.CommitChanges();

            }
            catch (COMException)
            {
                  throw;
            }
            finally
            {
                  if ( users != null ) { users.Close(); users.Dispose(); }
                  if ( user != null ) { user.Close(); user.Dispose(); }
            }
            Console.Read();
      }
}
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12310494
Actually that code doesn't work.

There is a bug that causes it to work about once per server/service restart - then it throws a heap error.

A lot of people have mentioned this bug.  One person mentioned that Microsoft gave them a hotfix, but that it has not been publically released yet...
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12310545

I tried your code several times, just now..I don't seem have any exception except couldn't get the password set properly. I'm working with Windows 2003.
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12310571
And this is the code I used,

user.Properties["sAMAccountName"].Value = username;
user.Properties["givenName"].Value = FirstName;
user.Properties["sn"].Value = LastName;
user.Properties["userPassword"].Value  = Mypassword;
user.CommitChanges();
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12311041
Yes my servers were win 2003 also.

No that code doesn't actually set the password as I noted.

The code I ended up using as a work around used the ChangePassword command (see my first follow-up post to this one...)
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12574183
Closed, 500 points refunded.

modulo
Community Support Moderator
Experts Exchange
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Working from home is a dream for many people who aren’t happy about getting up early, going to the office, and spending long hours at work. There are lots of benefits of remote work for employees.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question