Hello Experts! I'm creating AD accounts via a C# app. If a new account has identical first, middle and last name of an already existing account, it is not getting created. What is the solution to this problem? What exception I need to catch to override this
behavior?
Hello Experts! I'm creating AD accounts via a C# app. If a new account has identical first, middle and last name of an already existing account, it is not getting created. What is the solution to this problem? What exception I need to catch to override this
behavior?
Accounts can have the same information in just about any field except the samaccountname. What you may want to do is setup a function that checks for the existance of the samaccountname in the directory before the account gets created and if it does, return
to the page and allow the name to be changed. This is where you will see names listed as john.smith, john.smith1, john.smith23.
What I did on mine was add this bit of code on the server side but I also created an AJAX call in the input field for the account name. So if the name existed a popup would alert you.
Thanks guys, sorry didnt mention this: the app is a process instead of a web app. It works off of a CSV on a schedule.
The Exception I need to catch is DirectoryServices.AccountManagement.PrincipalExistsException (smirnov, catch Exception can be counter productive or less informational).
After catching it, what do I need to do. I don't think
gww
Accounts can have the same information in just about any field except the samaccountname.
If it would I wouldnt have this issue. The samaccountname in my case are different for the identical names.
I guess I will have to trial and error here on displayName, givenName, mi, sn attributes unless anyone has a better suggestion.
Thanks guys, sorry didnt mention this: the app is a process instead of a web app. It works off of a CSV on a schedule.
The Exception I need to catch is DirectoryServices.AccountManagement.PrincipalExistsException (smirnov, catch Exception can be counter productive or less informational).
After catching it, what do I need to do. I don't think
gww
Accounts can have the same information in just about any field except the samaccountname.
If it would I wouldnt have this issue. The samaccountname in my case are different for the identical names.
I guess I will have to trial and error here on displayName, givenName, mi, sn attributes unless anyone has a better suggestion.
If you have access to ADUC trying making the account and see if it throws an error. If it does then its something set in AD that is preventing the account from being created. If that is the case you would not be able to counter the exception. Next I would
suggest checking the password. It could not conform the the requirements set in the directory.
It shouldnt matter but you may try changing the CN and see if it lets you create the account. AD should allow the same CN since it would have different SIDs as long as the login names are different. Last, try creating accounts with the bare minimum needed
to create it and add properties until it fails. The minimum properties should be "CN" when adding the account to AD and then setting "givenname", "sn", "samaccountname", and "userprincipalname" and then setting the password.
smirnov, i read that post. thats good information. but i did not notice our existing user being deleted when a new object is created and Save() is called (identical names for both users).
also, that post is from 2008, maybe the bug is fixed?
greatbear
Member
160 Points
189 Posts
Identical First, Middle and Last Name in Active Directory
Feb 20, 2012 03:56 PM|LINK
Hello Experts! I'm creating AD accounts via a C# app. If a new account has identical first, middle and last name of an already existing account, it is not getting created. What is the solution to this problem? What exception I need to catch to override this behavior?
smirnov
All-Star
23670 Points
4051 Posts
Re: Identical First, Middle and Last Name in Active Directory
Feb 21, 2012 05:54 PM|LINK
Is the login name the same too? In general, you can check it as
if (!DirectoryEntry.Exists("LDAP://" + path)) { try { DirectoryEntry entry = new DirectoryEntry("LDAP://" + path); ... u.CommitChanges(); } catch (Exception e) { Console.WriteLine(e.Message.ToString()); } } else { Console.WriteLine(path + " already exists"); }or you can check it by getting back Guid of the user
and if it's null then there is no user created.
Hope this helps.
gww
Contributor
2143 Points
458 Posts
Re: Identical First, Middle and Last Name in Active Directory
Feb 21, 2012 09:27 PM|LINK
Accounts can have the same information in just about any field except the samaccountname. What you may want to do is setup a function that checks for the existance of the samaccountname in the directory before the account gets created and if it does, return to the page and allow the name to be changed. This is where you will see names listed as john.smith, john.smith1, john.smith23.
What I did on mine was add this bit of code on the server side but I also created an AJAX call in the input field for the account name. So if the name existed a popup would alert you.
greatbear
Member
160 Points
189 Posts
Re: Identical First, Middle and Last Name in Active Directory
Feb 22, 2012 03:40 PM|LINK
Thanks guys, sorry didnt mention this: the app is a process instead of a web app. It works off of a CSV on a schedule.
The Exception I need to catch is DirectoryServices.AccountManagement.PrincipalExistsException (smirnov, catch Exception can be counter productive or less informational).
After catching it, what do I need to do. I don't think
If it would I wouldnt have this issue. The samaccountname in my case are different for the identical names.I guess I will have to trial and error here on displayName, givenName, mi, sn attributes unless anyone has a better suggestion.
smirnov
All-Star
23670 Points
4051 Posts
Re: Identical First, Middle and Last Name in Active Directory
Feb 22, 2012 04:07 PM|LINK
Regarding PrincipalExistsException - check this post.
The best way is to search for an object with given attributes and raise an error when found.
gww
Contributor
2143 Points
458 Posts
Re: Identical First, Middle and Last Name in Active Directory
Feb 22, 2012 09:32 PM|LINK
If you have access to ADUC trying making the account and see if it throws an error. If it does then its something set in AD that is preventing the account from being created. If that is the case you would not be able to counter the exception. Next I would suggest checking the password. It could not conform the the requirements set in the directory.
It shouldnt matter but you may try changing the CN and see if it lets you create the account. AD should allow the same CN since it would have different SIDs as long as the login names are different. Last, try creating accounts with the bare minimum needed to create it and add properties until it fails. The minimum properties should be "CN" when adding the account to AD and then setting "givenname", "sn", "samaccountname", and "userprincipalname" and then setting the password.
greatbear
Member
160 Points
189 Posts
Re: Identical First, Middle and Last Name in Active Directory
Feb 23, 2012 05:45 PM|LINK
smirnov, i read that post. thats good information. but i did not notice our existing user being deleted when a new object is created and Save() is called (identical names for both users).
also, that post is from 2008, maybe the bug is fixed?
greatbear
Member
160 Points
189 Posts
Re: Identical First, Middle and Last Name in Active Directory
Feb 23, 2012 05:48 PM|LINK
gww, thats true, we have started inserting unique CN, which allows same FN MI LN for different samaccountnames. good stuff!
by the way, since we were using UserPrincipal object instead of DirectoryEntry, we had to use Extension methods.
[DirectoryObjectClass("user")] [DirectoryRdnPrefix("CN")]//Relative Distinguished Name prefix public class UserPrincipalEx : UserPrincipal { public UserPrincipalEx(PrincipalContext context) : base(context) { } public UserPrincipalEx(PrincipalContext context, string samAccountName, string password, bool enabled) : base(context, samAccountName, password, enabled) { } [DirectoryProperty("cn")] public string cn { get { if (ExtensionGet("cn").Length != 1) return null; return (string)ExtensionGet("cn")[0]; } set { this.ExtensionSet("cn", value); } } }So basically now we are using UserPrincipalEx instead of UserPrincipal. This post is worth a read also: http://www.rlmueller.net/Name_Attributes.htm
smirnov
All-Star
23670 Points
4051 Posts
Re: Identical First, Middle and Last Name in Active Directory
Feb 24, 2012 02:21 AM|LINK
Can't test it myself. The comments say that was not fixed in 2010-2011.