Remove From My Forums

Error when creating user in Active Directory through Dynamics CRM 2011 UI.

Question
0

Sign in to vote

Hello Friends,

I am trying to create user in Active Directory through dynamics crm 2011 user interface. For that I am using a dummy custom entity and preOperation plugin with create message, but getting an error ....

Unexpected exception from plug-in (Execute): ADUser.Plugins.PreADUserOnpremiseCreate: System.Security.SecurityException: Request for the permission of type 'System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' failed.

Entity from:

I am 100% sure that I am making mistakes in code, my code is:

            IPluginExecutionContext context = localContext.PluginExecutionContext;

            IOrganizationServiceservice = localContext.OrganizationService;

            ITracingServicetracingService = localContext.TracingService;

            Entityentity = context.InputParameters["Target"] asEntity;

            //sdk code

            //domain is – xxx.com -

            stringldapPath = "LDAP://myservername/DC=xxx,DC=com"; // IS THIS IN CORRECT WAY?

            // Create an Active Directory user account if it doesn't exist already.

            GuiduserId = Guid.Empty;

            DirectoryEntrydirectoryEntry = newDirectoryEntry(ldapPath, "administrator@abc.com", "password");

            DirectoryEntryuserADAccount = null;

            // Create the Active Directory account.

            userADAccount = directoryEntry.Children.Add("CN= "+ entity.Attributes["new_name"], "user");

            userADAccount.Properties["samAccountName"].Value = entity.Attributes["new_name"];

            userADAccount.Properties["givenName"].Value = entity.Attributes["new_ad_fname"];

            userADAccount.Properties["sn"].Value = entity.Attributes["new_ad_lname"];

            userADAccount.CommitChanges();

            // Set the password for the account.

            Stringpassword = entity.Attributes["new_ad_pw"].ToString();

            userADAccount.Invoke("SetPassword", newobject[] { password });

            userADAccount.CommitChanges();

            directoryEntry.Close();

            userADAccount.Close();

            // Enable the newly created Active Directory account.

            userADAccount.Properties["userAccountControl"].Value = (int)userADAccount.Properties["userAccountControl"].Value & ~0x2;

            userADAccount.CommitChanges();

            // Wait 10 seconds for the AD account to propagate.

            Thread.Sleep(10000);

For plugin I am using code given in CRM SDK, but I think I am not passing required values in right manner. Please guide me with this issue and tell me how to resolve that error.

Thanks in advance.
-- NMathur

Tuesday, February 28, 2012 5:25 AM

Answers

Hi NMathur,

Try the following, I have tested and seemed to work OK. please update the field names before deploying because mine is slightly different to yours. Also take note of the LDAP settings, I am creating users in the Users OU. Eventhough this is a working code for me, please make sure you have all the required AD fields populated. Hope this helps.

public class adusercreate : IPlugin
    {
        public void Execute(IServiceProvider serviceProvider)
        {
            ITracingService tracingService = (ITracingService)serviceProvider.GetService(typeof(ITracingService));
            //Obtain the execution context from the service provider
            IPluginExecutionContext context = (IPluginExecutionContext)serviceProvider.GetService(typeof(IPluginExecutionContext));

            //Obtain the Organisation service reference
            IOrganizationServiceFactory serviceFactory = (IOrganizationServiceFactory)serviceProvider.GetService(typeof(IOrganizationServiceFactory));
            IOrganizationService service = serviceFactory.CreateOrganizationService(context.UserId);

            Entity entity = context.InputParameters["Target"] as Entity;

            string ldapPath = "LDAP://cn=Users, dc=contoso, dc=com";
 
            // Create an Active Directory user account if it doesn't exist already.
            Guid userId = Guid.Empty;
 
            DirectoryEntry directoryEntry = new DirectoryEntry(ldapPath, "administrator", "pass@word1");
            DirectoryEntry userADAccount = null;
 
            // Create the Active Directory account.
            userADAccount = directoryEntry.Children.Add("CN= "+ entity.Attributes["new_name"], "user");
            userADAccount.Properties["samAccountName"].Value = entity.Attributes["new_name"];
            userADAccount.Properties["givenName"].Value = entity.Attributes["new_fname"];
            userADAccount.Properties["sn"].Value = entity.Attributes["new_lname"];
            userADAccount.CommitChanges();
 
            // Set the password for the account.
            String password = entity.Attributes["new_password"].ToString();
            userADAccount.Invoke("SetPassword", new object[] { password });
            userADAccount.CommitChanges();
            directoryEntry.Close();
            userADAccount.Close();
 
            // Enable the newly created Active Directory account.
            userADAccount.Properties["userAccountControl"].Value = (int)userADAccount.Properties["userAccountControl"].Value & ~0x2;
            userADAccount.CommitChanges();
            // Wait 10 seconds for the AD account to propagate.
            Thread.Sleep(10000);
        }
    }

Eric UNG [Senior Analyst Programmer :: Sydney, Australia]

Marked as answer by nmathur Tuesday, February 28, 2012 7:04 AM

Tuesday, February 28, 2012 6:00 AM

1

Sign in to vote
Did you register your plugin in the sandbox? If so, accessing DirectoryServices are likely a privileged operation and available to you only if your plugin is registered outside the sandbox.
--pogo (pat) @ pogo69.wordpress.com
- Marked as answer by nmathur Tuesday, February 28, 2012 7:04 AM
Tuesday, February 28, 2012 6:26 AM

All replies