linuxrox
asked on
How do I set "user cannot change password" property when adding a user in active directory with visual basic . net ?
Hello folks. This is my code below and it works great but I cannot figure out how to set the "user cannot change password" attribute for the new user? anyone know how to do this? thank you so much!
Public Function AddUser(ByVal FirstName As String, ByVal LastName As String, ByVal MI As String,
ByVal username As String, ByVal group As String,
ByVal ssid As String, ByVal social As String, ByVal grade As String,
ByVal room As String, ByVal team As String, ByVal school As String, ByVal password As String)
Dim displayname As String = FirstName & " " & MI & " " & LastName
Dim DE As DirectoryEntry = New DirectoryEntry("LDAP://192.168.1.1/DC=my,DC=domain,DC=net")
Dim OU As DirectoryEntry = DE.Children.Find("OU=my users, OU=users")
Dim NewUser As DirectoryEntry = OU.Children.Add("CN=" & username, "User")
NewUser.Properties("sAMAccountName").Value = username
NewUser.Properties("GivenName").Add(FirstName)
If Not MI = Nothing Then
NewUser.Properties("initials").Add(MI)
End If
NewUser.Properties("sn").Add(LastName)
NewUser.Properties("displayName").Add(displayname)
NewUser.Properties("description").Add(group)
NewUser.CommitChanges()
NewUser.Invoke("SetPassword", password)
Dim grp As DirectoryEntry = OU.Children.Find("CN=my group")
Dim grp2 As DirectoryEntry = OU.Children.Find("CN=my group2")
If grp.Name <> "" Then
grp.Invoke("Add", NewUser.Path.ToString())
grp2.Invoke("Add", NewUser.Path.ToString())
End If
Dim userACFlags As Object = NewUser.Properties("userAccountControl").Value
NewUser.Properties("userAccountControl").Value = userACFlags Or &H200 Or &H10000 Xor &H2 '
NewUser.CommitChanges()
Console.WriteLine("Account Created Successfully")
End Function
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I think its not a standard property like others so you may have to call that function after creating the user.
ASKER
ahh, i see. I've seen some .NET stuff that will do it but it's not using something most have seen. I'll post it tomorrow and let you see, although i've not tried it yet. it's a different set of functions i believe.
ASKER
This is supposed to work but on my domain i get a crazy error like:
InnerException: System.DirectoryServices.D irectorySe rvicesCOME xception
ErrorCode=-2147016654
ExtendedError=8335
ExtendedErrorMessage=00002 08F: NameErr: DSID-031001D1, problem 2006 (BAD_NAME), data 8350, best match of:
'testers,OU=People,DC=my,D C=domain,D C=net'
i call the function with this
Any idea on this?
InnerException: System.DirectoryServices.D
ErrorCode=-2147016654
ExtendedError=8335
ExtendedErrorMessage=00002
'testers,OU=People,DC=my,D
i call the function with this
AddUser("testers", "234200", "tester")
Any idea on this?
Private Sub AddUser(ByVal login As String, ByVal password As String, ByVal fullName As String)
Dim dirEntry As DirectoryEntry
dirEntry = New DirectoryEntry("LDAP://192.168.1.1/OU=People,DC=my,DC=domain,DC=net")
Dim entries As DirectoryEntries = dirEntry.Children
' Set login name and full name.
Dim newUser As DirectoryEntry = entries.Add(login, "User")
newUser.Properties("FullName").Add(fullName)
newUser.Properties("HomeDirectory").Add("C:\Sites\manjaly")
newUser.Properties("Description").Add("Member of site")
' User must change password at next logon (1 - true, 0 - false)
newUser.Properties("PasswordExpired").Add(0)
' Password never expires.
'newUser.Properties("PasswordAge").Add(0)
' Set flags - User Cannot change password | Password never expires.
newUser.Properties("Userflags").Add(&H40 Or &H10000)
' Set the password.
Dim result As Object = newUser.Invoke("SetPassword", password)
newUser.CommitChanges()
' Add user to the group "Members"
Dim grp As DirectoryEntry = dirEntry.Children.Find("People", "group")
If (Not grp Is Nothing) Then
grp.Invoke("Add", New Object() {newUser.Path.ToString()})
End If
End Sub
The error code seems to mean
http://www.selfadsi.org/errorcodes.htm
LDAP_INVALID_DN_SYNTAX This error occurs when a distinguished name used for the creation of objects contains invalid characters.
http://www.selfadsi.org/errorcodes.htm
ASKER
hmm, just can't understand where invalid characters are. very strange.
ASKER