DirectoryServices name space

  • Thread starter Thread starter Wayne Taylor
  • Start date Start date
W

Wayne Taylor

Hello all

I'm trying to write a liitle application to add users to AD, when I'm trying
to add a user and a group (example code from the SDK)..... I get the
following error:

A constraint violation occurred.

I think it may be something to do with access writes, I'm not sure... I'm
logged in as system admin on my lab network.... I'm off to try and sort this
out as I need to have a working app by Monday!

No pressure.... :-)

Thanks in advance, Wayne.
 
Hello all,

I'm getting there.... I now have my user object created and I can set most
of the properties that I want to... the problem now is when I'm creating my
user object the user account is disabled by default. I have been looking at
C# examples form the MSDN site... I've never written anything in flavour of
C so it's difficult for me to read code and understand what it's doing...
this is the example code:

[C#]
DirectoryEntry usr =
new DirectoryEntry("LDAP://CN=New User,CN=users,DC=fabrikam,DC=com");
int val = (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val & ~ADS_UF_ACCOUNTDISABLE;
usr.CommitChanges();The following code example shows how to disable a user
account.

[C#]
DirectoryEntry usr =
new DirectoryEntry("LDAP://CN=Old User,CN=users,DC=fabrikam,DC=com");
int val = (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val | ADS_UF_ACCOUNTDISABLE;
usr.CommitChanges();Can anyone convert this into VB.NET code, please.Thanks
in advance, Wayne..Microsoft ...... why don't you produce all examples in
both languages? You seem to for most not all, I don't understand... I see
this as a sign the VB will in time loose out.
 
I'm getting there.... I now have my user object created and I can set most
of the properties that I want to... the problem now is when I'm creating my
user object the user account is disabled by default. I have been looking at
C# examples form the MSDN site...

[C#]
DirectoryEntry usr =
new DirectoryEntry("LDAP://CN=New User,CN=users,DC=fabrikam,DC=com");
int val = (int) usr.Properties["userAccountControl"].Value;
usr.Properties["userAccountControl"].Value = val & ~ADS_UF_ACCOUNTDISABLE;
usr.CommitChanges();The following code example shows how to disable a user
account.

First off - I don't think your users would be created at all - you
have to set at least the "sAMAccountName" property - it's mandatory.
Also, make sure to *not* specify the cn= prefix (as in the user name),
and make sure the SAM Account name is unique in the domain you're
creating the user in.

To create a user, bind to the container it's supposed to be created
in, and then add an entry to the container's "CHildren" property:

DirectoryEntry deContainer = new
DirectoryEntry("LDAP://CN=users,DC=fabrikam,DC=com");

DirectoryEntry deUser = deContainer.Children.Add("cn=New User",
"user");

deUser.Properties["sAMAccountName"].Value = "New_User";

Secondly, you're on the right track to enable the user - I think you
could write something like this (since you're newly creating a user,
you don't really need to read the previously set value of the property
- just set it!):

deUser.Properties["userAccountControl"].Value = UF_NORMAL_ACCOUNT;

And then lastly, commit the changes:

deUser.CommitChanges();

Now you should have a newly created user, with an enabled account.
Does it work??

Marc
================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch
 
Back
Top