Creating Users

  • Article

The following example shows how to create a user in an organizational unit. By default, this account will be disabled. For more information, see the Enabling and Disabling the User Account topic.

DirectoryEntry ent = new DirectoryEntry();
DirectoryEntry ou = ent.Children.Find("OU=Consulting");

// Use the Add method to add a user to an organizational unit.
DirectoryEntry usr = ou.Children.Add("CN=New User","user");
// Set the samAccountName, then commit changes to the directory.
usr.Properties["samAccountName"].Value = "newuser"; 
usr.CommitChanges();

The task can also be accomplished in Visual Basic:

imports Microsoft.VisualBasic

imports System

imports System.Collections

imports System.DirectoryServices

public module MyModule

sub Main

Test()

end sub

sub Test()

try

Dim AD as new

DirectoryEntry("LDAP://Nami/CN=Users,DC=DeploymentCentric,DC=com")

AD.AuthenticationType = AuthenticationTypes.Secure

'AD.Username = "NetBiosName\UserName"

'AD.Password = "password"

Dim newUser as DirectoryEntry =

AD.Children.Add("cn=HOBOJOE", "user")

newUser.Properties("sAMAccountName").Value = "HOBOJOE"

newUser.Invoke("Put", new object() {"Description", "Test User from .NET"})

newUser.CommitChanges()

newUser.Invoke("SetPassword", new object() {"#1A" +

"password"})

Dim val as ADS_USER_FLAG_ENUM =

DirectCast(newUser.Properties("userAccountControl").Value,

ADS_USER_FLAG_ENUM)

val = val And (Not

ADS_USER_FLAG_ENUM.ADS_UF_ACCOUNTDISABLE) Or ADS_USER_FLAG_ENUM.ADS_UF_DONT_EXPIRE_PASSWD

newUser.Properties("userAccountControl").Value = val

newUser.CommitChanges()

catch ex as Exception

Console.WriteLine(ex)

finally

Console.ReadLine()

end try

end sub

<FlagsAttribute()> _

public enum ADS_GROUP_TYPE_ENUM

ADS_GROUP_TYPE_GLOBAL_GROUP = &H2

ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP = &H4

ADS_GROUP_TYPE_LOCAL_GROUP = &H4

ADS_GROUP_TYPE_UNIVERSAL_GROUP = &H8

ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

end enum

<FlagsAttribute()> _

public enum ADS_USER_FLAG_ENUM

ADS_UF_SCRIPT = &H0001

ADS_UF_ACCOUNTDISABLE = &H0002

ADS_UF_HOMEDIR_REQUIRED = &H0008

ADS_UF_LOCKOUT = &H0010

ADS_UF_PASSWD_NOTREQD = &H0020

ADS_UF_PASSWD_CANT_CHANGE = &H0040

ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED = &H0080

ADS_UF_TEMP_DUPLICATE_ACCOUNT = &H0100

ADS_UF_NORMAL_ACCOUNT = &H0200

ADS_UF_INTERDOMAIN_TRUST_ACCOUNT = &H0800

ADS_UF_WORKSTATION_TRUST_ACCOUNT = &H1000

ADS_UF_SERVER_TRUST_ACCOUNT = &H2000

ADS_UF_DONT_EXPIRE_PASSWD = &H10000

ADS_UF_MNS_LOGON_ACCOUNT = &H20000

ADS_UF_SMARTCARD_REQUIRED = &H40000

ADS_UF_TRUSTED_FOR_DELEGATION = &H80000

ADS_UF_NOT_DELEGATED = &H100000

ADS_UF_USE_DES_KEY_ONLY = &H200000

ADS_UF_DONT_REQUIRE_PREAUTH = &H400000

ADS_UF_PASSWORD_EXPIRED = &H800000

ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = &H1000000

end enum

end module

In this example, the samAccountName attribute is set. For more information about this attribute, see the topic "samAccountName" in the MSDN Library at https://go.microsoft.com/fwlink/?LinkID=27252.

The samAccountName attribute creates a unique samAccountName, such as $CP2000-O16B1V0UKHK7. This attribute is required on the user account when the domain controller is running on Windows NT Server 4.0. In Windows Server 2003, the samAccountName attribute is optional.

See Also

Reference

System.DirectoryServices

Concepts

User Management

Send comments about this topic to Microsoft.

Copyright © 2007 by Microsoft Corporation. All rights reserved.