If I want to create a new user with the UserPrincipal-class in the ADAM (Ad LDS) Directory (maybe also in Active Directory, I have not tested it), it always fails with the following message:
“The principal could not be enabled because the existing account control flags could not be read.”
The code I use is as follows:
using (UserPrincipal user = new UserPrincipal(ctx,userName,password,[false/true])) {
// ...
}
It turns out that this is another bug in the AccountManagement-Namespace. Create the user without any properties, assign the properties later, save the user and enable it after saving. This helps.
using (UserPrincipal user = new UserPrincipal(ctx)) {
user.Name = userName;
user.UserPrincipalName = userName;
user.SetPassword(password);
user.Save();
user.Enabled = true;
user.Save();
}
There is a connect-entry, and sadly, MS writes in this entry, that they not are willing to fix this bug.