public void Create_AD_User(string username, string password, string firstname, string lastname, string emailid, string contactnumber, ITracingService tracingService)
{
tracingService.Trace("Inside Create_AD_User");
try
{
// Step 1: Create a Directory Entry Object, starting at point in the AD Structure that we would like
// to add the user to. This will come from the path that we selected from the Show AD Structure Tab
// and DataGrid.
DirectoryEntry currentADObject = new DirectoryEntry(adrootpath);
// Step 2: Make sure that the AD Object that we are adding to is a container. Meaning that it can
// hold other AD Objects (e.g., users, groups, etc.)
if (currentADObject.SchemaEntry.Name == "container")
{
// Step 3: Create a User Object of type User, to be added to the Children colllllection of the
// current AD Object that we created in Step 1
DirectoryEntry newUserObject = currentADObject.Children.Add("CN=" + username, "User");
// Step 4: Check to see if the user already exists, and if so, we will overwrite it for Demo simplicity.
// In the real world, you could prompt the user to overwrite or not and code accordingly.
if (DirectoryEntry.Exists(newUserObject.Path))
{
// Step 4a: Remove the user object first
currentADObject.Children.Remove(new DirectoryEntry(newUserObject.Path));
}
// Step 5: Add the user optional and required properties (sAMAccountName is ALWAYS REQUIRED!!)
newUserObject.Properties["sAMAccountName"].Add(username);
newUserObject.Properties["givenName"].Add(firstname); //Dont change the givenName and sn, they are the actual active directory properties
newUserObject.Properties["sn"].Add(lastname);
newUserObject.Properties["mobile"].Add(contactnumber);
newUserObject.Properties["mail"].Add(emailid);
// Step 6: Commit the changes to the AD data store
newUserObject.CommitChanges();
// Step 7: Set the password for the new account, which can only be done AFTER the account exists!
// We are using the "Invoke" method on the newUserObject, which uses Native AD Object under the hood to set
// the password. I've only seen this done, using the Invoke method, which is why I've used it here
newUserObject.Invoke("setPassword", password);
// Step 8: Enable the user, if the user wants to, by setting the userAccountControl property
// to the magical value of 0x0200. The disable-user value is 0x0002
newUserObject.Properties["userAccountControl"].Value = 0x0200;
newUserObject.CommitChanges();
string ad_successvar = "User: " + username + " successfully created in AD!";
tracingService.Trace(ad_successvar);
}
else
{
string ad_unsuccessvar = "You must select an AD Object that is a container, user creation in AD Failed";
tracingService.Trace(ad_unsuccessvar);
}
}
catch (Exception ex)
{
string ad_exception = ex.Message + " some exception in creating the user in AD";
tracingService.Trace(ad_exception);
}
}
This code available in MSDN Library .
No comments:
Post a Comment