2
votes

If I want to create a new user with the UserPrincipal-class in the ADAM (Ad LDS) Directory (maybe also in Active Directory, I have not tested it), it always fails with the following message:

“The principal could not be enabled because the existing account control flags could not be read.”

The code I use is as follows:

using (UserPrincipal user = new UserPrincipal(ctx,userName,password,[false/true])) {
    // ...
}
1

1 Answers

3
votes

It turns out that this is another bug in the AccountManagement-Namespace. Create the user without any properties, assign the properties later, save the user and enable it after saving. This helps.

using (UserPrincipal user = new UserPrincipal(ctx)) {
    user.Name = userName;
    user.UserPrincipalName = userName;
    user.SetPassword(password);
    user.Save();
    user.Enabled = true;
    user.Save();
}

There is a connect-entry, and sadly, MS writes in this entry, that they not are willing to fix this bug.