private void CreateUserAccount(string domain, string userName, string password, string description, string[] memberOf)
{
SetProgressText("Creating windows user account...");
this.Update();
string componentId = Wizard.SetupVariables.ComponentId;
if (!SecurityUtils.UserExists(domain, userName))
{
Log.WriteStart("Creating Windows user account");
Log.WriteInfo(string.Format("Creating Windows user account \"{0}\"", userName));
// create account
SystemUserItem user = new SystemUserItem();
user.Domain = domain;
user.Name = userName;
user.FullName = userName;
user.Description = description;
user.MemberOf = memberOf;
user.Password = password;
user.PasswordCantChange = true;
user.PasswordNeverExpires = true;
user.AccountDisabled = false;
user.System = true;
SecurityUtils.CreateUser(user);
//add rollback action
RollBack.RegisterUserAccountAction(domain, userName);
// update config setings
AppConfig.SetComponentSettingBooleanValue(componentId, "NewUserAccount", true);
AppConfig.SetComponentSettingStringValue(componentId, "UserAccount", userName);
AppConfig.SetComponentSettingStringValue(componentId, "Domain", domain);
//update log
Log.WriteEnd("Created windows user account");
//update install log
if ( string.IsNullOrEmpty(domain))
InstallLog.AppendLine(string.Format("- Created a new windows user account \"{0}\"", userName));
else
InstallLog.AppendLine(string.Format("- Created a new windows user account \"{0}\" in \"{1}\" domain", userName, domain));
}
else
{
throw new Exception("Account already exists");
}
}
/// <summary>
/// Creates user
/// </summary>
/// <param name="userInfo">User</param>
internal static void CreateUser(SystemUserItem userInfo)
{
try
{
DirectoryEntry root = null;
DirectoryEntry user = null;
if (string.IsNullOrEmpty(userInfo.Domain))
{
// create user
root = new DirectoryEntry(String.Format("WinNT://{0}", Environment.MachineName));
user = root.Children.Add(userInfo.Name, "user");
user.Invoke("SetPassword", new object[] { userInfo.Password });
user.Properties["FullName"].Add(userInfo.FullName);
user.Properties["Description"].Add(userInfo.Description);
user.Properties["UserFlags"].Add(BuildUserFlags(
userInfo.PasswordCantChange,
userInfo.PasswordNeverExpires,
userInfo.AccountDisabled));
// save account
user.CommitChanges();
}
else
{
// root entry
string rootPath = SecurityUtils.GetDomainUsersContainer(userInfo.Domain);
if (string.IsNullOrEmpty(rootPath))
throw new Exception(string.Format("Users container not found in domain {0}", userInfo.Domain));
root = new DirectoryEntry(rootPath);
// add user
user = root.Children.Add("CN=" + userInfo.Name, "user");
SetADObjectProperty(user, "description", userInfo.Description);
SetADObjectProperty(user, "UserPrincipalName", userInfo.Name);
SetADObjectProperty(user, "sAMAccountName", userInfo.Name);
//SetObjectProperty(user, "UserPassword", userInfo.Password);
user.Properties["userAccountControl"].Value =
ADAccountOptions.UF_NORMAL_ACCOUNT | ADAccountOptions.UF_PASSWD_NOTREQD;
user.CommitChanges();
// set password
user.Invoke("SetPassword", new object[] { userInfo.Password });
ADAccountOptions userFlags = ADAccountOptions.UF_NORMAL_ACCOUNT;
if (userInfo.PasswordCantChange)
userFlags |= ADAccountOptions.UF_PASSWD_CANT_CHANGE;
if (userInfo.PasswordNeverExpires)
userFlags |= ADAccountOptions.UF_DONT_EXPIRE_PASSWD;
if (userInfo.AccountDisabled)
userFlags |= ADAccountOptions.UF_ACCOUNTDISABLE;
user.Properties["userAccountControl"].Value = userFlags;
user.CommitChanges();
}
AddUserToGroups(userInfo.Domain, userInfo.Name, userInfo.MemberOf);
}
catch (Exception ex)
{
throw new Exception("Can't create user", ex);
}
}
private void CreateUserAccount(SetupVariables vars)
{
//SetProgressText("Creating windows user account...");
var domain = vars.UserDomain;
var userName = vars.UserAccount;
//
var description = String.Format(UserAccountDescription, vars.ComponentName);
var memberOf = vars.UserMembership;
var password = vars.UserPassword;
Log.WriteStart(LogStartMessage);
Log.WriteInfo(String.Format(LogInfoMessage, userName));
// create account
SystemUserItem user = new SystemUserItem
{
Domain = domain,
Name = userName,
FullName = userName,
Description = description,
MemberOf = memberOf,
Password = password,
PasswordCantChange = true,
PasswordNeverExpires = true,
AccountDisabled = false,
System = true
};
//
SecurityUtils.CreateUser(user);
// add rollback action
//RollBack.RegisterUserAccountAction(domain, userName);
// update log
Log.WriteEnd(LogEndMessage);
// update install log
if (String.IsNullOrEmpty(domain))
InstallLog.AppendLine(String.Format(InstallLogMessageLocal, userName));
else
InstallLog.AppendLine(String.Format(InstallLogMessageDomain, userName, domain));
}
private bool CheckUserAccount()
{
string userName = txtUserName.Text;
string password = txtPassword.Text;
string domain = (chkUseActiveDirectory.Checked ? txtDomain.Text : null);
if (SecurityUtils.UserExists(domain, userName))
{
ShowWarning(string.Format("{0} user account already exists.", userName));
return false;
}
bool created = false;
try
{
// create account
Log.WriteStart(string.Format("Creating temp user account \"{0}\"", userName));
SystemUserItem user = new SystemUserItem();
user.Name = userName;
user.FullName = userName;
user.Description = string.Empty;
user.MemberOf = null;
user.Password = password;
user.PasswordCantChange = true;
user.PasswordNeverExpires = true;
user.AccountDisabled = false;
user.System = true;
user.Domain = domain;
SecurityUtils.CreateUser(user);
//update log
Log.WriteEnd("Created temp local user account");
created = true;
}
catch (Exception ex)
{
System.Runtime.InteropServices.COMException e = ex.InnerException as System.Runtime.InteropServices.COMException;
Log.WriteError("Create temp local user account error", ex);
string errorMessage = "Unable to create Windows user account";
if (e != null )
{
string errorCode = string.Format("{0:x}", e.ErrorCode);
switch (errorCode)
{
case "8007089a":
errorMessage = "Invalid username";
break;
case "800708c5":
errorMessage = "The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.";
break;
case "800708b0":
errorMessage = "The account already exists.";
break;
}
}
ShowWarning(errorMessage);
return false;
}
if (created)
{
Log.WriteStart(string.Format("Deleting temp local user account \"{0}\"", userName));
try
{
SecurityUtils.DeleteUser(domain, userName);
}
catch (Exception ex)
{
Log.WriteError("Delete temp local user account error", ex);
}
Log.WriteEnd("Deleted temp local user account");
}
return true;
}
