Create the New User Object
The UserPrincipal object is created and properties, such as name, employee ID, and e-mail address are set on it. Since the user principal is not saved when it is created, the application calls the Save method to insert the object into the store. The user object must be inserted in the store before operations such as Delete, Change Password, or Search can be performed. By default, the AD LDS and AD DS stores do not enable the principals for authentication when they are saved. Setting the enabled property allows for the user to be authenticated.
Applications can retrieve the underlying DirectoryEntry object and perform operation directly on this object. Additional properties, such as street address, can be set on the underlying object.
internal static bool CreateUser(string firstName, string lastName, string userLogonName, string employeeID, string emailAddress, string telephone, string address)
{
// Creating the PrincipalContext
PrincipalContext principalContext = null;
try
{
principalContext = new PrincipalContext(ContextType.Domain, "fabrikam", "DC=fabrikam,DC=com");
}
catch (Exception e)
{
MessageBox.Show("Failed to create PrincipalContext. Exception: " + e);
Application.Exit();
}
// Check if user object already exists in the store
UserPrincipal usr = UserPrincipal.FindByIdentity(principalContext, userLogonName);
if (usr != null)
{
MessageBox.Show(userLogonName + " already exists. Please use a different User Logon Name.");
return false;
}
// Create the new UserPrincipal object
UserPrincipal userPrincipal = new UserPrincipal(principalContext);
if (lastName != null && lastName.Length > 0)
userPrincipal.Surname = lastName;
if (firstName != null && firstName.Length > 0)
userPrincipal.GivenName = firstName;
if (employeeID != null && employeeID.Length > 0)
userPrincipal.EmployeeId = employeeID;
if (emailAddress != null && emailAddress.Length > 0)
userPrincipal.EmailAddress = emailAddress;
if (telephone != null && telephone.Length > 0)
userPrincipal.VoiceTelephoneNumber = telephone;
if (userLogonName != null && userLogonName.Length > 0)
userPrincipal.SamAccountName = userLogonName;
pwdOfNewlyCreatedUser = "abcde@@12345!~";
userPrincipal.SetPassword(pwdOfNewlyCreatedUser);
userPrincipal.Enabled = true;
userPrincipal.ExpirePasswordNow();
try
{
userPrincipal.Save();
}
catch (Exception e)
{
MessageBox.Show("Exception creating user object. " + e);
return false;
}
/***************************************************************
* The below code demonstrates on how you can make a smooth
* transition to DirectoryEntry from AccountManagement namespace,
* for advanced operations.
***************************************************************/
if (userPrincipal.GetUnderlyingObjectType() == typeof(DirectoryEntry))
{
DirectoryEntry entry = (DirectoryEntry) userPrincipal.GetUnderlyingObject();
if (address != null && address.Length > 0)
entry.Properties["streetAddress"].Value = address;
try
{
entry.CommitChanges();
}
catch (Exception e)
{
MessageBox.Show("Exception modifying address of the user. " + e);
return false;
}
}
return true;
}
See Also
Reference
System.DirectoryServices.AccountManagement
Concepts
About System.DirectoryServices.AccountManagement
Using System.DirectoryServices.AccountManagement
Send comments about this topic to Microsoft.
Copyright © 2008 by Microsoft Corporation. All rights reserved.