I want to write a Console application which will just add a new User to my own machine's Domain using .Net DirectoryServices API and LDAP.
Do I need admin account Password for the DomainController to do this ?
Do I need to run that Console Application on a machine on that domain only or can be run on other domains too ?
Can somebody provide me an example ?
UPDATE: Fetching the count of users code
DirectoryEntry myLdapConnection = createDirectoryEntry();
DirectorySearcher search = new DirectorySearcher(myLdapConnection);
search.Filter = "(&objectClass=User)objectCategory=Person)userPrincipalName=*health2.com))";
search.PropertiesToLoad.Add("sAMAccountName");
SearchResultCollection allUsers = search.FindAll();
for (int usersCount = 0; usersCount < allUsers.Count; usersCount++)
{
SearchResult result = allUsers[usersCount];
if (result.Properties["sAMAccountName"].Count > 0)
{
string cn = result.Properties["sAMAccountName"][0].ToString();
Console.WriteLine(cn);
Console.ReadLine();
}
}
Console.WriteLine(string.Format(@"Users Count - {0}", allUsers.Count.ToString()));
Console.ReadLine();
If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement
(S.DS.AM) namespace. Read all about it here:
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
// do something here....
}
The article I provided a link to also shows how easily you can create a new user and add it to AD:
// create a user principal object
UserPrincipal user = new UserPrincipal(ctx, "User1Acct", "pass@1w0rd01", true);
// assign some properties to the user principal
user.GivenName = "User";
user.Surname = "One";
user.UserPrincipalName = "[email protected]";
// force the user to change password at next logon
user.ExpirePasswordNow();
// save the user to the directory
user.Save();
The new S.DS.AM makes it really easy to play around with users and groups in AD!