Share via

How to: Set Initial Passwords in Active Directory Domain Services

  • Article

When you add a user to Active Directory Domain Services (AD DS), you can set an initial password for the new user. To do this, you must set the unicodePwd attribute to a value. You can set a user's initial password in the Provision method of your metaverse rules extension.

The following examples show how to set the initial password of a user with the value of the employeeID attribute.

Public Sub Provision( _
      ByVal mventry As MVEntry) _
   Implements IMVSynchronization.Provision

    Dim ManagementAgent As ConnectedMA
    Dim Connectors As Integer
    Dim container As String
    Dim rdn As String
    Dim dn As ReferenceValue
    Dim csentry As CSEntry

    ManagementAgent = mventry.ConnectedMAs("Fabrikam AD MA")
    Connectors = ManagementAgent.Connectors.Count

    If 0 = Connectors Then

        ' Determine the container of the new connector space entry.
        container = "CN=users,DC=fabrikam,DC=com"

        ' Create the new distinguished name of the connector space entry.
        If mventry("cn").IsPresent Then
            rdn = "CN=" & mventry("cn").Value
            dn = ManagementAgent.EscapeDNComponent(rdn).Concat(container)
        Else

            ' Throw an error if the cn value is not present.
            Throw New UnexpectedDataException()
        End If

        ' Add the new user object to the connector space.
        csentry = ManagementAgent.Connectors.StartNewConnector("user")
        csentry.DN = dn

        ' Set the initial password using the Employee ID.
        csentry("unicodepwd").Values.Add(mventry("employeeID").Value)
        csentry.CommitNewConnector()
    End If
End Sub

void IMVSynchronization.Provision (MVEntry mventry)
{
    ConnectedMA ManagementAgent;
    int Connectors;    
    ReferenceValue dn;
    string container;
    string  rdn;
    CSEntry CSentry;
    
    ManagementAgent = mventry.ConnectedMAs["Fabrikam AD MA"];
    Connectors = ManagementAgent.Connectors.Count;
    
    if(0 == Connectors)
    {
        // Determine the container of the new connector space entry.
        container = "CN=users,DC=fabrikam,DC=com";
        
        // Create the new distinguished name of the connector space entry.
        if(mventry["cn"].IsPresent)
        {
            rdn = "CN=" + mventry["cn"].Value;
            dn = ManagementAgent.EscapeDNComponent(rdn).Concat(container);
        }
        else
        {

            // Throw an error if the cn value is not present.
            throw new UnexpectedDataException();
        }

        // Add the new user object to the connector space.
        CSentry = ManagementAgent.Connectors.StartNewConnector("user");
        CSentry.DN = dn;

        // Set the initial password using the Employee ID.
        CSentry["unicodepwd"].Values.Add(mventry["employeeID"].Value);
        CSentry.CommitNewConnector();
    }    
}

See Also

Reference

Provision

Concepts

Setting Initial Passwords