[英]Add user to Active Directory Exception while calling Save function on UserPrincipal
I'm making a small forms application for adding a new user to Active Directory.我正在制作一个小型 forms 应用程序,用于将新用户添加到 Active Directory。
After creating the PrincipalContext, I'm making the UserPrincipal and setting the properties of it.创建 PrincipalContext 后,我正在制作 UserPrincipal 并设置它的属性。
When I call Save on the UserPrincipal, the following exception is thrown:当我在 UserPrincipal 上调用 Save 时,会引发以下异常:
System.DirectoryServices.AccountManagement.PrincipalOperationException: The validation information class requested was invalid. System.DirectoryServices.AccountManagement.PrincipalOperationException:请求的验证信息 class 无效。 (Exception from HRESULT: 0x80070544) ---> System.Runtime.InteropServices.COMException: The validation information class requested was invalid. (来自 HRESULT 的异常:0x80070544)---> System.Runtime.InteropServices.COMException:请求的验证信息 class 无效。
Relevant portion of the code below:以下代码的相关部分:
PrincipalContext principalContext = null;
try
{
principalContext = new PrincipalContext(ContextType.Domain,
"abc.com", "OU=ouname,DC=abc,DC=com", ContextOptions.Negotiate, uName, pWord);
}
catch (Exception e)
{
return "Failed to create PrincipalContext. Exception: " + e;
}
// Check if user object already exists in the store
UserPrincipal usr = UserPrincipal.FindByIdentity(principalContext, userLogonName);
if (usr != null)
{
return userLogonName + " already exists. Please use a different User Logon Name.";
}
// Create the new UserPrincipal object
UserPrincipal userPrincipal = new UserPrincipal(principalContext);
if (lastName != null && lastName.Length > 0)
{
userPrincipal.Surname = lastName;
}
if (firstName != null && firstName.Length > 0)
{
userPrincipal.GivenName = firstName;
}
if (userLogonName != null && userLogonName.Length > 0)
{
userPrincipal.EmailAddress = userLogonName + "@abc.com";
}
if (userLogonName != null && userLogonName.Length > 0)
{
userPrincipal.SamAccountName = userLogonName;
userPrincipal.UserPrincipalName = userLogonName;
}
string pwdOfNewlyCreatedUser = "abc123$$$!ABC";
userPrincipal.SetPassword(pwdOfNewlyCreatedUser);
userPrincipal.Enabled = true;
userPrincipal.ExpirePasswordNow();
try
{
userPrincipal.Save();
}
catch (Exception e)
{
return "Exception creating user object. " + e;
}
Edit for clarity: This line is where the exception is caught: " userPrincipal.Save();"为清楚起见进行编辑:此行是捕获异常的地方:“ userPrincipal.Save();”
The above code was taken from here:上面的代码取自这里:
https://docs.microsoft.com/en-us/previous-versions/bb384369(v=vs.90) https://docs.microsoft.com/en-us/previous-versions/bb384369(v=vs.90)
I'm not sure where to go from here.我不确定 go 从这里到哪里。
Edit: Further investigation points to the setting of the password.编辑:进一步调查指向密码的设置。 If I remove the following lines, the user is created:如果我删除以下行,则会创建用户:
string pwdOfNewlyCreatedUser = "abc123$$$!ABC";
userPrincipal.SetPassword(pwdOfNewlyCreatedUser);
But I don't want to remove those lines.但我不想删除这些行。 Or more specifically, I don't want to not set a password.或者更具体地说,我不想不设置密码。
Solved this.解决了这个问题。 Or rather, have worked around it.或者更确切地说,已经解决了它。
After trying to set the password in a number of different ways I settled on a simple way that works.在尝试以多种不同方式设置密码后,我选择了一种可行的简单方式。
Instead of代替
string pwdOfNewlyCreatedUser = "abc123$$$!ABC";
userPrincipal.SetPassword(pwdOfNewlyCreatedUser);
userPrincipal.Enabled = true;
userPrincipal.ExpirePasswordNow();
try
{
userPrincipal.Save();
}
catch (Exception e)
{
return "Exception creating user object. " + e;
}
I do this:我这样做:
userPrincipal.Enabled = true;
try
{
userPrincipal.Save();
userPrincipal.ChangePassword("", "abc123$$$!ABC");
userPrincipal.ExpirePasswordNow();
userPrincipal.Save();
}
catch (Exception e)
{
return "Exception creating user object. " + e;
}
To Summarise: SetPassword wasn't working but after saving the user using ChangePassword works.总结: SetPassword 没有工作,但在使用 ChangePassword 保存用户后工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.