在 UserPrincipal 上调用 Save function 时将用户添加到 Active Directory 异常

Question

I'm making a small forms application for adding a new user to Active Directory.

After creating the PrincipalContext, I'm making the UserPrincipal and setting the properties of it.

When I call Save on the UserPrincipal, the following exception is thrown:

System.DirectoryServices.AccountManagement.PrincipalOperationException: The validation information class requested was invalid. (Exception from HRESULT: 0x80070544) ---> System.Runtime.InteropServices.COMException: The validation information class requested was invalid.

Relevant portion of the code below:

PrincipalContext principalContext = null;

try
{
    principalContext = new PrincipalContext(ContextType.Domain, 
        "abc.com", "OU=ouname,DC=abc,DC=com", ContextOptions.Negotiate, uName, pWord);
}
catch (Exception e)
{
    return "Failed to create PrincipalContext. Exception: " + e;
}

// Check if user object already exists in the store
UserPrincipal usr = UserPrincipal.FindByIdentity(principalContext, userLogonName);

if (usr != null)
{
    return userLogonName + " already exists. Please use a different User Logon Name.";
}

// Create the new UserPrincipal object
UserPrincipal userPrincipal = new UserPrincipal(principalContext);


if (lastName != null && lastName.Length > 0)
{ 
    userPrincipal.Surname = lastName;
}

if (firstName != null && firstName.Length > 0)
{
    userPrincipal.GivenName = firstName;
}

if (userLogonName != null && userLogonName.Length > 0)
{
    userPrincipal.EmailAddress = userLogonName + "@abc.com";
}

if (userLogonName != null && userLogonName.Length > 0)
{
    userPrincipal.SamAccountName = userLogonName;
    userPrincipal.UserPrincipalName = userLogonName;
}

string pwdOfNewlyCreatedUser = "abc123$$$!ABC";
userPrincipal.SetPassword(pwdOfNewlyCreatedUser);

userPrincipal.Enabled = true;
userPrincipal.ExpirePasswordNow();

try
{
    userPrincipal.Save();
}
catch (Exception e)
{
    return "Exception creating user object. " + e;
}

Edit for clarity: This line is where the exception is caught: " userPrincipal.Save();"

The above code was taken from here:

https://docs.microsoft.com/en-us/previous-versions/bb384369(v=vs.90)

I'm not sure where to go from here.

Edit: Further investigation points to the setting of the password. If I remove the following lines, the user is created:

string pwdOfNewlyCreatedUser = "abc123$$$!ABC";
userPrincipal.SetPassword(pwdOfNewlyCreatedUser);

But I don't want to remove those lines. Or more specifically, I don't want to not set a password.

Answer 1

Solved this. Or rather, have worked around it.

After trying to set the password in a number of different ways I settled on a simple way that works.

Instead of

string pwdOfNewlyCreatedUser = "abc123$$$!ABC";
userPrincipal.SetPassword(pwdOfNewlyCreatedUser);

userPrincipal.Enabled = true;
userPrincipal.ExpirePasswordNow();

try
{
    userPrincipal.Save();
}
catch (Exception e)
{
    return "Exception creating user object. " + e;
}

I do this:

userPrincipal.Enabled = true;

try
{
    userPrincipal.Save();

    userPrincipal.ChangePassword("", "abc123$$$!ABC");
    userPrincipal.ExpirePasswordNow();
    userPrincipal.Save();

}
catch (Exception e)
{
    return "Exception creating user object. " + e;
}

To Summarise: SetPassword wasn't working but after saving the user using ChangePassword works.