Since the procedures your are asking me to try can be a bit long "and

Can you confirm that they can solve my problem. I'm a bit sckeptical about

A cut & paste of this code in a dll used within a windowsform is also

I'm not sure but I think my problem have to do with IIS/ASPNET and some

I'm also using the AuthenticationTypes.ServerBind flag in my constructor

If after all that you do think I should use a sniffer please can you

thanks a lot for your help,
--
Eric Beaudry
.Net Architecture Developer

I've been looking around for information about my problem for a couple of days now and I just can't find any usefull information.
I've develop some code that create a user in AD by using the DirectoryServices.
At first I developed everything in a windowsform (everything was fine at that time).
Second I migrated the code to a webservice and everything started to behave strangely. I managed to make almost everything work after some researches.
Now the last problem I have is that I can add a user to AD, set his password and change the "useraccountcontrol" to ADS_UF_NORMAL_ACCOUNT on my first trip to the webservice.
My second creation results in an error on the line newEntry.Invoke("SetPassword", New String() {"Secret"})
The strange thing is that if I restart IIS I can add ONE user without any problem and the second fails just like before.
Any solution other than restarting IIS on each user creation would be good!
The Account is created on the second call but it is disabled
I have tried many differents combinasion of impersonate or not, use logonuser or not... (with all the security consideration that this implies)
<authentication mode="None" />
and no settings for impersonation
I keep getting the same error no matter which configuration I use.
The error is: System.Runtime.InteropServices.COMException (0x80005008): One or more input parameters are invalid
GetLDAPSearchRoot, GetLDAPDomain, GetLDAPUsername, GetLDAPPassword are just returning settings from the web.config file.
"Exists" function is working fine and tells me if the useraccount already exists on any trip to the service.
<WebMethod()> _
Public Function Add(ByVal UserInfo As AccountInfo, ByVal LDAPConfigName As String) As Guid
Dim newEntry As AD.DirectoryEntry
'IMPORTANT: Must use ServerBind so Kerberos encryption is used (using anything else results in a Network path not found when setting the password)
'IMPORTANT: User must be part of the Domain Admins otherwise we cannot Set the password
Dim RootEntry As New AD.DirectoryEntry(GetLDAPSearchRoot(LDAPConfigName), String.Format("{0}\{1}", GetLDAPDomain(LDAPConfigName), GetLDAPUsername(LDAPConfigName)), GetLDAPPassword(LDAPConfigName), AD.AuthenticationTypes.ServerBind)
Try
If Exists(UserInfo, LDAPConfigName) Then
Throw New Exceptions.UserAlreadyExistsException
End If
'Creating the new entry
newEntry = RootEntry.Children.Add("CN=" & UserInfo.Username, "User")
newEntry.Properties("sAMAccountName").Value = UserInfo.Username 'Mandatory
newEntry.CommitChanges() 'must be commited before any modification to other properties are permitted
'Set the password
newEntry.Invoke("SetPassword", New String() {UserInfo.Password})
'Set UserAccountControl property to Normal Account (not doing so results in a disabled account)
newEntry.Properties("useraccountcontrol").Value = ADS_UF_NORMAL_ACCOUNT
'Set properies received from UserInfo
'For Each prop As String In UserInfo.PropertyNames
' newEntry.Properties(prop).Value = UserInfo.Properties(prop)
'Next
newEntry.CommitChanges()
Return newEntry.Guid
Catch ex As Exception
Throw
Finally
If Not newEntry Is Nothing Then
newEntry.Close()
newEntry.Dispose()
End If
If Not RootEntry Is Nothing Then
RootEntry.Close()
RootEntry.Dispose()
End If
End Try
End Function
--
Eric Beaudry
.Net Architecture Developer

I've been looking around for information about my problem for a couple of days now and I just can't find any usefull information.
I've develop some code that create a user in AD by using the DirectoryServices.
At first I developed everything in a windowsform (everything was fine at that time).
Second I migrated the code to a webservice and everything started to behave strangely. I managed to make almost everything work after some researches.
Now the last problem I have is that I can add a user to AD, set his password and change the "useraccountcontrol" to ADS_UF_NORMAL_ACCOUNT on my first trip to the webservice.
My second creation results in an error on the line newEntry.Invoke("SetPassword", New String() {"Secret"})
The strange thing is that if I restart IIS I can add ONE user without any problem and the second fails just like before.
Any solution other than restarting IIS on each user creation would be good!
The Account is created on the second call but it is disabled
I have tried many differents combinasion of impersonate or not, use logonuser or not... (with all the security consideration that this implies)
<authentication mode="None" />
and no settings for impersonation
I keep getting the same error no matter which configuration I use.
The error is: System.Runtime.InteropServices.COMException (0x80005008): One or more input parameters are invalid
GetLDAPSearchRoot, GetLDAPDomain, GetLDAPUsername, GetLDAPPassword are just returning settings from the web.config file.
"Exists" function is working fine and tells me if the useraccount already exists on any trip to the service.
<WebMethod()> _
Public Function Add(ByVal UserInfo As AccountInfo, ByVal LDAPConfigName As String) As Guid
Dim newEntry As AD.DirectoryEntry
'IMPORTANT: Must use ServerBind so Kerberos encryption is used (using anything else results in a Network path not found when setting the password)
'IMPORTANT: User must be part of the Domain Admins otherwise we cannot Set the password
Dim RootEntry As New AD.DirectoryEntry(GetLDAPSearchRoot(LDAPConfigName), String.Format("{0}\{1}", GetLDAPDomain(LDAPConfigName), GetLDAPUsername(LDAPConfigName)), GetLDAPPassword(LDAPConfigName), AD.AuthenticationTypes.ServerBind)
Try
If Exists(UserInfo, LDAPConfigName) Then
Throw New Exceptions.UserAlreadyExistsException
End If
'Creating the new entry
newEntry = RootEntry.Children.Add("CN=" & UserInfo.Username, "User")
newEntry.Properties("sAMAccountName").Value = UserInfo.Username 'Mandatory
newEntry.CommitChanges() 'must be commited before any modification to other properties are permitted
'Set the password
newEntry.Invoke("SetPassword", New String() {UserInfo.Password})
'Set UserAccountControl property to Normal Account (not doing so results in a disabled account)
newEntry.Properties("useraccountcontrol").Value = ADS_UF_NORMAL_ACCOUNT
'Set properies received from UserInfo
'For Each prop As String In UserInfo.PropertyNames
' newEntry.Properties(prop).Value = UserInfo.Properties(prop)
'Next
newEntry.CommitChanges()
Return newEntry.Guid
Catch ex As Exception
Throw
Finally
If Not newEntry Is Nothing Then
newEntry.Close()
newEntry.Dispose()
End If
If Not RootEntry Is Nothing Then
RootEntry.Close()
RootEntry.Dispose()
End If
End Try
End Function
--
Eric Beaudry
.Net Architecture Developer