c# - Setting Active Directory user account for first time -


i'm using code below create new active directory user. account created successfully, when try login domain message "make sure entered password work or school account". made sure password entered correctly , account enabled , unlocked in active directory.

        directoryentry entry = new directoryentry(createldappath);         try         {              directoryentry newuser = entry.children.add("cn = " + username, "user");             newuser.properties["targetaddress"].value = "smtp:" + username + "@mydomain.onmicrosoft.com";             newuser.properties["extensionattribute15"].value = "edu";             newuser.properties["proxyaddresses"].add("smtp:" + username + "@mydomain1.edu");             newuser.properties["proxyaddresses"].add("smtp:" + username + "@mydomain.onmicrosoft.com");             newuser.properties["proxyaddresses"].add("smtp:" + username + "@mydomain2.mail.onmicrosoft.com");             newuser.properties["givenname"].value = fname;             newuser.properties["sn"].value = lname;             newuser.properties["displayname"].value = fname + " " + lname;             newuser.properties["mail"].value = fname.tolower() + "." + lname.tolower() + "@mydomain.edu";             newuser.properties["samaccountname"].value = fname.tolower() + "." + lname.tolower();             newuser.properties["userprincipalname"].insert(0, fname.tolower() + "." + lname.tolower() + "@mydomain.edu");              newuser.commitchanges();              newuser.invoke("setpassword", new object[] { "mystrongpassword" });             newuser.commitchanges();              newuser.close();              string strusername = username;             directoryentry usr = entry;             directorysearcher searcher = new directorysearcher(usr);             searcher.filter = "(samaccountname=" + strusername + ")";             searcher.cacheresults = false;             searchresult result = searcher.findone();             usr = result.getdirectoryentry();             usr.properties["lockouttime"].value = 0;              int old_uac = (int)usr.properties["useraccountcontrol"][0];              // ad user account disable flag             int ads_uf_accountdisable = 2;              // enable ad user account, need clear disable bit/flag:             usr.properties["useraccountcontrol"][0] = (old_uac & ~ads_uf_accountdisable);             usr.commitchanges();              usr.close();             entry.close();           }         catch (exception ex) {} 

i can login when open "active directory users , computers" , navigate newly created account--> right click--> reset password. enter password again , check on "unlock user". way when try login again works fine.

what possibly missing or mistaken in in code?

you shouldn't need close 'newuser' object , rebind. here code running in our production environment:

//create user newuser.commitchanges();  newuser.invoke("setpassword", password); newuser.properties["useraccountcontrol"].value = 512; newuser.commitchanges(); newuser.close(); 

it's possible "(old_uac & ~ads_uf_accountdisable)" doesn't turn out 512 (ads_uf_normal_account).


Comments