Java, Add new User into Active Directory as Enabled User

Question

I am trying to add New User in Windows Active Directory.

I am able to create New User in AD successfully. But this User is added in AD as a Disabled User, So I want to add New User in AD as Enabled User.

For this I am using below code

import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.BasicAttribute;
import javax.naming.directory.BasicAttributes;
import javax.naming.ldap.InitialLdapContext;

public class Test {
    final static String DOMAIN_NAME = "TEST.local";
    final static String User_Context = "CN=Users,DC=TEST,DC=local";
    final static String DOMAIN_URL = "ldap://192.168.1.100:389";
    final static String ADMIN_NAME = "CN=Administrator,CN=Users,DC=TEST,DC=local";
    final static String ADMIN_PASS = "Awesdew321";
    final static String SEC_AUTH = "simple";
    final static String CON_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";

    public static void main(String[] args) {
        UserObjects userObj = new UserObjects();
        userObj.sAMAccountName = "tuser01";
        userObj.givenName = "Test";
        userObj.sn = "User01";
        userObj.password = "Terdar123";
        userObj.organisationUnit = "";

        try {
            addUser(userObj);
        } catch (NamingException e) {
        }
    }

    public static boolean addUser(UserObjects userObj) throws NamingException {
        int UF_NORMAL_ACCOUNT = 0x0200;

        InitialLdapContext context = null;
        Hashtable<String, String> env = new Hashtable<String, String>();
        try {
            env.put(Context.INITIAL_CONTEXT_FACTORY, CON_FACTORY);
            env.put(Context.SECURITY_AUTHENTICATION, SEC_AUTH);
            env.put(Context.SECURITY_PRINCIPAL, ADMIN_NAME);
            env.put(Context.SECURITY_CREDENTIALS, ADMIN_PASS);
            env.put(Context.PROVIDER_URL, DOMAIN_URL);
            context = new InitialLdapContext(env, null);

            Attribute objClasses = new BasicAttribute("objectClass");
            objClasses.add("top");
            objClasses.add("person");
            objClasses.add("organizationalPerson");
            objClasses.add("user");

            String cnValue = new StringBuffer(userObj.givenName).append(" ").append(userObj.sn).toString();
            Attribute cn = new BasicAttribute("cn", cnValue);
            Attribute sAMAccountName = new BasicAttribute("sAMAccountName", userObj.sAMAccountName);
            Attribute principalName = new BasicAttribute("userPrincipalName",
                    userObj.sAMAccountName + "@" + DOMAIN_NAME);
            Attribute givenName = new BasicAttribute("givenName", userObj.givenName);
            Attribute sn = new BasicAttribute("sn", userObj.sn);
            Attribute uid = new BasicAttribute("uid", userObj.sAMAccountName);
            Attribute userAccountControl = new BasicAttribute("userAccountControl",
                    Integer.toString(UF_NORMAL_ACCOUNT));
            Attribute userPassword = new BasicAttribute("userpassword", userObj.password);

            Attributes container = new BasicAttributes();
            container.put(objClasses);
            container.put(sAMAccountName);
            container.put(principalName);
            container.put(cn);
            container.put(sn);
            container.put(givenName);
            container.put(uid);
            container.put(userAccountControl);
            container.put(userPassword);

            String userDN = "cn=" + cnValue + "," + User_Context;
            context.createSubcontext(userDN, container);
            return true;
        } catch (Exception e) {
            return false;
        }
    }
}

When I run this, It gives me the the following error :

javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0
remaining name 'cn=Test User01,CN=Users,DC=TEST,DC=local'

I am using Java (jdk1.8.0_60) and Windows Active Directory.

I think you question is duplicate see this link stackoverflow.com/questions/4322243/… — Manesh
– Manesh, Commented Apr 25, 2017 at 12:53

jwilleke · Accepted Answer · 2017-04-26 08:15:05Z

1

Generally, When you use create a user account, the new account is disabled and cannot be enabled unless either of the following has occurred:

A valid password has been set for the account.
UF_PASSWD_NOTREQD parameter has been set to true.

It seems to work best if you set the password and UF_NORMAL_ACCOUNT after creation of the user.

-jim

edited Apr 26, 2017 at 8:15

answered Apr 26, 2017 at 7:59

jwilleke

11.1k1 gold badge34 silver badges56 bronze badges

Sign up to request clarification or add additional context in comments.

1 Comment

user3441151 Over a year ago

You are trying to say that, First I have to create user in AD than I have to update userAccountControl attribute with "0x0200" value?

Collectives™ on Stack Overflow

Java, Add new User into Active Directory as Enabled User

1 Answer 1

1 Comment

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

1 Comment

Your Answer

Sign up or log in

Post as a guest

Linked

Related