/// <summary>
/// Create a new user in the SAM.
/// </summary>
/// <param name="name">The name of the user.</param>
/// <param name="account_type">The type of account.</param>
/// <param name="desired_access">Desired access for new user.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The SAM user object.</returns>
public NtResult <SamUser> CreateUser(string name, SamUserAccountType account_type,
SamUserAccessRights desired_access, bool throw_on_error)
{
return(SecurityNativeMethods.SamCreateUser2InDomain(Handle, new UnicodeString(name), AccountTypeToFlags(account_type),
desired_access, out SafeSamHandle user_handle,
out SamUserAccessRights granted_access, out uint rid).CreateResult(throw_on_error,
() => new SamUser(user_handle, granted_access, ServerName, name, DomainId.CreateRelative(rid))));
}
private static UserAccountControlFlags AccountTypeToFlags(SamUserAccountType account_type)
{
switch (account_type)
{
case SamUserAccountType.User:
return(UserAccountControlFlags.NormalAccount);
case SamUserAccountType.Workstation:
return(UserAccountControlFlags.WorkstationTrustAccount);
case SamUserAccountType.Server:
return(UserAccountControlFlags.ServerTrustAccount);
case SamUserAccountType.InterDomain:
return(UserAccountControlFlags.InterDomainTrustAccount);
case SamUserAccountType.TempDuplicate:
return(UserAccountControlFlags.InterDomainTrustAccount);
default:
throw new ArgumentException("Invalid account type.", nameof(account_type));
}
}
/// <summary>
/// Create a new user in the SAM.
/// </summary>
/// <param name="name">The name of the user.</param>
/// <param name="account_type">The type of account.</param>
/// <param name="desired_access">Desired access for new user.</param>
/// <returns>The SAM user object.</returns>
public SamUser CreateUser(string name, SamUserAccountType account_type,
SamUserAccessRights desired_access)
{
return(CreateUser(name, account_type, desired_access, true).Result);
}
