发表新帖
发表新帖

Create Active Directory user in .NET (C#)

前端 未结
关注
3 1940
情深已故
情深已故 2021-02-01 06:08

I need to create a new user in Active Directory. I have found several examples like the following:

using System;
using System.DirectoryServices;

namespace test
相关标签:
3条回答
  • 暖寄归人
    2021-02-01 06:29

    Check the below code 

     DirectoryEntry ouEntry = new DirectoryEntry("LDAP://OU=TestOU,DC=TestDomain,DC=local");

        for (int i = 3; i < 6; i++)
        {
            try
            {
                DirectoryEntry childEntry = ouEntry.Children.Add("CN=TestUser" + i, "user");
                childEntry.CommitChanges();
                ouEntry.CommitChanges();
                childEntry.Invoke("SetPassword", new object[] { "password" });
                childEntry.CommitChanges();
            }
            catch (Exception ex)
            {

            }
        }
    0 讨论(0)
  • 情书的邮戳
    2021-02-01 06:47

    I think you are calling CommitChanges on the wrong DirectoryEntry. In the MSDN documentation (http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentries.add.aspx) it states the following (emphasis added by me)

    You must call the CommitChanges method on the new entry to make the creation permanent. When you call this method, you can then set mandatory property values on the new entry. The providers each have different requirements for properties that need to be set before a call to the CommitChanges method is made. If those requirements are not met, the provider might throw an exception. Check with your provider to determine which properties must be set before committing changes.

    So if you change your code to user.CommitChanges() it should work, if you need to set more properties than just the account name then you should get an exception.

    Since you're currently calling CommitChanges() on the OU which hasn't been altered there will be no exceptions.

    0 讨论(0)
  • 一向
    2021-02-01 06:49

    Assuming your OU path OU=x,DC=y,DC=com really exists - it should work :-)

    Things to check:

    • you're adding a value to the "samAccountName" - why don't you just set its value:

      user.Properties["sAMAccountName"].Value = username;

    Otherwise you might end up with several samAccountNames - and that won't work.....

    • you're not setting the userAccountControl property to anything - try using:

       user.Properties["userAccountControl"].Value = 512;  // normal account

    • do you have multiple domain controllers in your org? If you, and you're using this "server-less" binding (not specifying any server in the LDAP path), you could be surprised where the user gets created :-) and it'll take several minutes up to half an hour to synchronize across the whole network

    • do you have a strict password policy in place? Maybe that's the problem. I recall we used to have to create the user with the "doesn't require password" option first, do a first .CommitChanges(), then create a powerful enough password, set it on the user, and remove that user option.

    Marc

    0 讨论(0)
 看不清?
提交回复
热议问题