Solved

Create user with System.DirectoryServices.AccountManagement

Posted on 2011-02-14
18
1,007 Views
Last Modified: 2012-05-11
Greetings,
I'm getting a "referal returned by server" error. The error pointing to the usr.Name = "Jim Daly"; Below is my code. May someone help. Thank you.

PrincipalContext ctx = new PrincipalContext(
                                         ContextType.Domain,
                                         "fabrikam.com",
                                         "OU=Florida, OU=Miami, DC=fabrikam,DC=com",
                                         "administrator",
                                         "securelyStoredPassword");

UserPrincipal usr = new UserPrincipal(ctx);

usr.Name = "Jim Daly";
usr.Description = "This is the user account for Jim Daly";
usr.EmailAddress = "jimdaly@fabrikam.com";
usr.SetPassword("securelyStoredPassword");
usr.Save();

usr.Dispose();
ctx.Dispose();

0
Comment
Question by:centem
  • 8
  • 7
  • 2
  • +1
18 Comments
 
LVL 14

Expert Comment

by:robasta
ID: 34887212
0
 

Author Comment

by:centem
ID: 34887266
Thanks for the article robasta.
I'm using a form instead of IIS. Connectivity seems to functioning, the error appears to point to user.Name = "Jim Daly"  
0
 

Author Comment

by:centem
ID: 34887392
    UserPrincipal usr = new UserPrincipal(ctx);
            usr.GivenName = "John";      // ******************I get error here *****************************************
            usr.Surname = "Doe";
            usr.ExpirePasswordNow();
            usr.Save();

            usr.Dispose();
            ctx.Dispose();
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 34887414
You need to pass a proper info to PrincipalContext

ie
"fabrikam.com" is not valid
if you copy exact code from here
http://msdn.microsoft.com/en-us/library/bb299773.aspx
0
 

Author Comment

by:centem
ID: 34887477
Yes I know. I didn't put it like that but I didn't want to publish our actual hostname/domain names. The error seems to ben when assinging the "John" to usr.GivenName.
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 34887612
0
 

Author Comment

by:centem
ID: 34887987
We don't have a UAC policies for this workstation (xp pro).
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888768
Try binding to a specific domain controller by passing it's name to the constructor of the PrincipalContext object - i.e. instead of fabrikam.com use dc1.fabrikam.com.
0
 

Author Comment

by:centem
ID: 34888869
thanks tgerbert,
I tried that but still not working. Would it not stop at the PrincipleContext portion if I had an authentication issue or would it error on the user.GivenName portion?
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888952
So far as I understand Active Directory, referrals are issued by a Domain Controller when it is unable to answer a query - for example, if you have more than one domain the forest and you ask for a list of users in a group the domain controller may refer you to another domain controller if those users are in a different domain than the DC servicing the query.  How that applies to your current situation is a little unclear to me...are you sure this user doesn't already exist in your AD somewhere?
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888971
...or perhaps bind to a global catalog server (if you're not already).
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888985
Ahh...it's probably failing the query for the OU you're creating your user in.

Are you in a single-domain environment?
0
 

Author Comment

by:centem
ID: 34889938
Yes this is a single domain environment.

In Active Directory management I have the following:
Active Directories Users and Computers -> domain.site.com -> Florida -> Miami -> Users

And I'm using:
PrincipalContext ctx = new PrincipalContext(
                                                     ContextType.Domain,
                                                     "ServerNameDC1.domain.site.com",
                                                     "OU=Florida, OU=Miami, OU=Users, DC=ServerNameDC1,DC=com",
                                                     "adminuser",
                                                     "password");

            UserPrincipal usr = new UserPrincipal(ctx);

            usr.GivenName = "John"; //*********************** I get error here ********************************
            usr.Surname = "Doe";

I'm I supposed to be using the CN= attribute? I'm in the learning stages so please bare with me.

0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34890024
No, CN would be one of the built-in containers like Domain.com->Users.  If you have users in an organizational unit named "Users", inside an OU named Miami, etc, then your container's path will be OU=Users,OU=Miami,OU=Florida,DC=domain,DC=com - or OU=Users,OU=Miami,OU=Florida,DC=site,DC=domain,DC=com, depending on what your domains name actually is.

Otherwise, if the users just sit in the "Miami" OU, then it'd be: OU=Miami,OU=Florida,DC=domain,DC=com - or OU=Miami,OU=Florida,DC=site,DC=domain,DC=com
0
 

Author Comment

by:centem
ID: 34890404
Thanks tgerbert,
shouldn't break during the PrincipleContext portion of the code other than when assigning GivenName. This is just incredibly puzzling because I've tried following all the guidance from MSDN and other sites on how this should be configured.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34890575
If I deliberately put in a bad path for the container it doesn't give me an exception until I try to set a value on the UserPrincipal object.
0
 

Author Comment

by:centem
ID: 34896181
How should the PrincipleContext be configured if I want to test it on a Lab Domain Controller.
0
 
LVL 33

Accepted Solution

by:
Todd Gerbert earned 500 total points
ID: 34897406
It'll be configured the same, just adjust the server and domain names accordingly, and build your container's LDAP path by starting with most specific item on the left, and going up the AD tree to the right, e.g. given:

fabrikam.com
|
+--California
|   |
|   +--LA
|      |
|      +--Marketing
|         |
|         +--Users
|            |
|            |--Bob
|            |
|            |--Ron
|            |
|         +--Computers
|            |
|            |--WRKSTN1
|            |
|            |--WRKSTN2
|            |
|      
|      +--Sales
|         |
|         +--Users
|            |
|            |--John
|            |
|            |--Joe
|            |
|         +--Computers
|            |
|            |--WRKSTN3
|            |
|            |--WRKSTN4
|            |
|
|
+--Florida
|   |
|   +--Miami
|      |
|      +--Marketing
|         |
|         +--Users
|            |
|            |--Jack
|            |
|            |--Jeff
|            |
|         +--Computers
|            |
|            |--WRKSTN5
|            |
|            |--WRKSTN6
|            |
|      |
|      +--Sales
|         |
|         +--Users
|            |
|            |--Sue
|            |
|            |--Sally
|            |
|         +--Computers
|            |
|            |--WRKSTN7
|            |
|            |--WRKSTN8
|            |

Open in new window

If you wanted to create a user in Miami's marketing department, your container LDAP path would look like: OU=Users,OU=Marketing,OU=Miami,OU=Florida,DC=fabrikam,DC=com
0

Join & Write a Comment

Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now