Problem:
I am receiving the error "The server is unwilling to process the request" when changing the AD attribute userAccountControl to enable user account in C#. I am using the below C# code to enable AD user account and reset password.public static void EnableADUser(string username) { DirectoryEntry user = new DirectoryEntry("LDAP://CN="+username+ ",OU=TestOU,DC=TestDomain,DC=com"); int old_UAC = (int)user.Properties["userAccountControl"][0]; // Enable User Account user.Properties["userAccountControl"][0] = (old_UAC & ~2); user.CommitChanges(); // Reset Password user.Invoke("SetPassword", new object[] { "MyP@$$w0rd" }); user.CommitChanges(); }
Cause:
The cause of the problem is, we are modifying new user attribute before Set the Password. So, we should set the password for new user before making any attribute change. I have changed my C# code to reset password first and change attribute.public static void EnableADUser(string username) { DirectoryEntry user = new DirectoryEntry("LDAP://CN="+username+ ",OU=TestOU,DC=TestDomain,DC=com"); // Reset Password user.Invoke("SetPassword", new object[] { "MyP@$$w0rd" }); user.CommitChanges(); int old_UAC = (int)user.Properties["userAccountControl"][0]; // Enable User Account user.Properties["userAccountControl"][0] = (old_UAC & ~2); user.CommitChanges(); }
No comments:
Post a Comment