Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Creating user in Active directory with c# - problem with property Allow access in Dial-in

Posted on 2008-06-25
8
2,015 Views
Last Modified: 2013-12-16
Hi,

I have to code a .dll in c# that will create/manage user in our active directory.
Everything works great, except one thing. Im not able select "Allow access" in Dial-in tab.
I try this line "newUser.Properties["msNPAllowDialin"].Add(true);". No error there with compilation or execution. But i see no change in AD.

Later if I search for this user throught c# code, i see that property msNPAllowdialin = true.

Am I missing something in my code? Or this problem is related to our AD ?

Thanks in advance for your help !
public void selectDomain(string ldapPath) {
            currentDomainDE = new DirectoryEntry(ldapPath);
            currentDomainDE.AuthenticationType = AuthenticationTypes.Secure;
        }
 
        public void CreateUserAccount(string _userName, string _userPassword, string _firstName, string _lastName,
                                      string _description, string _company)
        {
            try
            {
                DirectoryEntry newUser = currentDomainDE.Children.Add("CN=" + _userName, "user");
                newUser.Properties["samAccountName"].Value = _userName;
                newUser.Properties["sn"].Add(_lastName);
                newUser.Properties["givenname"].Add(_firstName);
                newUser.Properties["displayname"].Add(_firstName + " " + _lastName);
                newUser.Properties["description"].Add(_description);
                newUser.Properties["company"].Add(_company);
                newUser.CommitChanges();
 
                int flags = (int)newUser.Properties["userAccountControl"].Value;
                newUser.Properties["userAccountControl"].Value = (flags ^ 0x10000);
                newUser.Properties["msNPAllowDialin"].Add(true);
                newUser.CommitChanges();
                
                this.changePasswordUser(newUser, _userPassword);
 
                this.enableAccount(newUser);
 
                newUser.Close();
                this.closedDomain();
            }
            catch { .......}

Open in new window

0
Comment
Question by:zeppyboy
  • 4
  • 4
8 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 21874210

AD related I believe.

It depends a little, tell us about your domain if you could? Specifically, what Functional Level is your domain set to?

Mine works when set using a small script with Functional Level set to Windows 2003 Native.

And take a look at these two articles:

http://support.microsoft.com/default.aspx?scid=kb;en-us;252398
http://support.microsoft.com/default.aspx?scid=kb;en-us;257341

Chris

0
 

Author Comment

by:zeppyboy
ID: 21878741
Thanks Chris,

As soon as my network administrator is back from vacancy (monday), i will ask him what Functional Level is our domain, then i will come back.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 21879014

Good stuff. Hopefully that's all it is :)

Chris
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:zeppyboy
ID: 21883075
I find the information.

Current domain functional level :
Windows 2000 mixed
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 130 total points
ID: 21883112

There we go :)

You must switch to Native for the change to work as you expect in your existing code.

For whatever reason the attribute cannot be updated correctly using ADSI / DirectoryServices via LDAP in Mixed Mode.

Alternatively bind using the WinNT interface as described in:

http://support.microsoft.com/default.aspx?scid=kb;en-us;252398

However, there are no issues with changing to Native Mode unless you have Windows NT 4 Backup Domain Controllers on the Domain.

Chris
0
 

Author Comment

by:zeppyboy
ID: 21883240
I will be surprise if we have a NT4 DC. So i will ask him if we can go with Native Mode.

If not, i will try the other option with the .dll and winnt provider.
Do you know where i can find the ADSI SDK on MS website? All the links I try redirect to microsoft.com/windows/

Thanks for your help !
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 21883493

Hmm that's a good question.

You don't seem to be able to get it any more. I know they stopped doing any work on it quite a few years ago, but that doesn't help if they're still got references to it.

You can grab the file from here though:

http://microsoftluder.dk/resources/ADSI%20SDK%205%20HTML/rtk.htm#ras

Obviously we can't vouch for the validity of the files held on the site, so use them with care.

Chris
0
 

Author Comment

by:zeppyboy
ID: 21947585
For your information, with the modification of our domain from Windows 2000 Mixed to Windows 2000 Native, everything works great now. Thanks for your help !
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question