Reputation: 3143
Setting Active Directory user account for first time
I'm using the code below to create a new active directory user. The account is created successfully, but when i try to login to my domain i get the message "make sure you entered the password for your work or school account". I made sure that the password is entered correctly and that the account is enabled and unlocked in the active directory.
DirectoryEntry entry = new DirectoryEntry(createLdapPath);
try
{
DirectoryEntry newUser = entry.Children.Add("CN = " + userName, "USER");
newUser.Properties["targetAddress"].Value = "SMTP:" + userName + "@mydomain.onmicrosoft.com";
newUser.Properties["extensionAttribute15"].Value = "EDU";
newUser.Properties["proxyAddresses"].Add("SMTP:" + userName + "@mydomain1.edu");
newUser.Properties["proxyAddresses"].Add("smtp:" + userName + "@mydomain.onmicrosoft.com");
newUser.Properties["proxyAddresses"].Add("smtp:" + userName + "@mydomain2.mail.onmicrosoft.com");
newUser.Properties["givenName"].Value = fname;
newUser.Properties["sn"].Value = lname;
newUser.Properties["displayName"].Value = fname + " " + lname;
newUser.Properties["mail"].Value = fname.ToLower() + "." + lname.ToLower() + "@mydomain.edu";
newUser.Properties["sAMAccountName"].Value = fname.ToLower() + "." + lname.ToLower();
newUser.Properties["userPrincipalName"].Insert(0, fname.ToLower() + "." + lname.ToLower() + "@mydomain.edu");
newUser.CommitChanges();
newUser.Invoke("SetPassword", new object[] { "myStrongPassword" });
newUser.CommitChanges();
newUser.Close();
string strUserName = userName;
DirectoryEntry usr = entry;
DirectorySearcher searcher = new DirectorySearcher(usr);
searcher.Filter = "(SAMAccountName=" + strUserName + ")";
searcher.CacheResults = false;
SearchResult result = searcher.FindOne();
usr = result.GetDirectoryEntry();
usr.Properties["LockOutTime"].Value = 0;
int old_UAC = (int)usr.Properties["userAccountControl"][0];
// AD user account disable flag
int ADS_UF_ACCOUNTDISABLE = 2;
// To enable an ad user account, we need to clear the disable bit/flag:
usr.Properties["userAccountControl"][0] = (old_UAC & ~ADS_UF_ACCOUNTDISABLE);
usr.CommitChanges();
usr.Close();
entry.Close();
}
catch (Exception ex)
{}
I can only login when i open "Active Directory users and Computers" and navigate to my newly created account--> Right Click--> Reset Password. Then enter the password again and also check on "Unlock user". This way when i try to login again it works fine.
What could I possibly be missing or mistaken in in my code?
Upvotes: 0
Views: 900
Answers (2)
Reputation: 3143
It turned out that Active Directory synced hasn't run yet with Office 365 and that's why i couldn't login with the user account. I could sync manually by running Task Scheduler Active Directory sync task.
Upvotes: 1
Reputation: 41008
You shouldn't need to close the 'newUser' object and rebind. Here is my code that is running in our production environment:
//Create user
newUser.CommitChanges();
newUser.Invoke("SetPassword", password);
newUser.Properties["userAccountControl"].Value = 512;
newUser.CommitChanges();
newUser.Close();
It's also possible that "(old_UAC & ~ADS_UF_ACCOUNTDISABLE)" doesn't turn out to be 512 (ADS_UF_NORMAL_ACCOUNT).
Upvotes: 1
Related Questions
- Validate a username and password against Active Directory?
- Active Directory The object already exists using SetPassword and new object []{}
- Authentication against Active Directory.. Necessity of DirectorySearcher
- OKTA REST API - Change user password who is connected with Active Directory
- Changing Active Directory user passwords in c#/asp.net after MS patch KB3167679
- What are the differences between LDAP and Active Directory?
- Active Directory Authentication
- How to Retrieve A/D User Information for a user
- Determining whether the current user is logging into Active Directory (or is a valid active directory user)
- Query Active Directory under NT AUTHORITY/NETWORK SERVICE