Code I can give you:
Directly from Robbie's "Active Directory Cookbook":
' Taken from ADS_USER_FLAG_ENUM
Const ADS_UF_NORMAL_ACCOUNT = 512
set objParent = GetObject("LDAP://<ParentDN>)
set objUser = objParent.Create("user", "cn=<UserName>") ' e.g rickk
objUser.Put "sAMAccountName", "<UserName>" ' e.g rickk
objUser.Put "userPrincipalName", "<UserUPN>" ' e.g
[EMAIL PROTECTED]
objUser.Put "givenName", "<UserFirstName>" ' e.g Rick
objUser.Put "sn", "<UserLastName>" 'e.g Kingslan
objUser.Put "displayName", "<UserFirstName> <UserLastName>" ' e.g Rick
Kingslan
objUser.Put "userAccountControl", ADS_UF_NORMAL_ACCOUNT
objUser.SetInfo ' <=============================Fails right here with
the error
objUser.SetPassword("<Password>")
objUser.AccountDisabled = FALSE
objUser.SetInfo
This will work (given that the replaceable parameters [ those in the
'<>'] are either fed in from the command line or replaced otherwise -
pick your means) IF the password complexity is not enforced AND the
password length is equal to or greater than the minimum.
The problem is one of 'The Chicken and The Egg'. The user can't be
created because the password is not complex and does not meet the
minimum criteria - it's currently NULL - not set, but the user object
must have a password value associated with it.
You cannot SET the password for a user until after the user object
exists.
So, how do I get around this?
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
LAN Administration - Windows 2000
West Corporation
[EMAIL PROTECTED]
-----Original Message-----
From: Carlos Magalhaes [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 7:21 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] Creating programatically when password
complexity is in force
Right,
Can we see some code? We can then deduce from there exactly what you
need.
Carlos
-----Original Message-----
From: Kingslan, Rick T. [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 2:06 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Creating programatically when password complexity
is in force
I've run into an interesting problem. If I create a user
programatically, (using C#, but we've confirmed the same with VBScript)
the password cannot be set until the user object exists. If I try it,
we get the error:
"Server is unwilling to process the request"
when a SetInfo is done on the creation of the user object. All required
fields for the user object are being entered, and checked per the 'Tuna'
just to be sure.
However, the user cannot exist with a blank password because the blank
password violates the password complexity and the minimum length rules.
And, as stated, the password cannot be set until the object exists.
Would one of the scripting / programming geniuses that we have here tell
me what I'm missing? I have to believe that there is a way to do this.
Or, am I going to be relegated to using ADUC again to create my users
(which is a major pain in the a$$, to say the least)?
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active Directory
LAN Administration - Windows 2000
West Corporation
[EMAIL PROTECTED]
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
