Link to home
Start Free TrialLog in
Avatar of linuxrox
linuxroxFlag for United States of America

asked on

How do I set "user cannot change password" property when adding a user in active directory with visual basic . net ?

Hello folks.  This is my code below and it works great but I cannot figure out how to set the "user cannot change password" attribute for the new user?  anyone know how to do this?  thank you so much!

Public Function AddUser(ByVal FirstName As String, ByVal LastName As String, ByVal MI As String,
                            ByVal username As String, ByVal group As String,
                            ByVal ssid As String, ByVal social As String, ByVal grade As String,
                            ByVal room As String, ByVal team As String, ByVal school As String, ByVal password As String)

        
        Dim displayname As String = FirstName & " " & MI & " " & LastName
               Dim DE As DirectoryEntry = New DirectoryEntry("LDAP://192.168.1.1/DC=my,DC=domain,DC=net")
        Dim OU As DirectoryEntry = DE.Children.Find("OU=my users, OU=users")
     
        Dim NewUser As DirectoryEntry = OU.Children.Add("CN=" & username, "User")
        NewUser.Properties("sAMAccountName").Value = username
      
        NewUser.Properties("GivenName").Add(FirstName)
        If Not MI = Nothing Then
            NewUser.Properties("initials").Add(MI)
        End If
        NewUser.Properties("sn").Add(LastName)
        NewUser.Properties("displayName").Add(displayname)
     
        NewUser.Properties("description").Add(group)
        NewUser.CommitChanges()
        NewUser.Invoke("SetPassword", password)
   
        Dim grp As DirectoryEntry = OU.Children.Find("CN=my group")
        Dim grp2 As DirectoryEntry = OU.Children.Find("CN=my group2")
        If grp.Name <> "" Then
            grp.Invoke("Add", NewUser.Path.ToString())
            grp2.Invoke("Add", NewUser.Path.ToString())
        End If

        Dim userACFlags As Object = NewUser.Properties("userAccountControl").Value
             NewUser.Properties("userAccountControl").Value = userACFlags Or &H200 Or &H10000 Xor &H2 ' 

              
        NewUser.CommitChanges()
        Console.WriteLine("Account Created Successfully")
    End Function

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Nasir Razzaq
Nasir Razzaq
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of linuxrox
linuxrox
Flag of United States of America image

ASKER

that's cool CodeCruiser and that's great for editing an account but is it possible to set it upon addition of a user?  I could run that code i guess after i successfully add an account to modify it but I just thought there surely was a way to set this attribute when you create an account.  maybe i'm incorrect on that though.
Avatar of Nasir Razzaq
Nasir Razzaq
Flag of United Kingdom of Great Britain and Northern Ireland image
I think its not a standard property like others so you may have to call that function after creating the user.
Avatar of linuxrox
linuxrox
Flag of United States of America image

ASKER

ahh, i see.  I've seen some .NET stuff that will do it but it's not using something most have seen.   I'll post it tomorrow and let you see, although i've not tried it yet.  it's a different set of functions i believe.
Avatar of linuxrox
linuxrox
Flag of United States of America image

ASKER

This is supposed to work but on my domain i get a crazy error like:
 InnerException: System.DirectoryServices.DirectoryServicesCOMException
       ErrorCode=-2147016654
       ExtendedError=8335
       ExtendedErrorMessage=0000208F: NameErr: DSID-031001D1, problem 2006 (BAD_NAME), data 8350, best match of:
      'testers,OU=People,DC=my,DC=domain,DC=net'

i call the function with this
AddUser("testers", "234200", "tester")

Open in new window


Any idea on this?

Private Sub AddUser(ByVal login As String, ByVal password As String, ByVal fullName As String)
        Dim dirEntry As DirectoryEntry
        dirEntry = New DirectoryEntry("LDAP://192.168.1.1/OU=People,DC=my,DC=domain,DC=net")

        Dim entries As DirectoryEntries = dirEntry.Children

        ' Set login name and full name.
        Dim newUser As DirectoryEntry = entries.Add(login, "User")

        newUser.Properties("FullName").Add(fullName)
        newUser.Properties("HomeDirectory").Add("C:\Sites\manjaly")
        newUser.Properties("Description").Add("Member of site")

        ' User must change password at next logon (1 - true, 0 - false)
        newUser.Properties("PasswordExpired").Add(0)

        ' Password never expires.
        'newUser.Properties("PasswordAge").Add(0)

        ' Set flags - User Cannot change password | Password never expires.
        newUser.Properties("Userflags").Add(&H40 Or &H10000)

        ' Set the password.
        Dim result As Object = newUser.Invoke("SetPassword", password)

        newUser.CommitChanges()

        ' Add user to the group "Members"
        Dim grp As DirectoryEntry = dirEntry.Children.Find("People", "group")
        If (Not grp Is Nothing) Then
            grp.Invoke("Add", New Object() {newUser.Path.ToString()})
        End If
    End Sub

Open in new window

Avatar of Nasir Razzaq
Nasir Razzaq
Flag of United Kingdom of Great Britain and Northern Ireland image
The error code seems to mean


LDAP_INVALID_DN_SYNTAX This error occurs when a distinguished name used for the creation of objects contains invalid characters.


http://www.selfadsi.org/errorcodes.htm
Avatar of linuxrox
linuxrox
Flag of United States of America image

ASKER

hmm, just can't understand where invalid characters are.  very strange.