| Platform SDK: Active Directory, ADSI, and Directory Services |
To add a user to Active Directory™, you create a user object in the domain container of the domain where you want to place the user. Users can be created at the root of the domain, within an organizational unit, or within a container.
When you create a user object, you must also set the following attributes to make the object a legal user that is recognized by Active Directory and the Windows® Security system:
The sAMAccountName must be unique among all security principal objects within the domain. You should perform a query against the domain to verify that the sAMAccountName is unique within the domain.
Optionally, you can also set other properties. The following user properties are set with default values if you do not explicitly set them at creation time:
| Property | Value |
|---|---|
| accountExpires | Default is Never. |
| cn | Specified in IADsContainer::Create. |
| nTSecurityDescriptor | A security descriptor is created based on the rules specified in How Security Descriptors are Set on New Directory Objects. |
| objectCategory | Person |
| name | RDN is the cn. |
| pwdLastSet | Controls whether user must change password at next logon.
Default is 0. Zero (0) means the user must change the password at next logon. |
| UserAccountControl | Contains values that determine several logon and account features for the user.
By default, the following flags are set: UF_ACCOUNTDISABLE UF_ACCOUNTDISABLE means the user's account is disabled. UF_PASSWD_NOTREQD means no password is required for the user to log on. UF_NORMAL_ACCOUNT is a default account type that represents a typical user. |
| memberOf | Domain Users |