LDAP - Help please, user creation and settings

Hi
I've created a program that creates a user in a OU and customises the user
profile's name, logon etc etc, however there are a couple of things i am
stuck on.

These are:
- Adding the user to an existing group
- Setting password never expires
- Setting user cannot change password

I've tried a way of adding a user to a group but my LDAP knowledge is
limited any chance of some1 point me to the examples i need or placing a bit
of useful code in here?
I'm writing it in VB6

Many Thanks in advance
T

To add a user to a group, bind to the group object and use the Add method of
the group object. You pass the AdsPath of the new member to this method (see
below).

To set password never expires, set the ADS_UF_DONT_EXPIRE_PASSWD bit of the
userAccountControl attribute. To do this you Or the appropriate bit mask
(see below).

To deny permission to change the password you must add two ACE's to the DACL
of the user object. However, you can configure the account so the password
cannot be changed at all, which is probably what you want. This is
controlled by another bit of userAccountControl.

In brief:
==============
Const ADS_UF_PASSWD_CANT_CHANGE = &H40
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000

' Bind to OU/container.
Set objOU = GetObject("LDAP://ou=Sales,dc=MyDomain,dc=com")

' Create user object.
Set objUser = objOU.Create("user", "cn=Jim Smith")

' Set mandatory attributes.
objUser.sAMAccountName = "JSmith"
' Save changes.
objUser.SetInfo

' Set password never expires and cannot change.
lngFlag = objUser.userAccountControl
lngFlag = lngFlag Or ADS_UF_DONT_EXPIRE_PASSWD
lngFlag = lngFlag Or ADS_UF_PASSWD_CANT_CHANGE
objUser.userAccountControl = lngFlag
' Save changes.
objUser.SetInfo

' Bind to group object.
Set objGroup = GetObject("LDAP://cn=TestGroup,ou=Sales,dc=Domain,dc=com")
' Add the user to the group.
objGroup.Add(objUser.AdsPath)
============
If you want to deny the user permission to change their own password, but
allow administrators to change it, I have a sample VBScript program linked
here:

http://www.rlmueller.net/Cannot%20Change%20PW.htm

The code would be very similar in VB.
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net

"Kane T" <KaneT@discussions.microsoft.com> wrote in message
news:ACE0C9E2-7DC9-4347-9082-C614E3172C6B@microsoft.com...
> Hi
> I've created a program that creates a user in a OU and customises the user
> profile's name, logon etc etc, however there are a couple of things i am
> stuck on.
>
> These are:
> - Adding the user to an existing group
> - Setting password never expires
> - Setting user cannot change password
>
> I've tried a way of adding a user to a group but my LDAP knowledge is
> limited any chance of some1 point me to the examples i need or placing a
> bit
> of useful code in here?
> I'm writing it in VB6
>
> Many Thanks in advance
> T
>
>

Ok thanks for the help so far, i've got the program but i keep on getting
this error

Run-time error '2147016661 (8007202b)
Automation Error
A Referral was returned from the server.

heres the code
Private Sub Command3_Click()
' This button will create one user with the settings needed for a call handler
current = "310" ' sets the current number to 310
Const ADS_UF_PASSWD_CANT_CHANGE = &H40
Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000

Set objOU = GetObject("LDAP://OU=Call Centre,dc=trizhq,dc=com") 'connects to
the OU call centre on Domain
Set objUser = objOU.Create("User", "cn=" & current & "")
objUser.Put "sAMAccountName", "" & current & ""
objUser.Put "givenName", "" & current & ""
objUser.Put "userPrincipalName", "" & current & "@trizhq.com"
objUser.Put "profilePath", "\\ntserver\data\profiles\ccstandard"
lngFlag = objUser.userAccountControl
lngFlag = lngFlag Or ADS_UF_DONT_EXPIRE_PASSWD
lngFlag = lngFlag Or ADS_UF_PASSWD_CANT_CHANGE
objUser.userAccountControl = lngFlag

objUser.SetInfo
' Bind to group object.
Set objGroup = GetObject("LDAP://cn=call centre group,dc=Domain,dc=com")
' Add the user to the group.
objGroup.Add (objUser.AdsPath)

where am i going wrong? before i bash my head into the table?!!!
Thanks

"Richard Mueller" wrote:

> To add a user to a group, bind to the group object and use the Add method of
> the group object. You pass the AdsPath of the new member to this method (see
> below).
>
> To set password never expires, set the ADS_UF_DONT_EXPIRE_PASSWD bit of the
> userAccountControl attribute. To do this you Or the appropriate bit mask
> (see below).
>
> To deny permission to change the password you must add two ACE's to the DACL
> of the user object. However, you can configure the account so the password
> cannot be changed at all, which is probably what you want. This is
> controlled by another bit of userAccountControl.
>
> In brief:
> ==============
> Const ADS_UF_PASSWD_CANT_CHANGE = &H40
> Const ADS_UF_DONT_EXPIRE_PASSWD = &H10000
>
> ' Bind to OU/container.
> Set objOU = GetObject("LDAP://ou=Sales,dc=MyDomain,dc=com")
>
> ' Create user object.
> Set objUser = objOU.Create("user", "cn=Jim Smith")
>
> ' Set mandatory attributes.
> objUser.sAMAccountName = "JSmith"
> ' Save changes.
> objUser.SetInfo
>
> ' Set password never expires and cannot change.
> lngFlag = objUser.userAccountControl
> lngFlag = lngFlag Or ADS_UF_DONT_EXPIRE_PASSWD
> lngFlag = lngFlag Or ADS_UF_PASSWD_CANT_CHANGE
> objUser.userAccountControl = lngFlag
> ' Save changes.
> objUser.SetInfo
>
> ' Bind to group object.
> Set objGroup = GetObject("LDAP://cn=TestGroup,ou=Sales,dc=Domain,dc=com")
> ' Add the user to the group.
> objGroup.Add(objUser.AdsPath)
> ============
> If you want to deny the user permission to change their own password, but
> allow administrators to change it, I have a sample VBScript program linked
> here:
>
> http://www.rlmueller.net/Cannot%20Change%20PW.htm
>
> The code would be very similar in VB.
> --
> Richard
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
>
> "Kane T" <KaneT@discussions.microsoft.com> wrote in message
> news:ACE0C9E2-7DC9-4347-9082-C614E3172C6B@microsoft.com...
> > Hi
> > I've created a program that creates a user in a OU and customises the user
> > profile's name, logon etc etc, however there are a couple of things i am
> > stuck on.
> >
> > These are:
> > - Adding the user to an existing group
> > - Setting password never expires
> > - Setting user cannot change password
> >
> > I've tried a way of adding a user to a group but my LDAP knowledge is
> > limited any chance of some1 point me to the examples i need or placing a
> > bit
> > of useful code in here?
> > I'm writing it in VB6
> >
> > Many Thanks in advance
> > T
> >
> >
>
>
>

Hmm might help if i checked my program first...my apologies i'll let you know
if it happens still tho.

T