ActiveDirectoryMembershipProvider.CreateUser Method (String, String, String, String, String, Boolean, Object, MembershipCreateStatus)
Adds a new user to the Active Directory data store.
Assembly: System.Web (in System.Web.dll)
[DirectoryServicesPermissionAttribute(SecurityAction.Assert, Unrestricted = true)] [DirectoryServicesPermissionAttribute(SecurityAction.Demand, Unrestricted = true)] [DirectoryServicesPermissionAttribute(SecurityAction.InheritanceDemand, Unrestricted = true)] public override MembershipUser CreateUser( string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status )
The user name for the new user.
The password for the new user.
The e-mail address of the new user.
The password question for the new user.
The password answer for the new user.
Whether or not the new user is approved to be validated.
The unique identifier from the membership data source for the user. This parameter must be null when using the ActiveDirectoryMembershipProvider class.
The providerUserKey parameter is not null.
The administrator has not mapped the password question-and-answer fields to attributes of the Active Directory schema, and either the passwordQuestion or passwordAnswer parameter is not null.
The machineKey Element (ASP.NET Settings Schema) configuration element indicates an auto-generated machine encryption key. You must explicitly set the decriptionKey attribute of the machineKey Element (ASP.NET Settings Schema) element to store password answers with the ActiveDirectoryMembershipProvider.
- or -
The ActiveDirectoryMembershipProvider was unable to establish a secure connection to the directory when attempting to set the password for the new user.
An error occurred while attempting to create the user.
The ActiveDirectoryMembershipProvider instance is initialized.method is called before the
The Membership class to create a new user in the Active Directory data store.method is called by the
For both Active Directory and Active Directory Application Mode (ADAM) servers, the ActiveDirectoryMembershipProvider class requires that the instance class in the directory be user. Alternative user classes such as inetOrgPerson are not supported.
When using an Active Directory server and the user name is mapped to the userPrincipalName attribute, the ActiveDirectoryMembershipProvider class will automatically generate a random 20-character user name for the sAMAccountName parameter on your behalf.
Parameters default to the following maximum lengths.
64 characters if using the userPrincipalName attribute. If using the sAMAccountName attribute, the common restriction is 20 characters or less.
128 characters before and after encrypting.
If the directory schema has been modified by reducing the maximum allowable lengths for these attributes, these lengths will take precedence.
Before creating the user, the ActiveDirectoryMembershipProvider class will make sure the user name is unique. If the ActiveDirectoryMembershipProvider instance is configured to require unique e-mail addresses, it will also make sure the e-mail address is unique.
In an Active Directory user-name uniqueness is enforced by performing a GC search when the user name is mapped to userPrincipalName. If sAMAccountName is used, then the directory will automatically enforce uniqueness of the sAMAccountName across the Active Directory domain.
An ADAM server will automatically enforce user name uniqueness of the userPrincipalName across all application partitions.
Uniqueness of the e-mail address is enforced by performing a subtree search for a duplicate e-mail address starting at the root of the container in which users are created. This is either the default user container (if connected to an Active Directory and no container was specified in the connection string) or the container specified in the connection string.
The ActiveDirectoryMembershipProvider class creates the user directly in the user container specified in the connection string. See the ActiveDirectoryMembershipProvider class topic for more information about connection strings.
For passwords to be set on an Active Directory server, the connectionProtection attribute must be set to SignAndSeal.
When an ADAM server is being used, the connectionProtection attribute can be set to None, but only if you explicitly configure the ADAM server to allow password changes over unsecured connections.
Leading and trailing spaces are trimmed from all string parameter values except password.
You cannot create new users unless the credentials used to connect to the Active Directory server have either Domain Administrator rights (not recommended) or the "create child instance," "delete child instance," and "set password" access rights. The "delete child instance" access right is required because creating a user is a multi-step process, and if any step of user creation fails, the ActiveDirectoryMembershipProvider class will delete the user instance rather than leave a partially constructed user instance in the directory.
Available since 2.0