Today as part of my on going project I had to create a function to create AD users through C#, and I'm using System.DirectoryServices class which actually requires that you add each property to the user, but doesn't actually tell you what does properties are, so after some looking around I found a table in this article. It made it a lot simpler than trying to guess the names. Here is the table for those that just want to get a quick look:
LDAP Attribute | Example |
C | Country: e.g GB for Great Britain. |
CN - Common Name | CN=Guy Thomas. Actually, this LDAP attribute can be made up from givenName joined to SN. |
CN | Maps to 'Name' in the LDAP provider. Remember CN is a mandatory property. See also sAMAccountName. |
description | What you see in Active Directory Users and Computers. Not to be confused with displayName on the Users property sheet. |
displayName | displayName = Guy Thomas. If you script this property, be sure you understand which field you are configuring. DisplayName can be confused with CN or description. |
DN - also distinguishedName | DN is simply the most important LDAP attribute. CN=Jay Jamieson, OU= Newport,DC=cp,DC=com |
givenName | Firstname also called Christian name |
homeDrive | Home Folder : connect. Tricky to configure |
initials | Useful in some cultures. |
name | name = Guy Thomas. Exactly the same as CN. |
objectCategory | Defines the Active Directory Schema category. For example, objectCategory = Person |
objectClass | objectClass = User. Also used for Computer, organizationalUnit, even container. Important top level container. |
physicalDeliveryOfficeName | Office! on the user's General property sheet |
postOfficeBox | P.O. box. |
profilePath | Roaming profile path: connect. Trick to set up |
sAMAccountName | This is a mandatory property, sAMAccountName = guyt. The old NT 4.0 logon name, must be unique in the domain. |
sAMAccountName | If you are using an LDAP provider 'Name' automatically maps to sAMAcountName and CN. The default value is same as CN, but can be given a different value. |
SN | SN = Thomas. This would be referred to as last name or surname. |
title | Job title. For example Manager. |
userAccountControl | Used to disable an account. A value of 514 disables the account, while 512 makes the account ready for logon. |
userPrincipalName | userPrincipalName = guyt@CP.com Often abbreviated to UPN, and looks like an email address. Very useful for logging on especially in a large Forest. Note UPN must be unique in the forest. |
wWWHomePage | User's home page. |
Examples of Exchange Specific LDAP attributes | |
homeMDB | Here is where you set the MailStore |
legacyExchangeDN | Legacy distinguished name for creating Contacts. In the following example, Guy Thomas is a Contact in the first administrative group of GUYDOMAIN: /o=GUYDOMAIN/ou=first administrative group/cn=Recipients/cn=Guy Thomas |
An easy, but important attribute. A simple SMTP address is all that is required billyn@ourdom.com | |
mAPIRecipient - FALSE | Indicates that a contact is not a domain user. |
mailNickname | Normally this is the same value as the sAMAccountName, but could be different if you wished. Needed for mail enabled contacts. |
mDBUseDefaults | Another straightforward field, just the value to:True |
msExchHomeServerName | Exchange needs to know which server to deliver the mail. Example: /o=YourOrg/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=MailSrv |
proxyAddresses | As the name 'proxy' suggests, it is possible for one recipient to have more than one email address. Note the plural spelling of proxyAddresses. |
targetAddress | SMTP:@ e-mail address. Note that SMTP is case sensitive. All capitals means the default address. |
showInAddressBook | Displays the contact in the Global Address List. |
c | Country or Region |
company | Company or organization name |
department | Useful category to fill in and use for filtering |
homephone | Home Phone number, (Lots more phone LDAPs) |
l (Lower case L) | L = Location. City ( Maybe Office |
location | Important, particularly for printers and computers. |
manager | Boss, manager |
mobile | Mobile Phone number |
ObjectClass | Usually, User, or Computer |
OU | Organizational unit. See also DN |
pwdLastSet | Force users to change their passwords at next logon |
postalCode | Zip or post code |
st | State, Province or County |
streetAddress | First line of address |
telephoneNumber | Office Phone |
userAccountControl | Enable (512) / disable account (514) |
Examples of Obscure LDAP Attributes | |
dNSHostname | |
rID | |
url | |
uSNCreated, uSNChanged |
I removed the Ads because I'm not sure if they would affect his stuff.
Here is the difference in code from creating users in PowerShell and in C#:
C# * Please note that I am passing the variables from the "OnClick" function for a button, and also that all the properties name are not provided to you as they are in PowerShell. Final note there is some parameters that have not yet been used as they will be added at a later point when I create the mailbox.
Edit >
It seems that I forgot a simple o in the Country property. (see in bold)
PowerShell * In this particular example I'm taking the values from a CSV, which allows me to create multiple accounts very quickly.
//This is needed
Import-Module ActiveDirectory
New-ADUser -AccountPassword (ConvertTo-SecureString -AsPlainText "PASSWORDHERE" -Force) -Server 'DCHOSTNAME' `
-Enabled $true `
-Name $file.username
`
-GivenName $file.name `
-Surname $file.lastname
`
-Initials $file.middle
`
-DisplayName $file.displayname
`
-SamAccountName $file.username
`
-Office $file.office
`
-Department $file.Department
`
-Company $file.company
`
-StreetAddress $file.Street
`
-City $file.city `
-State $file.state `
-PostalCode $file.postalcode
`
-Country $file.country
`
-Description $file.description
`
-Path $file.path `
-UserPrincipalName $file.userprincipalname
`
-EmailAddress $file.userprincipalname
`
-OtherAttributes @{'co'="United
States"; 'countryCode'="840"}
|
//These are required
using System.DirectoryServices;
using System.DirectoryServices.ActiveDirectory;
public void createUser(int ticketnumber, string firstname, string middleIn, string lastName,
string samaccountname, string email, string telephone, string hemisphere, string company,
string office, string address, string city, string state, string division, string Code,
string OrganizationalUnit, string country, string department, string title, string displayName,
string postalCode, string co, string Manager)
{
string path = "LDAP://" +
OrganizationalUnit;
int NORMAL_ACCOUNT = 0x200;
int PWD_NOTREQD = 0x20;
try
{
using (DirectoryEntry ou = new DirectoryEntry(path))
{
DirectoryEntry user =
ou.Children.Add("CN=" + samaccountname, "user");
user.Properties["SamAccountName"].Add(samaccountname);
user.Properties["userPrincipalName"].Add(samaccountname + "@DOMAIN");
user.Properties["name"].Add(firstname
+ " " + lastName);
user.Properties["givenName"].Add(firstname);
user.Properties["initials"].Add(middleIn);
user.Properties["SN"].Add(lastName);
user.Properties["telephoneNumber"].Add(telephone);
user.Properties["company"].Add(company);
user.Properties["physicalDeliveryOfficeName"].Add(office);
user.Properties["streetAddress"].Add(address);
user.Properties["l"].Add(city);
user.Properties["st"].Add(state);
user.Properties["co"].Add(country);
user.Properties["C"].Add(co);
user.Properties["department"].Add(department);
user.Properties["title"].Add(title);
user.Properties["userAccountControl"].Value = NORMAL_ACCOUNT | PWD_NOTREQD;
user.Properties["description"].Add("AC #" +
ticketnumber + " JB | Created with
JBSoftware");
user.Properties["displayName"].Add(displayName);
user.Properties["objectCategory"].Add("PERSON");
user.Properties["postalCode"].Add(postalCode);
user.Properties["manager"].Add(Manager);
user.CommitChanges();
}
}
catch (System.DirectoryServices.DirectoryServicesCOMException E)
{
MessageBox.Show(E, "ERROR!", MessageBoxButtons.OK, MessageBoxIcon.Error);
throw;
} }
|
Well I think that is it for the day, I hope that this information might be useful to someone out there!
Edit >
It seems that I forgot a simple o in the Country property. (see in bold)