ADSI : Errors while creating local user and editing properties

styx31 · Mar 25, 2004

I'm trying to create users through ADSI using VB.NET. Using
DirectoryServices. I'm using WINNT://ComputerName

I've found examples to create user and modify their properties, by using
the method InvokeProperty ie. in c#.

But this function doesn't exist in VB.NET, and I was unable to find a
synonym. So, I've tried using other methods, but with no success...

Here is my code :

-------------------------------
' Consider Username is correctly filled with a valid system username

Dim usr As System.DirectoryServices.DirectoryEntry

' Get the user
usr = _DSHelper.ADFind(Username, "user")

' Exploring Properties for debug purposes
' In the properties returned, I can read all and view
' that they meet the account edited
Dim penum As System.Collections.IDictionaryEnumerator =
usr.Properties.GetEnumerator()
While penum.MoveNext()
Console.Write(CStr(penum.Key) & "=")
Dim penumvalue As System.Collections.IEnumerator = CType(penum.Value,
PropertyValueCollection).GetEnumerator()
While (penumvalue.MoveNext())
Console.Write(penumvalue.Current.ToString())
End While
Console.WriteLine("")
End While

' Verify loading of the user
Console.WriteLine(usr.Properties("FullName").Value) ' Returns 'toto'

' Change the Fullname property

' Returns an Undefined COM Exception
usr.Properties("FullName").Value = "titi"

' Not better...
usr.Invoke("put_FullName", New Object() {"titi"})

styx31 · Mar 25, 2004

I've just tried to use the sample from msdn :

http://msdn.microsoft.com/library/d...s/reading_properties_with_multiple_values.asp

but with no success...

I've got an exception at this line :

For Each child In entryPC.Children

COM Exception : Unknown Exception (0x80005000)

I think my problem is most important that I was supposing...

styx31 · Mar 25, 2004

styx31 said:
I've just tried to use the sample from msdn :

http://msdn.microsoft.com/library/d...s/reading_properties_with_multiple_values.asp

but with no success...

I've got an exception at this line :

For Each child In entryPC.Children

COM Exception : Unknown Exception (0x80005000)

I think my problem is most important that I was supposing...

Sorry, the tutorial was here :

http://msdn.microsoft.com/library/d...kthrough__viewing_local_directory_objects.asp

thx

styx31 · Mar 25, 2004

styx31 said:
I'm trying to create users through ADSI using VB.NET. Using
DirectoryServices. I'm using WINNT://ComputerName

I've found examples to create user and modify their properties, by using
the method InvokeProperty ie. in c#.

But this function doesn't exist in VB.NET, and I was unable to find a
synonym. So, I've tried using other methods, but with no success...

Here is my code :

-------------------------------
' Consider Username is correctly filled with a valid system username

Dim usr As System.DirectoryServices.DirectoryEntry

' Get the user
usr = _DSHelper.ADFind(Username, "user")

' Exploring Properties for debug purposes
' In the properties returned, I can read all and view
' that they meet the account edited
Dim penum As System.Collections.IDictionaryEnumerator =
usr.Properties.GetEnumerator()
While penum.MoveNext()
Console.Write(CStr(penum.Key) & "=")
Dim penumvalue As System.Collections.IEnumerator =
CType(penum.Value, PropertyValueCollection).GetEnumerator()
While (penumvalue.MoveNext())
Console.Write(penumvalue.Current.ToString())
End While
Console.WriteLine("")
End While

' Verify loading of the user
Console.WriteLine(usr.Properties("FullName").Value) ' Returns 'toto'

' Change the Fullname property

' Returns an Undefined COM Exception
usr.Properties("FullName").Value = "titi"

' Not better...
usr.Invoke("put_FullName", New Object() {"titi"})
-------------------------------

I was unable to find a way to edit User's properties.

Thanks for your help.

I've finnaly found a way to edit properties...

As properties could be with multiple values, you must use
usr.Properties("FullName").Add("titi") to change the value of the
property...

But it doesn't explain my problem with MSDN sample...

Marc Scheuner [MVP ADSI] · Mar 26, 2004

I'm trying to create users through ADSI using VB.NET. Using

DirectoryServices. I'm using WINNT://ComputerName

I would strongly recommend *NOT* to use the obsolete WinNT: provider -
use the LDAP provider instead, it gives you a lot more power and
control! Also, WinNT doesn't know anything about your LDAP OU hierachy
etc. so you'll end up running into severe limitations sooner or later
- use LDAP and you're all set for the future!

I've found examples to create user and modify their properties, by using
the method InvokeProperty ie. in c#.

Why resort to "InvokeProperty"?? Just set the property values
directly!

This is in C# - should be easy enough to translate into VB.NET:

public DirectoryEntry CreateUser(string aContainer, string aUserName)
{
DirectoryEntry deContainer = new DirectoryEntry(aContainer);

// create new user
DirectoryEntry deNewUser = deContainer.Children.Add("cn=" +
aUserName);

// set mandatory properties like SAM Account Name
deNewUser.Properties["samACcountName"].Value = aUserName;

// write changes back to store
deNewUser.CommitChanges();

// return newly created user object
return deNewUser;
}

If you call this like so:

DirectoryEntry myUser =
CreateUser("LDAP://cn=Users,dc=yourcompany,dc=com", "Joe Sample");

you'll get a new user called "Joe Sample" created inside that
container you pass in.

Once it's created, you can set properties on it (using the LDAP
display names for the properties - *NOT* the property names from the
IADsUser interface !!):

myUser.Properties["givenName"].Value = "Joe";
myUser.Properties["sn"].Value = "Sample";
myUser.CommitChanges();

In order to find the LDAP display names of the properties, you might
want to check out my free, open-source LDAP browser "BeaverTail" -

http://adsi.mvps.org/adsi/CSharp/beavertail.html

It's written 100% in C#, and source and executable are available.

Enjoy!
Marc

================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch

styx31 · Mar 26, 2004

Marc said:
I would strongly recommend *NOT* to use the obsolete WinNT: provider -
use the LDAP provider instead, it gives you a lot more power and
control! Also, WinNT doesn't know anything about your LDAP OU hierachy
etc. so you'll end up running into severe limitations sooner or later
- use LDAP and you're all set for the future!

Is your advice always true if I don't have any domain installed, but jut
a single computer running in a WORKGROUP context ? (it's my case)

(ie. PowerAD and your program could not find any LDAP tree to browse)

Thanks.

Marc Scheuner [MVP ADSI] · Mar 29, 2004

Is your advice always true if I don't have any domain installed, but jut

a single computer running in a WORKGROUP context ? (it's my case)

Well, no, in that case, you don't have AD and thus you don't have
LDAP. This is one of the few cases where you have to use WinNT (since
that's the only one available).

Marc
================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch

ADSI : Errors while creating local user and editing properties

styx31

styx31

styx31

styx31

Marc Scheuner [MVP ADSI]

styx31

Marc Scheuner [MVP ADSI]