Re: creating a new user in Active Directory
From: Mario Rodriguez (mrodriguez_at_avantica.net)
Date: 03/12/04
- Next message: Randy: "Installing a .NET Windows Service using InstallUtil"
- Previous message: J e r e m y: "ASP.Net Permissions issue"
- In reply to: richlm: "Re: creating a new user in Active Directory"
- Next in thread: Mario Rodriguez: "Re: creating a new user in Active Directory"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 12 Mar 2004 15:36:24 -0600
Thanks Richard. Consider my comments between lines:
1. can you perform the same operation from the same box under the account
you are trying to impersonate using e.g. "AD Users & Computers" snap-in
[Yes, it works perfecty because I'm trying to impersonate with an
administrator's group member]
2. what happens if you don't try to impersonate - does it still fail
silently?
[My user is a simple Domain Users's member, so I have no rights to create
users in Active Directory]
3. Is there anything in the event log (security) on either the box you are
running on or box running AD? If not check the "Local Security Policy"
audit
settings and ensure that logon failures are enabled under local audit
policy.
[the Local Security Policy is Ok and the event log is empty]
4. Does the impersonating account have kerberos delegation enabled?
(configuration depends on whether this is on Win2K or Win2003)
[I'm using Win2K as development box and Active Directory server (different
machines), How do I enable kerberos delegation for impersonating account ?]
thanks
"richlm" <rich_lm@h0tmai1.com> wrote in message
news:uxFrSZHCEHA.2060@TK2MSFTNGP12.phx.gbl...
> Just a few thoughts/ideas to try:
>
> 1. can you perform the same operation from the same box under the account
> you are trying to impersonate using e.g. "AD Users & Computers" snap-in
> 2. what happens if you don't try to impersonate - does it still fail
> silently?
> 3. Is there anything in the event log (security) on either the box you are
> running on or box running AD? If not check the "Local Security Policy"
audit
> settings and ensure that logon failures are enabled under local audit
> policy.
> 4. Does the impersonating account have kerberos delegation enabled?
> (configuration depends on whether this is on Win2K or Win2003)
>
> Hopefully something here might lead you to a solution, or at least narrow
> down a bit. Let us know how it goes.
>
> Richard.
>
> "Mario Rodriguez" <mrodriguez@avantica.net> wrote in message
> news:etqqP0GCEHA.2256@TK2MSFTNGP12.phx.gbl...
> > Hi, I'm trying to add a new user to my active directory, but the problem
> is
> > that the following snippet doesn't throws any exception or error, but
> never
> > adds the users to the active directory
> >
> >
> > public DirectoryEntry addUser(UserContainer v_objUserContainer) {
> >
> > if(impersonateUser(this.LoginUsername, this.DomainName,
> > this.strPassword)) { // make the operation with an privileged user
> >
> > DirectoryEntry entry =
> > objRootActiveDirectory.Children.Add(v_objUserContainer.getLogin(),
> "user");
> >
> > /* solamente modifica el password si esta definido */
> >
> > if(v_objUserContainer.getPassword() != "" &&
> > v_objUserContainer.getPassword() != null) {
> >
> > entry.Invoke("SetPassword", new object[]
> > {v_objUserContainer.getPassword() });
> >
> > }
> >
> > invokeProperty(ref entry, "FullName"
> > ,v_objUserContainer.getFullName());
> >
> > objRootActiveDirectory.CommitChanges();
> >
> > undoImpersonification();
> >
> > return entry;
> >
> > } else {
> >
> > return null;
> >
> > }
> >
> > }
> >
> >
> >
> > Any idea ?
> >
> >
> >
> > thanks
> >
> >
>
>
- Next message: Randy: "Installing a .NET Windows Service using InstallUtil"
- Previous message: J e r e m y: "ASP.Net Permissions issue"
- In reply to: richlm: "Re: creating a new user in Active Directory"
- Next in thread: Mario Rodriguez: "Re: creating a new user in Active Directory"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
