Previous to .NET 3.5, it was difficult to create and modify user and group accounts. One way to do that was by using the classes from the System. DirectoryServices namespace, or by using the strongly
typed native COM interfaces. New with .NET 3.5 is the assembly System DirectoryServices .AccountManagement that offers r-n abstraction to the System. DirectoryServices classes by offering specific methods and properties to search, modify, create, and update users and groups.
The classes and their functionality are explained in the following table.
Display User Information
The static property Current of the UserPrincipal class returns a UserPrincipal object with information about the currently logged-on user:
Running the application displays information about the user:
Create a User
You can use the UserPrincipal class to create a new user. First a PrincipalContext is required to define where the user should be created. With the PrincipalContext, you set tile ContextType to an enumeration value of Domain, Machine, or ApplicationDirectory depending on whether the directory service, the local accounts of the machine, or an application directory should be used. If the current user does not have access to add accounts to Active Directory; you can also set a user and password with the PrincipalContext that is used to access ‘the server.
Next, you can create an instance of UserPrincipal passing.the principal context, and setting all required properties. Here, the GivenName and EmaiIAddress properties are set. finally, you must
invoke the Save() method of the UserPrincipal to write the new user to’ the store:
Reset a Password
To reset a password from an existing user, you can use the Set Password() method from a UserPrincipal object:
The user running this code needs to have the privilegeto reset a password. To change the password from an old one to a new one, you can use the method ChangePassword().
Create a Group
A new group can be created in a similar way to creating a new user. Here, just the classGroupPrincipal is used instead of the classUserPrincipal. As in creating a new user,the properties are set,and the Save() method is invoked:
Add a user to a Group
To add a user to a group, you can use a GroupPrincipal and add a User Principal to the Members property of the group. To get an existing user and group, you can use the staticmethod FindByldentity():
Static methods of the userprincipal object allow finding users based on some predefined criteria.The sample here.shows finding users who didn’t change their passwords within the last 30 days by using the method FindPasswordSetTime(). This method returns a PrincipalSearchResult<UserPrincipal> collection that is iterated to display the user name, the last logon time, and the time when the password was reset:
Other methods offered by the UserPrincipal class to find users are FindByBadPasswordAttempt(), FindByExpirationTime(), FindByLocKoutTime (), and FindByLogonTime().
You can get more flexibility in finding users by using the PrincipalSearcher class. This class is an abstraction of the DirectorySearcher class and uses this class behind the scenes. With the Principal Searcher class, you can assign any Principal object to the QueryFilter property. In the example here, a UserPrincipal object with the properties Surname and Enabled is set to the QueryFilter. This way, all user objects starting with the surname Nag and which are enabled are returned with the Principal SearchResult collection. The Principal Searcher class creates an LDAP query string to do the search.