0

I am trying to create new user in AD with code as - 

var principalContext = GetPrincipalContext(txtDomain.Text, txtAdminUser.Text, txtAdminPassword.Text);

        var userPrincipal = new UserPrincipal(principalContext, txtUsername.Text, txtPassword.Text,true);

        //User details
        userPrincipal.UserPrincipalName = txtUsername.Text;
        userPrincipal.GivenName = txtGivenName.Text;
        userPrincipal.Surname = txtSurname.Text;
        userPrincipal.PasswordNeverExpires = true;
        userPrincipal.AllowReversiblePasswordEncryption = true;
        userPrincipal.Save();

User gets created as enabled.

But if I use options PasswordNeverExpires or AllowReversiblePasswordEncryption (values set to true) after creating user, then the user enable state changes to disable.

By after, I mean that user had created in AD. And we are modifying user's mentioned attributes then after.

I'm unable to find genuine reason for this. Can you please help me to get why it's behaving weird?

Vikram Singh Saini
  • 1,749
  • 3
  • 22
  • 42
  • It may be because domain level policy may be disabling it. Have you checked with domain admin if there is any such policy exists? – Pankaj Kapare Jan 15 '15 at 12:00
  • @PankajKapare I had confirmed from Admin. He shared that, "No there is no domain policy disabling it." – Vikram Singh Saini Jan 15 '15 at 12:06
  • 1
    If you're just setting the `AllowReversiblePasswordEncryption` option to `true` for an existing user, I might expect this - in that I'd expect that you'd need to reset the user's password after this point also so that there's an opportunity to store it reversibly. Is that the change you're talking about? – Damien_The_Unbeliever Jan 15 '15 at 13:19
  • @Damien_The_Unbeliever Though the point you made is true but we are not doing it. **The change** I am talking is that once the user is created, it is enabled. Now we set other attributes *(for e.g. AllowReversiblePasswordEncryption)*, then we save it. Now user account is disabled. *What I am expecting is that it should not be disabled.* – Vikram Singh Saini Jan 15 '15 at 13:44
  • Damien has point. Since password is already set for existing user which was in non reversible format and now you are setting property AllowReversiblePasswordEncryption=true which may be causing disabling user. Probably you need to reset password once you set AllowReversiblePasswordEncryption property. – Pankaj Kapare Jan 15 '15 at 20:34
  • @PankajKapare I believe that your statement might be true. I will try and let you know then after. – Vikram Singh Saini Jan 20 '15 at 06:22

0 Answers0