I'm trying to add an user to my AD using this method:
Friend Shared Function UserCreate(firstName As String, lastName As String, userLogonName As String, emailAddress As String, telephone As String) As Boolean
' Creating the PrincipalContext
Dim principalContext As PrincipalContext = Nothing
Try
' Nothing := If the name is null for a Domain context type this context is a domain controller for the domain of the user principal under which the thread is running.
principalContext = New PrincipalContext(ContextType.Domain, "CONTOSO", "OU=Users,OU=Swiss,DC=contoso,DC=com")
Catch e As Exception
Debug.WriteLine("Failed to create PrincipalContext. Exception: " + e.Message.ToString)
End Try
' Check if user object already exists in the store
Dim usr As UserPrincipal = UserPrincipal.FindByIdentity(principalContext, userLogonName)
If usr IsNot Nothing Then
Debug.WriteLine(userLogonName + " already exists. Please use a different User Logon Name.")
Return False
End If
' Create the new UserPrincipal object
Dim userPrincipal__1 As New UserPrincipal(principalContext)
If lastName IsNot Nothing AndAlso lastName.Length > 0 Then
userPrincipal__1.Surname = lastName
End If
If firstName IsNot Nothing AndAlso firstName.Length > 0 Then
userPrincipal__1.GivenName = firstName
End If
If lastName IsNot Nothing AndAlso firstName IsNot Nothing Then
userPrincipal__1.DisplayName = lastName + " " + firstName
End If
If emailAddress IsNot Nothing AndAlso emailAddress.Length > 0 Then
userPrincipal__1.EmailAddress = emailAddress
End If
If telephone IsNot Nothing AndAlso telephone.Length > 0 Then
userPrincipal__1.VoiceTelephoneNumber = telephone
End If
If userLogonName IsNot Nothing AndAlso userLogonName.Length > 0 Then
userPrincipal__1.SamAccountName = userLogonName
End If
Dim pwdOfNewlyCreatedUser As String = "abcde@@12345!~"
userPrincipal__1.SetPassword(pwdOfNewlyCreatedUser)
userPrincipal__1.Enabled = True
userPrincipal__1.PasswordNeverExpires = True
Try
userPrincipal__1.Save()
Catch e As Exception
Debug.WriteLine("Exception creating user object." + e.Message.ToString)
Return False
End Try
Return True
End Function
1. Now when I call the UserCreate method it will return True, the user seems to be created properly.
2. But after, when I look for the user at AD I won't be able to find the newly created user.
3. Then, when I call the UserCreate method again it will throw me an error stating that the user already exists.
So where are my users created to? I couldn't find it neither searching the 'AD Users and Computers' nor using the Powershell Cmdlet Get-ADUser :(
If you did run that on web server then your domain controller for the web server is SERVER000.contoso.com. So, to check if user is really created you need to connect to SERVER000.contoso.com. In the tool which you used to check users (was it adsiedit?) try
to specify SERVER000.contoso.com instead of contoso.com and see if it makes any difference.
Yes, I run it on the web server. SERVER000.contoso.com is my (only) domain controller and the os is ws 2012 datacenter. I connected to SERVER000.contoso.com at
adsieditbut was still unable to find the created user. I also used
Active Directory Users and Computersbut I couldn't find the user, neither.
You could try maybe to enumerate users from the code
Dim AD As New PrincipalContext(ContextType.Domain, "CONTOSO", "OU=Users,OU=Swiss,DC=contoso,DC=com")
Dim u As New UserPrincipal(AD)
Dim search As New PrincipalSearcher(u)
Dim result As UserPrincipal
For Each result In search.FindAll()
Response.Write(result.DisplayName)
Next
Wow now that's really interesting! When I run your code I get the user I created and was not able to see at the Adsiedit but also those which were created via GUI and displayed at the Adsiedit as well! The users created with UserPrincipal.Save are somehow
different, but how?
It might be that there is some attribute missing that blocks user from being displayed in adsiedit. If you are still interesting in testing, try to enumerate all attributes from user who was created manually with the one from the code and see if there is
any difference. Another way is to get maybe something like LDAP Browser (http://www.ldapadministrator.com/download.htm) and see if it a) shows the user b) if there is any difference in attributes
I dloaded & installed the LDAP Administrator Software, searched the
OU=Users,OU=Swiss,DC=contoso,DC=comContext but the user created via code didn't show up.
I also compared the other properties of the users and figured out that UserPrincipalName was missing at the user I created, so I added another user including the UPN, but it still didn't show up at the gui. :(
I tried this as well, but it didn't help. But I can assure you that it's the correct domain controller, I also changed some user attributes in the ADUC (Active Directory Users and Computers (GUI)) and was able to display the changed attributes via Code.
Did you try to use directory.services (you sent some link above)?
If not, try to use it and see if it does any difference
Sample code:
Imports System.DirectoryServices
...
Dim url As String = "LDAP://CONTOSO:389/OU=Users,OU=Swiss,DC=contoso,DC=com"
Dim objContainer As DirectoryEntry = New DirectoryEntry(url, vbNullString, vbNullString, AuthenticationTypes.Secure)
'Dim objContainer As New DirectoryEntry(url, "administrator", "root", AuthenticationTypes.Secure)
Dim newUser As DirectoryEntry = objContainer.Children.Add("CN=" & userLogonName, "user")
newUser.Properties("samAccountName").Value = userLogonName
..
newUser.CommitChanges()
newUser.Invoke("SetPassword", New Object() {pwdOfNewlyCreatedUser})
newUser.CommitChanges()
If connection string will not work, check how it looks in LDAP Admin tool.
If this also creates invisible users, try to restart the server.
Member
14 Points
92 Posts
PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 04, 2013 04:29 AM|ronin47|LINK
Hi everybody
I'm trying to add an user to my AD using this method:
1. Now when I call the UserCreate method it will return True, the user seems to be created properly.
2. But after, when I look for the user at AD I won't be able to find the newly created user.
3. Then, when I call the UserCreate method again it will throw me an error stating that the user already exists.
So where are my users created to? I couldn't find it neither searching the 'AD Users and Computers' nor using the Powershell Cmdlet Get-ADUser :(
Thanks
All-Star
35149 Points
9075 Posts
Re: PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 04, 2013 04:40 AM|smirnov|LINK
The user is created on DC your box is talking to. It might be that it will take time to sync all DCs accross the network.
You can check name of DC using command prompt
set (or set l)
or
nltest /dsgetdc:<domainname>
http://clintboessen.blogspot.de/2010/05/how-to-find-out-which-domain-controller.html
http://social.technet.microsoft.com/Forums/windowsserver/en-US/14af04e4-a914-4801-a2a5-93708ccad50b/finding-a-domain-controller
and then specifically check users on this DC
Or forse replication of your domain.
Member
14 Points
92 Posts
Re: PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 04, 2013 05:17 AM|ronin47|LINK
Hi smirnov
Thanks for your answer.
I run SET and retrieved:
USERDNSDOMAIN=CONTOSO.COM
USERDOMAIN=CONTOSO
USERNAME=administrator
running NLTEST /dsgetdc:contoso.com returns:
DC: \\SERVER000.contoso.com
Address: \\192.168.5.200
Dom Guid: <my GuId>
Dom Name: contoso.com
Forest Name: contoso.com
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS 0x4000
Seems all correct, right?! (I want to create the new user in the contoso.com AD)
What else could be wrong?
All-Star
35149 Points
9075 Posts
Re: PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 04, 2013 05:33 AM|smirnov|LINK
If you did run that on web server then your domain controller for the web server is SERVER000.contoso.com. So, to check if user is really created you need to connect to SERVER000.contoso.com. In the tool which you used to check users (was it adsiedit?) try to specify SERVER000.contoso.com instead of contoso.com and see if it makes any difference.
Member
14 Points
92 Posts
Re: PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 04, 2013 05:43 AM|ronin47|LINK
Yes, I run it on the web server. SERVER000.contoso.com is my (only) domain controller and the os is ws 2012 datacenter. I connected to SERVER000.contoso.com at adsiedit but was still unable to find the created user. I also used Active Directory Users and Computers but I couldn't find the user, neither.
I figured out another way to create an ad user using the DirectoryEntries.Add method (see: http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentries.add.aspx)
Can you spot the difference? I'm going to try to implement it, maybe it will work
All-Star
35149 Points
9075 Posts
Re: PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 04, 2013 06:12 AM|smirnov|LINK
Well, I'm not sure what is the problem.
You could try maybe to enumerate users from the code
Member
14 Points
92 Posts
Re: PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 04, 2013 06:26 AM|ronin47|LINK
Wow now that's really interesting! When I run your code I get the user I created and was not able to see at the Adsiedit but also those which were created via GUI and displayed at the Adsiedit as well! The users created with UserPrincipal.Save are somehow different, but how?
All-Star
35149 Points
9075 Posts
Re: PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 04, 2013 06:35 AM|smirnov|LINK
It might be that there is some attribute missing that blocks user from being displayed in adsiedit. If you are still interesting in testing, try to enumerate all attributes from user who was created manually with the one from the code and see if there is any difference. Another way is to get maybe something like LDAP Browser (http://www.ldapadministrator.com/download.htm) and see if it a) shows the user b) if there is any difference in attributes
Member
14 Points
92 Posts
Re: PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 04, 2013 07:18 AM|ronin47|LINK
I dloaded & installed the LDAP Administrator Software, searched the OU=Users,OU=Swiss,DC=contoso,DC=com Context but the user created via code didn't show up.
I also compared the other properties of the users and figured out that UserPrincipalName was missing at the user I created, so I added another user including the UPN, but it still didn't show up at the gui. :(
All-Star
35149 Points
9075 Posts
Re: PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 04, 2013 09:44 AM|smirnov|LINK
Alls seems to be right, but maybe you can try to change the name of the domain in the following constructor.
In the ouput from nltest you have "contoso.com", not "contoso"
So, maybe you need to have
principalContext = New PrincipalContext(ContextType.Domain, "contoso.com", "OU=Users,OU=Swiss,DC=contoso,DC=com")
Member
14 Points
92 Posts
Re: PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 05, 2013 02:38 AM|ronin47|LINK
I tried this as well, but it didn't help. But I can assure you that it's the correct domain controller, I also changed some user attributes in the ADUC (Active Directory Users and Computers (GUI)) and was able to display the changed attributes via Code.
All-Star
35149 Points
9075 Posts
Re: PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 05, 2013 02:48 AM|smirnov|LINK
It will not help, but what happens if you update existing user via code? Will you see changes via GUI?
Member
14 Points
92 Posts
Re: PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 05, 2013 05:09 AM|ronin47|LINK
I was able to change attributes via the UserPrincipal.Save() Method, the modified values were also displayed via GUI
All-Star
35149 Points
9075 Posts
Re: PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 05, 2013 07:34 AM|smirnov|LINK
I'm running out of ideas.
Did you try to use directory.services (you sent some link above)?
If not, try to use it and see if it does any difference
Sample code:
If connection string will not work, check how it looks in LDAP Admin tool.
If this also creates invisible users, try to restart the server.
Member
14 Points
92 Posts
Re: PrincipalContext & UserPrincipal.Save: can't find created user!
Dec 05, 2013 08:12 AM|ronin47|LINK
You, Sir, deserve a Medal!
It works! Thanks a lot for helping me out! I really appreciate that. :)