Search code examples
c#active-directorywindows-server-2003

Add enabled Computer to Active Directory OU

I am trying to programmatically add a computer to the Active Directory of my company.
I was searching the internet for so long now, but i couldn't find a solution.

My code:

DirectoryEntry dirEntry = new DirectoryEntry("LDAP://OU=ou2example,OU=ou1example,DC=site,DC=company,DC=com");
dirEntry.Username = "username";
dirEntry.Password = "password";
DirectoryEntry newComputer = dirEntry.Children.Add("CN=" + ComputerName, "computer");
newComputer.CommitChanges();

My problem:

The computer is added to the Active Directory. But it is flagged as disabled.

enter image description here

I tried to following to enable the computer:

newComputer.Properties["userAccountControl"].Value = 0x200;

But I get an DirectoryServicesCOMException --> The server can not complete the request.

or

newComputer.Properties["Enabled"].Value = true;

But I get an DirectoryServicesCOMException --> The requested operation does not satisfy at least one constraint that is for this object class condition.

Please note that the exceptions are translated from german to english!

Thanks for helping!

Solution

  • I think two things can be wrong but it's been a long time since I did anything like this so I maybe wrong...

    First of all, when do you set the userAccountControl flag? I seem to remember you should do this after the CommitChanges for the new entry. So like this:

    DirectoryEntry newComputer =
    dirEntry.Children.Add("CN=" + ComputerName, "computer");
newComputer.CommitChanges();
newComputer.Properties["userAccountControl"].Value = 0x200;
newComputer.CommitChanges();

    Second, can you try setting the UF_WORKSTATION_TRUST_ACCOUNT flag (0x1000) instead of UF_NORMAL_ACCOUNT (0x200).

    Can you also check whether the sAMAccountType of the entry is SAM_MACHINE_ACCOUNT (0x30000001). I think this should be automatic but doesn't hurt to check.