i'm using code below create new active directory user. account created successfully, when try login domain message "make sure entered password work or school account". made sure password entered correctly , account enabled , unlocked in active directory.
directoryentry entry = new directoryentry(createldappath); try { directoryentry newuser = entry.children.add("cn = " + username, "user"); newuser.properties["targetaddress"].value = "smtp:" + username + "@mydomain.onmicrosoft.com"; newuser.properties["extensionattribute15"].value = "edu"; newuser.properties["proxyaddresses"].add("smtp:" + username + "@mydomain1.edu"); newuser.properties["proxyaddresses"].add("smtp:" + username + "@mydomain.onmicrosoft.com"); newuser.properties["proxyaddresses"].add("smtp:" + username + "@mydomain2.mail.onmicrosoft.com"); newuser.properties["givenname"].value = fname; newuser.properties["sn"].value = lname; newuser.properties["displayname"].value = fname + " " + lname; newuser.properties["mail"].value = fname.tolower() + "." + lname.tolower() + "@mydomain.edu"; newuser.properties["samaccountname"].value = fname.tolower() + "." + lname.tolower(); newuser.properties["userprincipalname"].insert(0, fname.tolower() + "." + lname.tolower() + "@mydomain.edu"); newuser.commitchanges(); newuser.invoke("setpassword", new object[] { "mystrongpassword" }); newuser.commitchanges(); newuser.close(); string strusername = username; directoryentry usr = entry; directorysearcher searcher = new directorysearcher(usr); searcher.filter = "(samaccountname=" + strusername + ")"; searcher.cacheresults = false; searchresult result = searcher.findone(); usr = result.getdirectoryentry(); usr.properties["lockouttime"].value = 0; int old_uac = (int)usr.properties["useraccountcontrol"][0]; // ad user account disable flag int ads_uf_accountdisable = 2; // enable ad user account, need clear disable bit/flag: usr.properties["useraccountcontrol"][0] = (old_uac & ~ads_uf_accountdisable); usr.commitchanges(); usr.close(); entry.close(); } catch (exception ex) {}
i can login when open "active directory users , computers" , navigate newly created account--> right click--> reset password. enter password again , check on "unlock user". way when try login again works fine.
what possibly missing or mistaken in in code?
you shouldn't need close 'newuser' object , rebind. here code running in our production environment:
//create user newuser.commitchanges(); newuser.invoke("setpassword", password); newuser.properties["useraccountcontrol"].value = 512; newuser.commitchanges(); newuser.close();
it's possible "(old_uac & ~ads_uf_accountdisable)" doesn't turn out 512 (ads_uf_normal_account).
Comments
Post a Comment