Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
New User Not Enabled Upon Creation
See original GitHub issueWhen I create a new user in Active Directiory, it is disabled until I manually reset the password and enable them (using ADUC).
I am using the following approach:
client.add ( userDn, entry, function (err, result) { console.log(err, result); } } );
With the following entry object:
var entry = {
displayName: displayName,
sAMAccountName: samAccountName,
name: name,
sn: name,
givenName: givenName,
mailNickname: samAccountName,
userPrincipalName: userPrincipalName,
physicalDeliveryOfficeName: officeName,
company: company,
info: sourceInfo,
department: locationCode,
mail: [email],
objectClass: ['organizationalPerson', 'person', 'top', 'user'],
objectCategory: personCategory
description: 'auto created on ' + (new Date()).toLocaleString()
}
If I attempt to add in the userPassword property, the process will return a [UnwillingToPerformError] with a 5003 WILL_NOT_PERFORM code.
I have tried to use the iconv-lite library to encode in utf16-le and I have tried the node-ssha256 found in the only references that I could dig up.
According to this powershell reference, the account is disabled because I am not able to supply the proper secureString password with the account:
-AccountPassword SecureString
A new password value for an account.
This value is stored as an encrypted string.
If an empty or $null password is specified a Random password will be set.
If the password does not meet password policy the account will be disabled
User accounts, by default, are created without a password.
A valid user account password may also be specified manually.
User accounts will never be enabled unless a valid password is set
The following example will prompt for a password.
-AccountPassword (Read-Host -AsSecureString "AccountPassword")
Adding a userAccountControl: 512 to the object to enable the account upon creation also fails.
Calling a modify from the creation callback also fails. And, this is using a password that is compliant with the enforced policies.
Issue Analytics
- State:
- Created 8 years ago
- Comments:7
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I know this is old, but I was able to get a user created and enabled by passing
userAccountControl: “512”
as a property. I cannot pass a password either though, which is part of your issue. So if you use the userAccountControl without the password, it creates the user with a blank password that needs to be reset upon first login.
As it was mentioned, first of all you need to make sure that your Domain Controller accepts connections via
ldaps. Otherwise you are not able to store or change passwords at all. Secondly the passwords are stored in the fieldunicodePwdand need to be encoded. I am doing that as follows:So my entry object looks like:
Hope this helps.
Side note: You should not install your certificate authority on your DC. Just get an independent server for that.