Re: Add New Users

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Scott Allen (scott_at_nospam.odetocode.com)
Date: 02/21/05 

Date: Mon, 21 Feb 2005 15:25:34 -0500

Hi Tina:

Yes, this is a permissions issue. As a console app the code will send
your credentials to AD server, but when running under ASP.NET the code
executes under the local machine account ASPNET (or NETWORK SERVICE if
you are running asp.net on Win2003).

There are several possible solutions, one of which is to use
impersonation with a username and password in web.config.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpconaspnetimpersonation.asp

You might pick to run under a domain account with as limited
permissions as possible on the AD server. 

--
Scott
http://www.OdeToCode.com/blogs/scott/
On Mon, 21 Feb 2005 13:58:15 -0500, "Tina Smith"
<tb.smith@earthlink.net> wrote:
>This sample code works perfectly in Console App.    It will fail on the
>Children.Add line when running the same code in a Web App.   I'm assuming
>it's a permissions issue but I can't see to solve it.   Any help would be
>appreciated.
>
>----------------------------------------------------------------------------
>--------------
>Imports System.DirectoryServices
>Module Module1
>
>Sub Main()
>Try
>    Dim AD As DirectoryEntry = _
>      New DirectoryEntry("WinNT://" + Environment.MachineName + ",computer")
>    Dim NewUser As DirectoryEntry = AD.Children.Add("TestUser1", "user")
>    NewUser.Invoke("SetPassword", New Object() {"#12345Abc"})
>    NewUser.Invoke("Put", New Object() {"Description", "Test User from
>.NET"})
>    NewUser.CommitChanges()
>    Dim grp As DirectoryEntry
>
>    grp = AD.Children.Find("Guests", "group")
>    If grp.Name <> "" Then
>        grp.Invoke("Add", New Object() {NewUser.Path.ToString()})
>    End If
>
>Catch ex As Exception
>    End Try
>End Sub
>
>End Module
>

Relevant Pages

  • Re: Invoke(SetPassword) in Active Directory, Works, Then Access is
    ... still need SSL/LDAP for an LDAP password mod. ... ADAM) to check out what the server is advertising for its capabilities. ... internal static DirectoryEntry GetDirectoryObject(string UserName, ... // Run the invoke from a console app, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Invoke(SetPassword) in Active Directory, Works, Then Access is
    ... ADAM) to check out what the server is advertising for its capabilities. ... internal static DirectoryEntry GetDirectoryObject(string UserName, ... // Run the invoke from a console app, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Fatal Execution Engine Error while creating a DataTable on a new Windows 2003 Server
    ... My app is already a console app. ... server in a state where my app cannot create a DataTable! ... Before the impersonation, ... but at least this tells me the problem is a permissions issue. ...
    (microsoft.public.dotnet.framework)
  • Re: write with cURL
    ... execute permissions. ... of potential security risks from other users on the same server. ... I made this suggestion because their web host appears to run Apache ... risk to allow Apache's group write access, since all PHP scripts ran ...
    (alt.php)
  • RE: Windows 2003 Server - Everyone Group
    ... this folder only accessable by the users in the "special" group. ... Configure User and Group Access on an Intranet in Windows Server ... NTFS files system permissions control ... group that you want to set permissions for, click Check Names to verify the ...
    (microsoft.public.win2000.networking)