set account never expires and account enable

Feb 14, 2012 at 3:32 PM

Hi there,

trying to add an account with your amazing API...

 public static bool CreateUser(string userName, int companyId, AdUserRole role, string voorletters, string tussenvoegsel, string achternaam, string email)
        {
            var attributes = new Dictionary<string, object>
                                 {
                                     {"cn", userName},   
                                     {"company", companyId },         
                                     {"initials", voorletters },  
                                     {"givenname", voorletters},  
                                     {"sn", achternaam },          
                                     {"displayName", string.Format("{0} {1} {2}",  voorletters, tussenvoegsel, achternaam )},   
                                    {"Name", achternaam },   
                                     {"Title", role},
                                     {"mail", email},
                                     {"sAMAccountName", userName}//,
                       //              {"userAccountControl",  0x200}
                                 };   
            var factory = new LdapConnectionFactory(Domain);
            factory.AuthenticateAs(new NetworkCredential { Domain = Domain, Password = Password, UserName = UserName });
            using (var context = new DirectoryContext(factory.GetConnection(), true))
            {
                var added = context.Add(GetDistinguishedName(userName, GetOuName(userName), GetDomainDcs()), "User", attributes);
                return added != null;
            }
        }

 

But the account is disabled and password expires is set. How can I change these options when creating an accoubt?

R.

Coordinator
Feb 16, 2012 at 12:58 AM

I'm assuming you are using active directory.  According to this post http://www.selfadsi.org/create.htm you have to create the account allowing an empty password.  Here's the modified code with highlighted changes:

public static bool CreateUser(string userName, int companyId, AdUserRole role, string voorletters, string tussenvoegsel, string achternaam, string email)
{
    var attributes = new Dictionary<string, object>
                            {
                                {"cn", userName},   
                                {"company", companyId },         
                                {"initials", voorletters },  
                                {"givenname", voorletters},  
                                {"sn", achternaam },          
                                {"displayName", string.Format("{0} {1} {2}",  voorletters, tussenvoegsel, achternaam )},   
                            {"Name", achternaam },   
                                {"Title", role},
                                {"mail", email},
                                {"sAMAccountName", userName},
                                {"userAccountControl",  544}
                            };
    var factory = new LdapConnectionFactory(Domain);
    factory.AuthenticateAs(new NetworkCredential { Domain = Domain, Password = Password, UserName = UserName });
    using (var context = new DirectoryContext(factory.GetConnection(), true))
    {
        var added = context.Add(GetDistinguishedName(userName, GetOuName(userName), GetDomainDcs()), "User", attributes);
        added.Set("userPassword", "DefaultPassword");
        added.Set("userAccountControl", "512");
        added.Set("pwdLastSet", "0");
        added = context.Update(added);
        return added != null;
    }
}

Let me know if this works.

 

Mar 6, 2012 at 8:09 AM

Thanks for you help... But that's not exactly what I was looking for.

public bool CreateUser(string userName, int companyId, AdUserRole role, string voorletters, string tussenvoegsel, string achternaam, string email, string password)
        {
            var attributes = new Dictionary<string, object>
                            {
                                {"cn", userName},   
                                {"company", companyId },         
                                {"initials", voorletters },  
                                {"givenname", voorletters},  
                                {"sn", achternaam },          
                                {"displayName", string.Format("{0} {1} {2}",  voorletters, tussenvoegsel, achternaam )},   
                                {"Name", achternaam },   
                                {"Title", role},
                                {"mail", email},
                                {"sAMAccountName", userName},
                                {"userAccountControl",  544},
                                {"userPassword", password}

                            };
            var factory = new LdapConnectionFactory(Domain);
            factory.AuthenticateAs(new NetworkCredential { Domain = Domain, Password = Password, UserName = UserName });
            using (var context = new DirectoryContext(factory.GetConnection(), true))
            {
                var added = context.Add(GetDistinguishedName(userName, GetOuName(userName), GetDomainDcs()), "User", attributes);
                added.Set("userPassword", password);
                added.Set("userAccountControl", 512);
                added.Set("pwdLastSet",1);
                added = context.Update(added);
                return added != null;
            }
        }

I am trying to make a new AD account and the new password must never expire. Until the Context.Add it works fine. Then at the context.update I get the following error:

The server cannot handle directory requests.

When I want to logon with this new account the username/password combination is not good. After changing the password and the password never expires in the AD user options it works fine. Any Idees?

Thanks ... Ronald.

Coordinator
Mar 30, 2012 at 4:26 AM
Edited Mar 30, 2012 at 4:54 AM

It seems like the error you are receiving is related to how your directory server is set up.  I found this post on StackOverflow about it here.