Solved

Create user with System.DirectoryServices.AccountManagement

Posted on 2011-02-14
18
1,010 Views
Last Modified: 2012-05-11
Greetings,
I'm getting a "referal returned by server" error. The error pointing to the usr.Name = "Jim Daly"; Below is my code. May someone help. Thank you.

PrincipalContext ctx = new PrincipalContext(
                                         ContextType.Domain,
                                         "fabrikam.com",
                                         "OU=Florida, OU=Miami, DC=fabrikam,DC=com",
                                         "administrator",
                                         "securelyStoredPassword");

UserPrincipal usr = new UserPrincipal(ctx);

usr.Name = "Jim Daly";
usr.Description = "This is the user account for Jim Daly";
usr.EmailAddress = "jimdaly@fabrikam.com";
usr.SetPassword("securelyStoredPassword");
usr.Save();

usr.Dispose();
ctx.Dispose();

0
Comment
Question by:centem
  • 8
  • 7
  • 2
  • +1
18 Comments
 
LVL 14

Expert Comment

by:robasta
ID: 34887212
0
 

Author Comment

by:centem
ID: 34887266
Thanks for the article robasta.
I'm using a form instead of IIS. Connectivity seems to functioning, the error appears to point to user.Name = "Jim Daly"  
0
 

Author Comment

by:centem
ID: 34887392
    UserPrincipal usr = new UserPrincipal(ctx);
            usr.GivenName = "John";      // ******************I get error here *****************************************
            usr.Surname = "Doe";
            usr.ExpirePasswordNow();
            usr.Save();

            usr.Dispose();
            ctx.Dispose();
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 34887414
You need to pass a proper info to PrincipalContext

ie
"fabrikam.com" is not valid
if you copy exact code from here
http://msdn.microsoft.com/en-us/library/bb299773.aspx
0
 

Author Comment

by:centem
ID: 34887477
Yes I know. I didn't put it like that but I didn't want to publish our actual hostname/domain names. The error seems to ben when assinging the "John" to usr.GivenName.
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 34887612
0
 

Author Comment

by:centem
ID: 34887987
We don't have a UAC policies for this workstation (xp pro).
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888768
Try binding to a specific domain controller by passing it's name to the constructor of the PrincipalContext object - i.e. instead of fabrikam.com use dc1.fabrikam.com.
0
 

Author Comment

by:centem
ID: 34888869
thanks tgerbert,
I tried that but still not working. Would it not stop at the PrincipleContext portion if I had an authentication issue or would it error on the user.GivenName portion?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888952
So far as I understand Active Directory, referrals are issued by a Domain Controller when it is unable to answer a query - for example, if you have more than one domain the forest and you ask for a list of users in a group the domain controller may refer you to another domain controller if those users are in a different domain than the DC servicing the query.  How that applies to your current situation is a little unclear to me...are you sure this user doesn't already exist in your AD somewhere?
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888971
...or perhaps bind to a global catalog server (if you're not already).
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888985
Ahh...it's probably failing the query for the OU you're creating your user in.

Are you in a single-domain environment?
0
 

Author Comment

by:centem
ID: 34889938
Yes this is a single domain environment.

In Active Directory management I have the following:
Active Directories Users and Computers -> domain.site.com -> Florida -> Miami -> Users

And I'm using:
PrincipalContext ctx = new PrincipalContext(
                                                     ContextType.Domain,
                                                     "ServerNameDC1.domain.site.com",
                                                     "OU=Florida, OU=Miami, OU=Users, DC=ServerNameDC1,DC=com",
                                                     "adminuser",
                                                     "password");

            UserPrincipal usr = new UserPrincipal(ctx);

            usr.GivenName = "John"; //*********************** I get error here ********************************
            usr.Surname = "Doe";

I'm I supposed to be using the CN= attribute? I'm in the learning stages so please bare with me.

0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34890024
No, CN would be one of the built-in containers like Domain.com->Users.  If you have users in an organizational unit named "Users", inside an OU named Miami, etc, then your container's path will be OU=Users,OU=Miami,OU=Florida,DC=domain,DC=com - or OU=Users,OU=Miami,OU=Florida,DC=site,DC=domain,DC=com, depending on what your domains name actually is.

Otherwise, if the users just sit in the "Miami" OU, then it'd be: OU=Miami,OU=Florida,DC=domain,DC=com - or OU=Miami,OU=Florida,DC=site,DC=domain,DC=com
0
 

Author Comment

by:centem
ID: 34890404
Thanks tgerbert,
shouldn't break during the PrincipleContext portion of the code other than when assigning GivenName. This is just incredibly puzzling because I've tried following all the guidance from MSDN and other sites on how this should be configured.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34890575
If I deliberately put in a bad path for the container it doesn't give me an exception until I try to set a value on the UserPrincipal object.
0
 

Author Comment

by:centem
ID: 34896181
How should the PrincipleContext be configured if I want to test it on a Lab Domain Controller.
0
 
LVL 33

Accepted Solution

by:
Todd Gerbert earned 500 total points
ID: 34897406
It'll be configured the same, just adjust the server and domain names accordingly, and build your container's LDAP path by starting with most specific item on the left, and going up the AD tree to the right, e.g. given:

fabrikam.com
|
+--California
|   |
|   +--LA
|      |
|      +--Marketing
|         |
|         +--Users
|            |
|            |--Bob
|            |
|            |--Ron
|            |
|         +--Computers
|            |
|            |--WRKSTN1
|            |
|            |--WRKSTN2
|            |
|      
|      +--Sales
|         |
|         +--Users
|            |
|            |--John
|            |
|            |--Joe
|            |
|         +--Computers
|            |
|            |--WRKSTN3
|            |
|            |--WRKSTN4
|            |
|
|
+--Florida
|   |
|   +--Miami
|      |
|      +--Marketing
|         |
|         +--Users
|            |
|            |--Jack
|            |
|            |--Jeff
|            |
|         +--Computers
|            |
|            |--WRKSTN5
|            |
|            |--WRKSTN6
|            |
|      |
|      +--Sales
|         |
|         +--Users
|            |
|            |--Sue
|            |
|            |--Sally
|            |
|         +--Computers
|            |
|            |--WRKSTN7
|            |
|            |--WRKSTN8
|            |

Open in new window

If you wanted to create a user in Miami's marketing department, your container LDAP path would look like: OU=Users,OU=Marketing,OU=Miami,OU=Florida,DC=fabrikam,DC=com
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now