Monday, 9 January 2012

Creating User in Active Directory using C# code (CRM 2011)


public void Create_AD_User(string username, string password, string firstname, string lastname, string emailid, string contactnumber, ITracingService tracingService)
        {
            tracingService.Trace("Inside Create_AD_User");
            try
            {
                //  Step 1: Create a Directory Entry Object, starting at point in the AD Structure that we would like
                //          to add the user to.  This will come from the path that we selected from the Show AD Structure Tab
                //          and DataGrid.
                DirectoryEntry currentADObject = new DirectoryEntry(adrootpath);

                //  Step 2: Make sure that the AD Object that we are adding to is a container.  Meaning that it can
                //          hold other AD Objects (e.g., users, groups, etc.)
                if (currentADObject.SchemaEntry.Name == "container")
                {
                    //  Step 3: Create a User Object of type User, to be added to the Children colllllection of the
                    //          current AD Object that we created in Step 1
                    DirectoryEntry newUserObject = currentADObject.Children.Add("CN=" + username, "User");

                    //  Step 4: Check to see if the user already exists, and if so, we will overwrite it for Demo simplicity.
                    //          In the real world, you could prompt the user to overwrite or not and code accordingly.
                    if (DirectoryEntry.Exists(newUserObject.Path))
                    {
                        // Step 4a: Remove the user object first
                        currentADObject.Children.Remove(new DirectoryEntry(newUserObject.Path));
                    }

                    //  Step 5: Add the user optional and required properties (sAMAccountName is ALWAYS REQUIRED!!)
                    newUserObject.Properties["sAMAccountName"].Add(username);
                    newUserObject.Properties["givenName"].Add(firstname); //Dont change the givenName and sn, they are the actual active directory properties
                    newUserObject.Properties["sn"].Add(lastname);
                    newUserObject.Properties["mobile"].Add(contactnumber);
                    newUserObject.Properties["mail"].Add(emailid);
                   
            
                    //  Step 6: Commit the changes to the AD data store
                    newUserObject.CommitChanges();

                    //  Step 7: Set the password for the new account, which can only be done AFTER the account exists!
                    //          We are using the "Invoke" method on the newUserObject, which uses Native AD Object under the hood to set
                    //          the password.  I've only seen this done, using the Invoke method, which is why I've used it here
                    newUserObject.Invoke("setPassword", password);

                    //  Step 8: Enable the user, if the user wants to, by setting the userAccountControl property
                    //          to the magical value of 0x0200.  The disable-user value is 0x0002
                    newUserObject.Properties["userAccountControl"].Value = 0x0200;
                    newUserObject.CommitChanges();

                    string ad_successvar = "User: " + username + " successfully created in AD!";
                    tracingService.Trace(ad_successvar);
                    
                }
                else
                {
                    string ad_unsuccessvar = "You must select an AD Object that is a container, user creation in AD Failed";
                    tracingService.Trace(ad_unsuccessvar);
                }
            }

            catch (Exception ex)
            {
                string ad_exception = ex.Message + " some exception in creating the user in AD";
                tracingService.Trace(ad_exception);
            }

        }

This code  available  in MSDN Library .

No comments:

Post a Comment