/// <summary>
/// Helper method to create an active directory account
/// </summary>
/// <param name="userName">The username field as set in Microsoft Dynamics CRM</param>
/// <param name="firstName">The first name of the system user to be retrieved</param>
/// <param name="lastName">The last name of the system user to be retrieved</param>
/// <param name="serviceProxy">The OrganizationServiceProxy object to your Microsoft
/// Dynamics CRM environment</param>
/// <param name="ldapPath">The LDAP path for your network - you can either call
/// ConsolePromptForLDAPPath() to prompt the user or provide a value in code</param>
/// <returns>Return true if new account is created or return false if account already exist.</returns>
public static Boolean CreateADAccount(String userName,
String firstName,
String lastName,
OrganizationServiceProxy serviceProxy,
ref String ldapPath)
{
// Check to make sure this is not Microsoft Dynamics CRM Online.
if (serviceProxy.ServiceConfiguration.AuthenticationType == AuthenticationProviderType.LiveId ||
serviceProxy.ServiceConfiguration.AuthenticationType == AuthenticationProviderType.OnlineFederation)
{
throw new Exception(String.Format("To run this sample, {0} {1} must be an active system user " +
"\nin your Microsoft Dynamics CRM Online organization.", firstName, lastName));
}
if (String.IsNullOrEmpty(ldapPath))
{
ldapPath = SystemUserProvider.ConsolePromptForLDAPPath();
}
// Create an Active Directory user account if it doesn't exist already.
if (String.IsNullOrEmpty(ldapPath))
{
throw new ArgumentException("Required argument ldapPath was not provided.");
}
DirectoryEntry directoryEntry;
if (serviceProxy.ClientCredentials.Windows != null)
{
string LUser = serviceProxy.ClientCredentials.Windows.ClientCredential.UserName;
string LPwd = serviceProxy.ClientCredentials.Windows.ClientCredential.Password;
directoryEntry = new DirectoryEntry(ldapPath, LUser, LPwd);
}
else
{
directoryEntry = new DirectoryEntry(ldapPath);
}
DirectoryEntry userADAccount = null;
// Search AD to see if the user already exists.
DirectorySearcher search = new DirectorySearcher(directoryEntry);
search.Filter = String.Format("(sAMAccountName={0})", userName);
search.PropertiesToLoad.Add("samaccountname");
search.PropertiesToLoad.Add("givenname");
search.PropertiesToLoad.Add("sn");
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
Boolean accountCreated = false;
if (result == null)
{
// Create the Active Directory account.
userADAccount = directoryEntry.Children.Add("CN= " + userName, "user");
userADAccount.Properties["samAccountName"].Value = userName;
userADAccount.Properties["givenName"].Value = firstName;
userADAccount.Properties["sn"].Value = lastName;
userADAccount.CommitChanges();
accountCreated = true;
}
else
{
// Use the existing AD account.
userADAccount = result.GetDirectoryEntry();
accountCreated = false;
}
// Set the password for the account.
String password = "******";
userADAccount.Invoke("SetPassword", new object[] { password });
userADAccount.CommitChanges();
directoryEntry.Close();
userADAccount.Close();
// Enable the newly created Active Directory account.
userADAccount.Properties["userAccountControl"].Value =
(int)userADAccount.Properties["userAccountControl"].Value & ~0x2;
userADAccount.CommitChanges();
// Wait 10 seconds for the AD account to propagate.
Thread.Sleep(10000);
return(accountCreated);
}
