RE: Creating entries in Active Directory

Mon, 08 Aug 2005 13:50:33 -0700 

I suspect the problem you are getting hit with is password policy. If
you have password policy in place, you *must* create the user object
with the userAccountControl set to disabled, set a password, then you
enable the user.

Another problem you are going to run into is that AD will not change a
user's password unless the LDAP connection is encrypted. I believe this
behavior can be changed.

Anyway here's my code:

sub CreateNewUser {

        my $destOU = shift;
        my $userid = shift;
        my $display = shift;
        my $ln = shift;
        my $fn = shift;

        my $dn = "CN=$display,$destOU";

# Do NOT give any email addresses when creating user. If the user has an
email address
# the mailbox will not be created.


        my $result = $ldap->add (
               dn   => $dn,
               attr => [ 'sn'    => $ln,
                         'givenName' => $fn,
                         'samAccountName' => $userid,
                         'mailNickname' => $userid,
                         'mDBUseDefaults' => "TRUE",
                         'displayName' => $display,
                         'objectclass' => ['top', 'person',
                                           'organizationalPerson',
                                           'user' ],
                       ]
             );

        $result->code && die "failed to add entry: ", $result->error ;

}
 

-----Original Message-----
From: Chris Heath [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, August 03, 2005 2:16 PM
To: [email protected]
Subject: Creating entries in Active Directory

I am trying to use Net::LDAP to manipulate AD.  I can find, modify, &
delete entries but have trouble creating them.  All the examples that I
have found online use Win32::OLE.  How can I do this with Net::LDAP?
Here is the code that I am using:

   my $ADS_UF_NORMAL_ACCOUNT = 512;
   my $entry = Net::LDAP::Entry->new;
 
$entry->dn("CN=test_create,CN=Users,DC=usadir,DC=usa,DC=usouthal,DC=edu"
);
        $entry->add(
                'cn' => 'test_create',
                'sAMAccountName' => 'test_create',
                'userAccountControl' => $ADS_UF_NORMAL_ACCOUNT,
                'givenName' => 'john',
                'sn' => 'test_create',
                'displayName' => 'john test_create',
                'userPrincipalName' =>
'[EMAIL PROTECTED]',
                'userPassword' => '99RedBal',
        );
   my $results = $entry->update( $ldap );
   $results->code &&
      die "create failed:" . $results->error ;

This is the error I get when I run it:

create failed:0000207B: UpdErr: DSID-03050FB6, problem 6002
(OBJ_CLASS_VIOLATION), data 0

Also, what are some good online resources for the AD/perl combination?

Thanks in advance for any help,
-ch

-----------------------------------
Chris Heath
Academic Computing
460-7912
[EMAIL PROTECTED]

Reply via email to