D
Daniel Knöpfel
Hello all
In our project we have been using the samAccount name to authenticate users
against the active directory. As the samAccountName is limited to 20
characters, we are going to use the userPrincipalName. Unfortunately, i
couldtnt make it work until now. I ve got a .Net programm that access the
active directory through the third party dll "Interop.ActiveDs.dll"
(namespace ActiveDs). The code to create the user with using the
samAccountName looks like this:
DirectoryEntry newUser = mDirectoryEntry.Children.Add("CN=" + pLoginName,
"user");
newUser.Properties["samAccountName"].Value = pLoginName;
newUser.CommitChanges();
//get native object of the new user and add user to group
IADsUser nativeNewUser = (IADsUser)newUser.NativeObject;
for (int i = 0; i < pGroups.Length; i++) {
DirectoryEntry group = mDirectoryEntry.Children.Find(pGroups, "group");
group.Properties["member"].Add(newUser.Properties["distinguishedName"].Value);
group.CommitChanges(); // In order to work in AD: Group Properties->Managed
By -> "Manager can update membership list : must be set
}
//set properties for the new user
nativeNewUser.SetPassword(pPassword);
nativeNewUser.AccountDisabled = false;
nativeNewUser.Put("userPrincipalName", pLoginName);
int currSettings = (int)nativeNewUser.Get("userAccountControl");
currSettings |= UF_PASSWD_CANT_CHANGE;
currSettings |= UF_DONT_EXPIRE_PASSWD;
nativeNewUser.Put("userAccountControl", currSettings);
newUser.CommitChanges();
Now what do i have to change to make it run with the principelUsername. Ive
tried several variations like assigning the principelUsername the same way
as the samAccountName in the example above, or assigning only with put. Can
anybody help me with this. I would be very grateful. Thanks in advance
Daniel
PS: to verify whether creation of a user has been successfull i use the
following code:
private bool CheckPassword(string pLoginName, string pPassword) {
try {
DirectoryEntry usr = new DirectoryEntry(mProviderUrl, pLoginName, pPassword,
AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);
DirectorySearcher se = new DirectorySearcher(usr);
try {
SearchResult result = se.FindOne();
return true;
} catch(Exception ee) {
return false;
}
} catch(Exception exc) {
throw new Exception("Error while checking password for user " + pLoginName,
exc);
}
}
In our project we have been using the samAccount name to authenticate users
against the active directory. As the samAccountName is limited to 20
characters, we are going to use the userPrincipalName. Unfortunately, i
couldtnt make it work until now. I ve got a .Net programm that access the
active directory through the third party dll "Interop.ActiveDs.dll"
(namespace ActiveDs). The code to create the user with using the
samAccountName looks like this:
DirectoryEntry newUser = mDirectoryEntry.Children.Add("CN=" + pLoginName,
"user");
newUser.Properties["samAccountName"].Value = pLoginName;
newUser.CommitChanges();
//get native object of the new user and add user to group
IADsUser nativeNewUser = (IADsUser)newUser.NativeObject;
for (int i = 0; i < pGroups.Length; i++) {
DirectoryEntry group = mDirectoryEntry.Children.Find(pGroups, "group");
group.Properties["member"].Add(newUser.Properties["distinguishedName"].Value);
group.CommitChanges(); // In order to work in AD: Group Properties->Managed
By -> "Manager can update membership list : must be set
}
//set properties for the new user
nativeNewUser.SetPassword(pPassword);
nativeNewUser.AccountDisabled = false;
nativeNewUser.Put("userPrincipalName", pLoginName);
int currSettings = (int)nativeNewUser.Get("userAccountControl");
currSettings |= UF_PASSWD_CANT_CHANGE;
currSettings |= UF_DONT_EXPIRE_PASSWD;
nativeNewUser.Put("userAccountControl", currSettings);
newUser.CommitChanges();
Now what do i have to change to make it run with the principelUsername. Ive
tried several variations like assigning the principelUsername the same way
as the samAccountName in the example above, or assigning only with put. Can
anybody help me with this. I would be very grateful. Thanks in advance
Daniel
PS: to verify whether creation of a user has been successfull i use the
following code:
private bool CheckPassword(string pLoginName, string pPassword) {
try {
DirectoryEntry usr = new DirectoryEntry(mProviderUrl, pLoginName, pPassword,
AuthenticationTypes.Secure | AuthenticationTypes.ServerBind);
DirectorySearcher se = new DirectorySearcher(usr);
try {
SearchResult result = se.FindOne();
return true;
} catch(Exception ee) {
return false;
}
} catch(Exception exc) {
throw new Exception("Error while checking password for user " + pLoginName,
exc);
}
}