Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Create user with System.DirectoryServices.AccountManagement

Posted on 2011-02-14
18
Medium Priority
?
1,038 Views
Last Modified: 2012-05-11
Greetings,
I'm getting a "referal returned by server" error. The error pointing to the usr.Name = "Jim Daly"; Below is my code. May someone help. Thank you.

PrincipalContext ctx = new PrincipalContext(
                                         ContextType.Domain,
                                         "fabrikam.com",
                                         "OU=Florida, OU=Miami, DC=fabrikam,DC=com",
                                         "administrator",
                                         "securelyStoredPassword");

UserPrincipal usr = new UserPrincipal(ctx);

usr.Name = "Jim Daly";
usr.Description = "This is the user account for Jim Daly";
usr.EmailAddress = "jimdaly@fabrikam.com";
usr.SetPassword("securelyStoredPassword");
usr.Save();

usr.Dispose();
ctx.Dispose();

0
Comment
Question by:centem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
  • 2
  • +1
18 Comments
 
LVL 14

Expert Comment

by:robasta
ID: 34887212
0
 

Author Comment

by:centem
ID: 34887266
Thanks for the article robasta.
I'm using a form instead of IIS. Connectivity seems to functioning, the error appears to point to user.Name = "Jim Daly"  
0
 

Author Comment

by:centem
ID: 34887392
    UserPrincipal usr = new UserPrincipal(ctx);
            usr.GivenName = "John";      // ******************I get error here *****************************************
            usr.Surname = "Doe";
            usr.ExpirePasswordNow();
            usr.Save();

            usr.Dispose();
            ctx.Dispose();
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 26

Expert Comment

by:EDDYKT
ID: 34887414
You need to pass a proper info to PrincipalContext

ie
"fabrikam.com" is not valid
if you copy exact code from here
http://msdn.microsoft.com/en-us/library/bb299773.aspx
0
 

Author Comment

by:centem
ID: 34887477
Yes I know. I didn't put it like that but I didn't want to publish our actual hostname/domain names. The error seems to ben when assinging the "John" to usr.GivenName.
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 34887612
0
 

Author Comment

by:centem
ID: 34887987
We don't have a UAC policies for this workstation (xp pro).
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888768
Try binding to a specific domain controller by passing it's name to the constructor of the PrincipalContext object - i.e. instead of fabrikam.com use dc1.fabrikam.com.
0
 

Author Comment

by:centem
ID: 34888869
thanks tgerbert,
I tried that but still not working. Would it not stop at the PrincipleContext portion if I had an authentication issue or would it error on the user.GivenName portion?
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888952
So far as I understand Active Directory, referrals are issued by a Domain Controller when it is unable to answer a query - for example, if you have more than one domain the forest and you ask for a list of users in a group the domain controller may refer you to another domain controller if those users are in a different domain than the DC servicing the query.  How that applies to your current situation is a little unclear to me...are you sure this user doesn't already exist in your AD somewhere?
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888971
...or perhaps bind to a global catalog server (if you're not already).
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888985
Ahh...it's probably failing the query for the OU you're creating your user in.

Are you in a single-domain environment?
0
 

Author Comment

by:centem
ID: 34889938
Yes this is a single domain environment.

In Active Directory management I have the following:
Active Directories Users and Computers -> domain.site.com -> Florida -> Miami -> Users

And I'm using:
PrincipalContext ctx = new PrincipalContext(
                                                     ContextType.Domain,
                                                     "ServerNameDC1.domain.site.com",
                                                     "OU=Florida, OU=Miami, OU=Users, DC=ServerNameDC1,DC=com",
                                                     "adminuser",
                                                     "password");

            UserPrincipal usr = new UserPrincipal(ctx);

            usr.GivenName = "John"; //*********************** I get error here ********************************
            usr.Surname = "Doe";

I'm I supposed to be using the CN= attribute? I'm in the learning stages so please bare with me.

0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34890024
No, CN would be one of the built-in containers like Domain.com->Users.  If you have users in an organizational unit named "Users", inside an OU named Miami, etc, then your container's path will be OU=Users,OU=Miami,OU=Florida,DC=domain,DC=com - or OU=Users,OU=Miami,OU=Florida,DC=site,DC=domain,DC=com, depending on what your domains name actually is.

Otherwise, if the users just sit in the "Miami" OU, then it'd be: OU=Miami,OU=Florida,DC=domain,DC=com - or OU=Miami,OU=Florida,DC=site,DC=domain,DC=com
0
 

Author Comment

by:centem
ID: 34890404
Thanks tgerbert,
shouldn't break during the PrincipleContext portion of the code other than when assigning GivenName. This is just incredibly puzzling because I've tried following all the guidance from MSDN and other sites on how this should be configured.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34890575
If I deliberately put in a bad path for the container it doesn't give me an exception until I try to set a value on the UserPrincipal object.
0
 

Author Comment

by:centem
ID: 34896181
How should the PrincipleContext be configured if I want to test it on a Lab Domain Controller.
0
 
LVL 33

Accepted Solution

by:
Todd Gerbert earned 2000 total points
ID: 34897406
It'll be configured the same, just adjust the server and domain names accordingly, and build your container's LDAP path by starting with most specific item on the left, and going up the AD tree to the right, e.g. given:

fabrikam.com
|
+--California
|   |
|   +--LA
|      |
|      +--Marketing
|         |
|         +--Users
|            |
|            |--Bob
|            |
|            |--Ron
|            |
|         +--Computers
|            |
|            |--WRKSTN1
|            |
|            |--WRKSTN2
|            |
|      
|      +--Sales
|         |
|         +--Users
|            |
|            |--John
|            |
|            |--Joe
|            |
|         +--Computers
|            |
|            |--WRKSTN3
|            |
|            |--WRKSTN4
|            |
|
|
+--Florida
|   |
|   +--Miami
|      |
|      +--Marketing
|         |
|         +--Users
|            |
|            |--Jack
|            |
|            |--Jeff
|            |
|         +--Computers
|            |
|            |--WRKSTN5
|            |
|            |--WRKSTN6
|            |
|      |
|      +--Sales
|         |
|         +--Users
|            |
|            |--Sue
|            |
|            |--Sally
|            |
|         +--Computers
|            |
|            |--WRKSTN7
|            |
|            |--WRKSTN8
|            |

Open in new window

If you wanted to create a user in Miami's marketing department, your container LDAP path would look like: OU=Users,OU=Marketing,OU=Miami,OU=Florida,DC=fabrikam,DC=com
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question