Add New Users

T

Tina Smith

This sample code works perfectly in Console App. It will fail on the
Children.Add line when running the same code in a Web App. I'm assuming
it's a permissions issue but I can't see to solve it. Any help would be
appreciated.

----------------------------------------------------------------------------
--------------
Imports System.DirectoryServices
Module Module1

Sub Main()
Try
Dim AD As DirectoryEntry = _
New DirectoryEntry("WinNT://" + Environment.MachineName + ",computer")
Dim NewUser As DirectoryEntry = AD.Children.Add("TestUser1", "user")
NewUser.Invoke("SetPassword", New Object() {"#12345Abc"})
NewUser.Invoke("Put", New Object() {"Description", "Test User from
..NET"})
NewUser.CommitChanges()
Dim grp As DirectoryEntry

grp = AD.Children.Find("Guests", "group")
If grp.Name <> "" Then
grp.Invoke("Add", New Object() {NewUser.Path.ToString()})
End If

Catch ex As Exception
End Try
End Sub

End Module
 
S

Scott Allen

Hi Tina:

Yes, this is a permissions issue. As a console app the code will send
your credentials to AD server, but when running under ASP.NET the code
executes under the local machine account ASPNET (or NETWORK SERVICE if
you are running asp.net on Win2003).

There are several possible solutions, one of which is to use
impersonation with a username and password in web.config.
http://msdn.microsoft.com/library/d...-us/cpguide/html/cpconaspnetimpersonation.asp

You might pick to run under a domain account with as limited
permissions as possible on the AD server.
 
G

Guest

Most likely, your ASP.NET app is set up for anonymous access. If so, there
are a couple of ways to accomplish what you want.

1. Make the page so it is not available for the anonymous user. This forces
a logon and gives you the right to create the child (assuming domain admin
priveleges).

2. Put the above code in its own assembly and place it in a place where
impersonation of an account with priveleges is possible. COM+ is the easiest
option, as it is declarative (note a minor perf issue, as you are entering
Interop). Watch who has access to this page, however, as you have opened the
keys to the kingdom.

3. Shut off anon access to the site. This accomplishes the same as #1.

4. Create a separate process to do the work and fire it off using the
Process object. Note that this can still fail due to code access security,
which can be changed by altering current profiles or creating a new profile.

The issue here is you are running as you with a script, but as ASPNET when
you hit the page.

---

Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Help me in making users/deleting users in active directory 3
.net in run book help 0
allow users to change local account passwords 0
connecting problem in vb.net with ldap to active directory 1
Getting Users FullName 1
get local and domain members from local group? 1
Using Directory Services saves some settings and not others 0
LDAP query to DataGrid 2

Members online

Total: 27 (members: 1, guests: 26)
Robots: 165

Forum statistics

Threads
473,776
Messages
2,569,603
Members
45,189
Latest member
CryptoTaxSoftware

Latest Threads

Top