Monday, February 1, 2010

Create ADAM accounts in VB.NET SSIS script

Had to write an SSIS script to Load accounts in to ADAM and had trouble trying to get it working. In the end it looks pretty simple but the gotcha's are in what you can and can not set against the user class, and also setting the password encoding and port.

Here is my method that met my requirements for creating the ADAM accounts with a password, ready to use. I searched all over for how to do this and borrowed bits and pieces from other posts and samples, but in the end did not find a sample that was as simple as this with only one commit.

NOTE this is for a NON-SSL installation, where the ADAM accounts are used by an ASP.NET application via the Membership Provider.

Also note that in this installation the user name and email are required to be the same - hence the search on the mail property being equal to the user account to ensure duplicates are not created.
Public Function CreateADAMAccount(ByVal LdapDomain As String, ByVal AUser As String, ByVal APwd As String, ByVal userAccountToCreate As String) As Boolean

Dim resList As List(Of String) = New List(Of String)()
Dim distinguishedName As String = String.Empty
Dim connectionPrefix As String = LdapDomain
Dim entry As DirectoryEntry = New DirectoryEntry(connectionPrefix, AUser, APwd, AuthenticationTypes.ServerBind)

Dim mySearcher As DirectorySearcher = New DirectorySearcher(entry)

' do the search just to be sure that there is no other account with that email address
mySearcher.Filter = "(&(objectClass=user)(mail=" & userAccountToCreate & "))"

Dim results As SearchResultCollection = mySearcher.FindAll()

Dim res As Boolean = False
If results.Count > 0 Then
res = False
Dim usr1 As DirectoryEntry = entry.Children.Add("CN=" & userAccountToCreate, "user")
usr1.Properties("userPrincipalName").Value = userAccountToCreate
usr1.Properties("mail").Value = userAccountToCreate
usr1.Properties("userPassword").Value = "XXXXXXXXX"
usr1.Properties("msDS-UserAccountDisabled").Value = False

usr1.Properties("passwordQuestion").Value = "XXXXXXXX"
usr1.Properties("passwordAnswer").Value = "XXXXXXXX"

usr1.Options.PasswordEncoding = PasswordEncodingMethod.PasswordEncodingClear
usr1.Options.PasswordPort = 389


res = True
End If


Return res

End Function

In coming to this solution I tried to use the Membership Provider within SSIS - dynamically setting the configuration settings etc. However I came to the conclusion while testing that it was not going to work as the non-ssl install required the machine key to be available (for encryption) in the system.web section of the configuration - not likely in an SSIS setup. This was getting to be too much of a hack so I reverted to the directory services solution and ended up with the above.

No comments:

Post a Comment