Hi i want to create a system user in window server 2003 active directory for which i use following C# code ,
DirectoryEntry AD = new DirectoryEntry("WinNT://"+Environment.MachineName+",computer");
DirectoryEntry NewUser = AD.Children.Add(username, "user");
开发者_开发问答 NewUser.Invoke("SetPassword", new object[] { password });
NewUser.Invoke("Put", new object[] { "Description", "Test User from .NET"});
NewUser.CommitChanges();
DirectoryEntry grp;
grp = AD.Children.Find("Guests", "group");
if (grp != null)
{
grp.Invoke("Add", new object[] { NewUser.Path.ToString() });
}
this code makes user when i run this application locally on visualy studio web engine but when i deploy this application on iis on window server 2003 this will give exception
Exception:
General Access Denied Error
kindly help me what im doing wrong which permission is required to create user in window server and how we give this perssion. thanks.
Look at System.DirectoryServices.AccountManagement namespace. Utilizing classes from it you can do this in such way:
using (var context = new PrincipalContext(ContextType.Machine, "MachineName", "AdminUserName", "AdminPassword"))
{
UserPrincipal user = new UserPrincipal(context, username, password, true);
user.Description = "Test User from .NET";
user.Save();
var guestGroup = GroupPrincipal.FindByIdentity(context, "Guests");
if (guestGroup != null)
{
guestGroup.Members.Add(user);
guestGroup.Save();
}
}
Also, you may configure impersonation on your application and skip all parameters in the PrincipalContext constructor exception the first one if this functionality allowed for administrators only.
精彩评论