Re: Programming the User-Account_Property using C#

---

• From: "Willy Denoyette [MVP]" <willy.denoyette@xxxxxxxxxx>
• Date: Fri, 9 Mar 2007 17:52:17 +0100

---

"Chris Noble" <chris.noble@xxxxxxxxxxxxxxxx> wrote in message news:ulIV3QmYHHA.3268@xxxxxxxxxxxxxxxxxxxxxxx

I am not sure that I have picked the right newsgroup for this post.

I am writing a program in C# VS 2005 to create user accounts for our students in Active Directory.
This is to replace a program I wrote some years ago in VS6 using C++ and ADSI.

I am trying not to use ADSI in my new program, focussing on DirectoryServices instead.

In C# the syntax to set an Active Directory property is something like:
entry.Properties["givenName"].value="Jim"; (where entry is a DirectoryEntry)

However for the userAccountControl property it is necessary to use a combination of enumerated identifiers.
see http://msdn2.microsoft.com/en-us/library/aa772300.aspx
I do not want the students to be able to change a password so I need to use ADS_UF_PASSWD_CANT_CHANGE.
This flag can be read, but not set directly as it involves setting trustee rights etc. There is a link to an example program to set this flag but it is in C++ and uses ADSI which I want to avoid.

Surely there must be a nice new clean way of doing this in Framework 2.0.

Is there any example C# code using DirectoryServices to set ADS_UF_PASSWD_CANT_CHANGE?

I don't want to have to write a wrapper for my existing unmanaged code which involved ACEs, ACLs, security descriptors etc

The only way to set this "user cannot change password" property is by turning the ACE's on the user object into an ACCESS_DENIED_ACE type ACE.
This can be done by using the DirectorySecurity class of the System.Security.AccessControl namespace.

Willy.




.

---

• Follow-Ups:
  • Re: Programming the User-Account_Property using C#
    • From: Chris Noble

• References:
  • Programming the User-Account_Property using C#
    • From: Chris Noble

• Prev by Date: Re: ref vs. out: same at runtime, same/different at compiler time?
• Next by Date: Re: DLL Import method
• Previous by thread: Programming the User-Account_Property using C#
• Next by thread: Re: Programming the User-Account_Property using C#
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: SBS 2000 install problems (need to reinstall from scratch) ... I am NOT wanting to keep all of Active Directory. ... corrupt the new install. ... have any problem with recreating the user accounts at this point. ... >> I am familiar with the Active Directory replication from one server to ... (microsoft.public.backoffice.smallbiz2000) RE: all users disapeared ... You find that the user accounts in the Active Directory are missing. ... Click Services tab and select Hide All Microsoft Services and Disable ... SBS server Event logs, DNS diagnosis logs and Active Directory diagnosis ... (microsoft.public.windows.server.sbs) RE: NT4 -> 2003? ... local.domain.com or domain.local for the active directory ... Options" page while migrating user accounts using ADMT). ... (microsoft.public.windows.server.migration) Re: all users disapeared ... But I did have an sql injection attack some time ago, following that I found that someone had set up a admin account, also I found 2 poker programs installed on my server that I never installed myself. ... You find that the user accounts in the Active Directory are missing. ... Click Services tab and select Hide All Microsoft Services and Disable ... (microsoft.public.windows.server.sbs) Problem that has never been resolved, Mapped home directory ... I am using 2003 R2 Server with Active Directory. ... When I do this each day I have students and staff that are unable to access ... their home directory because it maps to the root of the student folder ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)