Solved

Create user with System.DirectoryServices.AccountManagement

Posted on 2011-02-14
18
1,017 Views
Last Modified: 2012-05-11
Greetings,
I'm getting a "referal returned by server" error. The error pointing to the usr.Name = "Jim Daly"; Below is my code. May someone help. Thank you.

PrincipalContext ctx = new PrincipalContext(
                                         ContextType.Domain,
                                         "fabrikam.com",
                                         "OU=Florida, OU=Miami, DC=fabrikam,DC=com",
                                         "administrator",
                                         "securelyStoredPassword");

UserPrincipal usr = new UserPrincipal(ctx);

usr.Name = "Jim Daly";
usr.Description = "This is the user account for Jim Daly";
usr.EmailAddress = "jimdaly@fabrikam.com";
usr.SetPassword("securelyStoredPassword");
usr.Save();

usr.Dispose();
ctx.Dispose();

0
Comment
Question by:centem
  • 8
  • 7
  • 2
  • +1
18 Comments
 
LVL 14

Expert Comment

by:robasta
ID: 34887212
0
 

Author Comment

by:centem
ID: 34887266
Thanks for the article robasta.
I'm using a form instead of IIS. Connectivity seems to functioning, the error appears to point to user.Name = "Jim Daly"  
0
 

Author Comment

by:centem
ID: 34887392
    UserPrincipal usr = new UserPrincipal(ctx);
            usr.GivenName = "John";      // ******************I get error here *****************************************
            usr.Surname = "Doe";
            usr.ExpirePasswordNow();
            usr.Save();

            usr.Dispose();
            ctx.Dispose();
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 26

Expert Comment

by:EDDYKT
ID: 34887414
You need to pass a proper info to PrincipalContext

ie
"fabrikam.com" is not valid
if you copy exact code from here
http://msdn.microsoft.com/en-us/library/bb299773.aspx
0
 

Author Comment

by:centem
ID: 34887477
Yes I know. I didn't put it like that but I didn't want to publish our actual hostname/domain names. The error seems to ben when assinging the "John" to usr.GivenName.
0
 
LVL 26

Expert Comment

by:EDDYKT
ID: 34887612
0
 

Author Comment

by:centem
ID: 34887987
We don't have a UAC policies for this workstation (xp pro).
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888768
Try binding to a specific domain controller by passing it's name to the constructor of the PrincipalContext object - i.e. instead of fabrikam.com use dc1.fabrikam.com.
0
 

Author Comment

by:centem
ID: 34888869
thanks tgerbert,
I tried that but still not working. Would it not stop at the PrincipleContext portion if I had an authentication issue or would it error on the user.GivenName portion?
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888952
So far as I understand Active Directory, referrals are issued by a Domain Controller when it is unable to answer a query - for example, if you have more than one domain the forest and you ask for a list of users in a group the domain controller may refer you to another domain controller if those users are in a different domain than the DC servicing the query.  How that applies to your current situation is a little unclear to me...are you sure this user doesn't already exist in your AD somewhere?
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888971
...or perhaps bind to a global catalog server (if you're not already).
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34888985
Ahh...it's probably failing the query for the OU you're creating your user in.

Are you in a single-domain environment?
0
 

Author Comment

by:centem
ID: 34889938
Yes this is a single domain environment.

In Active Directory management I have the following:
Active Directories Users and Computers -> domain.site.com -> Florida -> Miami -> Users

And I'm using:
PrincipalContext ctx = new PrincipalContext(
                                                     ContextType.Domain,
                                                     "ServerNameDC1.domain.site.com",
                                                     "OU=Florida, OU=Miami, OU=Users, DC=ServerNameDC1,DC=com",
                                                     "adminuser",
                                                     "password");

            UserPrincipal usr = new UserPrincipal(ctx);

            usr.GivenName = "John"; //*********************** I get error here ********************************
            usr.Surname = "Doe";

I'm I supposed to be using the CN= attribute? I'm in the learning stages so please bare with me.

0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34890024
No, CN would be one of the built-in containers like Domain.com->Users.  If you have users in an organizational unit named "Users", inside an OU named Miami, etc, then your container's path will be OU=Users,OU=Miami,OU=Florida,DC=domain,DC=com - or OU=Users,OU=Miami,OU=Florida,DC=site,DC=domain,DC=com, depending on what your domains name actually is.

Otherwise, if the users just sit in the "Miami" OU, then it'd be: OU=Miami,OU=Florida,DC=domain,DC=com - or OU=Miami,OU=Florida,DC=site,DC=domain,DC=com
0
 

Author Comment

by:centem
ID: 34890404
Thanks tgerbert,
shouldn't break during the PrincipleContext portion of the code other than when assigning GivenName. This is just incredibly puzzling because I've tried following all the guidance from MSDN and other sites on how this should be configured.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 34890575
If I deliberately put in a bad path for the container it doesn't give me an exception until I try to set a value on the UserPrincipal object.
0
 

Author Comment

by:centem
ID: 34896181
How should the PrincipleContext be configured if I want to test it on a Lab Domain Controller.
0
 
LVL 33

Accepted Solution

by:
Todd Gerbert earned 500 total points
ID: 34897406
It'll be configured the same, just adjust the server and domain names accordingly, and build your container's LDAP path by starting with most specific item on the left, and going up the AD tree to the right, e.g. given:

fabrikam.com
|
+--California
|   |
|   +--LA
|      |
|      +--Marketing
|         |
|         +--Users
|            |
|            |--Bob
|            |
|            |--Ron
|            |
|         +--Computers
|            |
|            |--WRKSTN1
|            |
|            |--WRKSTN2
|            |
|      
|      +--Sales
|         |
|         +--Users
|            |
|            |--John
|            |
|            |--Joe
|            |
|         +--Computers
|            |
|            |--WRKSTN3
|            |
|            |--WRKSTN4
|            |
|
|
+--Florida
|   |
|   +--Miami
|      |
|      +--Marketing
|         |
|         +--Users
|            |
|            |--Jack
|            |
|            |--Jeff
|            |
|         +--Computers
|            |
|            |--WRKSTN5
|            |
|            |--WRKSTN6
|            |
|      |
|      +--Sales
|         |
|         +--Users
|            |
|            |--Sue
|            |
|            |--Sally
|            |
|         +--Computers
|            |
|            |--WRKSTN7
|            |
|            |--WRKSTN8
|            |

Open in new window

If you wanted to create a user in Miami's marketing department, your container LDAP path would look like: OU=Users,OU=Marketing,OU=Miami,OU=Florida,DC=fabrikam,DC=com
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn how to make Android Gesture Tutorial and give different functionality whenever a user Touch or Scroll android screen.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question