• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2059
  • Last Modified:

Creating user in Active directory with c# - problem with property Allow access in Dial-in

Hi,

I have to code a .dll in c# that will create/manage user in our active directory.
Everything works great, except one thing. Im not able select "Allow access" in Dial-in tab.
I try this line "newUser.Properties["msNPAllowDialin"].Add(true);". No error there with compilation or execution. But i see no change in AD.

Later if I search for this user throught c# code, i see that property msNPAllowdialin = true.

Am I missing something in my code? Or this problem is related to our AD ?

Thanks in advance for your help !
public void selectDomain(string ldapPath) {
            currentDomainDE = new DirectoryEntry(ldapPath);
            currentDomainDE.AuthenticationType = AuthenticationTypes.Secure;
        }
 
        public void CreateUserAccount(string _userName, string _userPassword, string _firstName, string _lastName,
                                      string _description, string _company)
        {
            try
            {
                DirectoryEntry newUser = currentDomainDE.Children.Add("CN=" + _userName, "user");
                newUser.Properties["samAccountName"].Value = _userName;
                newUser.Properties["sn"].Add(_lastName);
                newUser.Properties["givenname"].Add(_firstName);
                newUser.Properties["displayname"].Add(_firstName + " " + _lastName);
                newUser.Properties["description"].Add(_description);
                newUser.Properties["company"].Add(_company);
                newUser.CommitChanges();
 
                int flags = (int)newUser.Properties["userAccountControl"].Value;
                newUser.Properties["userAccountControl"].Value = (flags ^ 0x10000);
                newUser.Properties["msNPAllowDialin"].Add(true);
                newUser.CommitChanges();
                
                this.changePasswordUser(newUser, _userPassword);
 
                this.enableAccount(newUser);
 
                newUser.Close();
                this.closedDomain();
            }
            catch { .......}

Open in new window

0
zeppyboy
Asked:
zeppyboy
  • 4
  • 4
1 Solution
 
Chris DentPowerShell DeveloperCommented:

AD related I believe.

It depends a little, tell us about your domain if you could? Specifically, what Functional Level is your domain set to?

Mine works when set using a small script with Functional Level set to Windows 2003 Native.

And take a look at these two articles:

http://support.microsoft.com/default.aspx?scid=kb;en-us;252398
http://support.microsoft.com/default.aspx?scid=kb;en-us;257341

Chris

0
 
zeppyboyAuthor Commented:
Thanks Chris,

As soon as my network administrator is back from vacancy (monday), i will ask him what Functional Level is our domain, then i will come back.
0
 
Chris DentPowerShell DeveloperCommented:

Good stuff. Hopefully that's all it is :)

Chris
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
zeppyboyAuthor Commented:
I find the information.

Current domain functional level :
Windows 2000 mixed
0
 
Chris DentPowerShell DeveloperCommented:

There we go :)

You must switch to Native for the change to work as you expect in your existing code.

For whatever reason the attribute cannot be updated correctly using ADSI / DirectoryServices via LDAP in Mixed Mode.

Alternatively bind using the WinNT interface as described in:

http://support.microsoft.com/default.aspx?scid=kb;en-us;252398

However, there are no issues with changing to Native Mode unless you have Windows NT 4 Backup Domain Controllers on the Domain.

Chris
0
 
zeppyboyAuthor Commented:
I will be surprise if we have a NT4 DC. So i will ask him if we can go with Native Mode.

If not, i will try the other option with the .dll and winnt provider.
Do you know where i can find the ADSI SDK on MS website? All the links I try redirect to microsoft.com/windows/

Thanks for your help !
0
 
Chris DentPowerShell DeveloperCommented:

Hmm that's a good question.

You don't seem to be able to get it any more. I know they stopped doing any work on it quite a few years ago, but that doesn't help if they're still got references to it.

You can grab the file from here though:

http://microsoftluder.dk/resources/ADSI%20SDK%205%20HTML/rtk.htm#ras

Obviously we can't vouch for the validity of the files held on the site, so use them with care.

Chris
0
 
zeppyboyAuthor Commented:
For your information, with the modification of our domain from Windows 2000 Mixed to Windows 2000 Native, everything works great now. Thanks for your help !
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now