• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1085
  • Last Modified:

How do I set "user cannot change password" property when adding a user in active directory with visual basic . net ?

Hello folks.  This is my code below and it works great but I cannot figure out how to set the "user cannot change password" attribute for the new user?  anyone know how to do this?  thank you so much!

Public Function AddUser(ByVal FirstName As String, ByVal LastName As String, ByVal MI As String,
                            ByVal username As String, ByVal group As String,
                            ByVal ssid As String, ByVal social As String, ByVal grade As String,
                            ByVal room As String, ByVal team As String, ByVal school As String, ByVal password As String)

        Dim displayname As String = FirstName & " " & MI & " " & LastName
               Dim DE As DirectoryEntry = New DirectoryEntry("LDAP://,DC=domain,DC=net")
        Dim OU As DirectoryEntry = DE.Children.Find("OU=my users, OU=users")
        Dim NewUser As DirectoryEntry = OU.Children.Add("CN=" & username, "User")
        NewUser.Properties("sAMAccountName").Value = username
        If Not MI = Nothing Then
        End If
        NewUser.Invoke("SetPassword", password)
        Dim grp As DirectoryEntry = OU.Children.Find("CN=my group")
        Dim grp2 As DirectoryEntry = OU.Children.Find("CN=my group2")
        If grp.Name <> "" Then
            grp.Invoke("Add", NewUser.Path.ToString())
            grp2.Invoke("Add", NewUser.Path.ToString())
        End If

        Dim userACFlags As Object = NewUser.Properties("userAccountControl").Value
             NewUser.Properties("userAccountControl").Value = userACFlags Or &H200 Or &H10000 Xor &H2 ' 

        Console.WriteLine("Account Created Successfully")
    End Function

Open in new window

  • 4
  • 3
1 Solution
linuxroxAuthor Commented:
that's cool CodeCruiser and that's great for editing an account but is it possible to set it upon addition of a user?  I could run that code i guess after i successfully add an account to modify it but I just thought there surely was a way to set this attribute when you create an account.  maybe i'm incorrect on that though.
I think its not a standard property like others so you may have to call that function after creating the user.
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

linuxroxAuthor Commented:
ahh, i see.  I've seen some .NET stuff that will do it but it's not using something most have seen.   I'll post it tomorrow and let you see, although i've not tried it yet.  it's a different set of functions i believe.
linuxroxAuthor Commented:
This is supposed to work but on my domain i get a crazy error like:
 InnerException: System.DirectoryServices.DirectoryServicesCOMException
       ExtendedErrorMessage=0000208F: NameErr: DSID-031001D1, problem 2006 (BAD_NAME), data 8350, best match of:

i call the function with this
AddUser("testers", "234200", "tester")

Open in new window

Any idea on this?

Private Sub AddUser(ByVal login As String, ByVal password As String, ByVal fullName As String)
        Dim dirEntry As DirectoryEntry
        dirEntry = New DirectoryEntry("LDAP://,DC=my,DC=domain,DC=net")

        Dim entries As DirectoryEntries = dirEntry.Children

        ' Set login name and full name.
        Dim newUser As DirectoryEntry = entries.Add(login, "User")

        newUser.Properties("Description").Add("Member of site")

        ' User must change password at next logon (1 - true, 0 - false)

        ' Password never expires.

        ' Set flags - User Cannot change password | Password never expires.
        newUser.Properties("Userflags").Add(&H40 Or &H10000)

        ' Set the password.
        Dim result As Object = newUser.Invoke("SetPassword", password)


        ' Add user to the group "Members"
        Dim grp As DirectoryEntry = dirEntry.Children.Find("People", "group")
        If (Not grp Is Nothing) Then
            grp.Invoke("Add", New Object() {newUser.Path.ToString()})
        End If
    End Sub

Open in new window

The error code seems to mean

LDAP_INVALID_DN_SYNTAX This error occurs when a distinguished name used for the creation of objects contains invalid characters.

linuxroxAuthor Commented:
hmm, just can't understand where invalid characters are.  very strange.

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now