| Directory Services |
The IADsUser interface is a dual interface that inherits from IADs. It is designed to represent and manage an end-user account on a network. Call the methods of this interface to access and manipulate end-user account data. Such data includes names of the user, telephone numbers, job title, and so on. This interface supports features for determining the group association of the user, and for setting or changing the password.
To bind to a domain user through a WinNT provider, use the domain name as part of the ADsPath, as shown in the following code example.
GetObject("WinNT://MYDOMAIN/jeffsmith,user")
Similarly, use the computer name as part of the ADsPath to bind to a local user.
GetObject("WinNT://MYCOMPUTER/jeffsmith,user")
In Active Directory®, domain users reside in the directory. The following code example shows how to bind to a domain user through an LDAP provider.
GetObject("LDAP://CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=Com")
However, local accounts reside in the local SAM database and the LDAP provider does not communicate with the local database. Thus, to bind to a local user, you must go through a WinNT provider as described in the second code fragment.
The IADsUser interface inherits the methods of the standard COM interfaces:
In addition, IADsUser defines the following methods.
| Method | Description |
|---|---|
| get_BadLoginAddress | Gets the address of the last node, considered an "Intruder". |
| get_BadLoginCount | Gets the number of the bad logon attempts since last reset. |
| get_LastLogin | Gets the date and time of the last network login. |
| get_LastLogoff | Gets the date and time of the last network logoff. |
| get_LastFailedLogin | Gets the date and time of the last failed network login. |
| get_PasswordLastChanged | Gets the date and time of the last password change. |
| get_Description | Gets and sets the description of the user account. |
| put_Description | Gets and sets the description of the user account. |
| get_Division | Gets and sets the division within a company (organization). |
| put_Division | Gets and sets the division within a company (organization). |
| get_Department | Gets and sets the organizational unit within the organization. |
| put_Department | Gets and sets the organizational unit within the organization. |
| get_EmployeeID | Gets and sets employee identification number of the user. |
| put_EmployeeID | Gets and sets employee identification number of the user. |
| get_FullName | Gets and sets the full name of the user. |
| put_FullName | Gets and sets the full name of the user. |
| get_FirstName | Gets and sets the first name of the user. |
| put_FirstName | Gets and sets the first name of the user. |
| get_LastName | Gets and sets the last name of the user. |
| put_LastName | Gets and sets the last name of the user. |
| get_OtherName | Gets and sets the additional name, such as the nickname, or the middle name of the user. |
| put_OtherName | Gets and sets the additional name, such as the nickname, or the middle name of the user. |
| get_NamePrefix | Gets and sets the name prefix, such as Mr., Ms., or Hon., of the user. |
| put_NamePrefix | Gets and sets the name prefix, such as Mr., Ms., or Hon., of the user. |
| get_NameSuffix | Gets and sets the name suffix, such as Jr. or III, of the user. |
| put_NameSuffix | Gets and sets the name suffix, such as Jr. or III, of the user. |
| get_Title | Gets and sets the user's title within the organization. |
| put_Title | Gets and sets the user's title within the organization. |
| get_Manager | Gets and sets the manager of the user. |
| put_Manager | Gets and sets the manager of the user. |
| get_TelephoneHome | Gets and sets the list of home phone numbers of the user. In Active Directory the list has a single element. |
| put_TelephoneHome | Gets and sets the list of home phone numbers of the user. In Active Directory the list has a single element. |
| get_TelephoneMobile | Gets and sets the list of mobile phone numbers of the user. In Active Directory the list has a single element. |
| put_TelephoneMobile | Gets and sets the list of mobile phone numbers of the user. In Active Directory the list has a single element. |
| get_TelephoneNumber | Gets and sets the list of work-related phone numbers. In Active Directory the list has a single element. |
| put_TelephoneNumber | Gets and sets the list of work-related phone numbers. In Active Directory the list has a single element. |
| get_TelephonePager | Gets and sets the list of pager phone numbers. |
| put_TelephonePager | Gets and sets the list of pager phone numbers. |
| get_FaxNumber | Gets and sets the list of fax phone numbers. In Active Directory the list has a single element. |
| put_FaxNumber | Gets and sets the list of fax phone numbers. In Active Directory the list has a single element. |
| get_OfficeLocations | Gets and sets the array of end-user locations. In Active Directory the array has a single element. |
| put_OfficeLocations | Gets and sets the array of end-user locations. In Active Directory the array has a single element. |
| get_PostalAddresses | Gets and sets the array of end-user post office addresses. |
| put_PostalAddresses | Gets and sets the array of end-user post office addresses. |
| get_PostalCodes | Gets and sets the array of postal codes for the Postal Addresses. In Active Directory the array has a single element. |
| put_PostalCodes | Gets and sets the array of postal codes for the Postal Addresses. In Active Directory the array has a single element. |
| get_SeeAlso | Gets and sets the array of ADsPaths of other objects related to this user. |
| put_SeeAlso | Gets and sets the array of ADsPaths of other objects related to this user. |
| get_AccountDisabled | Gets and sets the flag to indicate whether or not the account is disabled. |
| put_AccountDisabled | Gets and sets the flag to indicate whether or not the account is disabled. |
| get_AccountExpirationDate | Gets and sets the expiration date and time of the user. |
| put_AccountExpirationDate | Gets and sets the expiration date and time of the user. |
| get_GraceLoginsAllowed | Gets and sets the number of times user can log on after password has expired. |
| put_GraceLoginsAllowed | Gets and sets the number of times user can log on after password has expired. |
| get_GraceLoginsRemaining | Gets and sets the number of grace logins left before locking account. |
| put_GraceLoginsRemaining | Gets and sets the number of grace logins left before locking account. |
| get_IsAccountLocked | Gets and sets a flag to indicate whether or not an account is locked. |
| put_IsAccountLocked | Gets and sets a flag to indicate whether or not an account is locked. |
| get_LoginHours | Gets and sets the time periods during each day of week indicating valid login periods. |
| put_LoginHours | Gets and sets the time periods during each day of week indicating valid login periods. |
| get_LoginWorkstations | Gets and set the workstations and their net addresses for this end-user. |
| put_LoginWorkstations | Gets and set the workstations and their net addresses for this end-user. |
| get_MaxLogins | Gets and sets the maximum number of simultaneous logins. |
| put_MaxLogins | Gets and sets the maximum number of simultaneous logins. |
| get_MaxStorage | Gets and set the maximum amount of disk space allowed for the user. |
| put_MaxStorage | Gets and set the maximum amount of disk space allowed for the user. |
| get_PasswordExpirationDate | Gets and sets the date and time when password will expire. |
| put_PasswordExpirationDate | Gets and sets the date and time when password will expire. |
| get_PasswordMinimumLength | Gets and sets the minimum number of characters allowed in a password. |
| put_PasswordMinimumLength | Gets and sets the minimum number of characters allowed in a password. |
| get_PasswordRequired | Gets and sets a flag to indicate whether or not a password is required. |
| put_PasswordRequired | Gets and sets a flag to indicate whether or not a password is required. |
| get_RequireUniquePassword | Gets and sets a flag to indicate whether or not a new password must be different from ones in the password history list. |
| put_RequireUniquePassword | Gets and sets a flag to indicate whether or not a new password must be different from ones in the password history list. |
| get_EmailAddress | Gets and sets the email address of the user. |
| put_EmailAddress | Gets and sets the email address of the user. |
| get_HomeDirectory | Gets and sets the home directory of the user. |
| put_HomeDirectory | Gets and sets the home directory of the user. |
| get_Languages | Gets and sets the array of language names for the end-user. |
| put_Languages | Gets and sets the array of language names for the end-user. |
| get_Profile | Gets and sets the end-user's profile path. |
| put_Profile | Gets and sets the end-user's profile path. |
| get_LoginScript | Gets and sets the end-user's login script path. |
| put_LoginScript | Gets and sets the end-user's login script path. |
| get_Picture | Gets and sets the picture of the user. |
| put_Picture | Gets and sets the picture of the user. |
| get_HomePage | Gets and sets the URL to the home page of the user. |
| put_HomePage | Gets and sets the URL to the home page of the user. |
| Groups | Determines the groups to which this end-user belongs. |
| SetPassword | Sets the password. |
| ChangePassword | Changes password from the specified existing value to a new value. |
The IADsUser interface defines the following properties. The preceding table includes access methods for these properties.
| Property | Description |
|---|---|
| AccountDisabled | Gets and sets the flag to indicate whether or not the account is disabled. |
| AccountExpirationDate | Gets and sets the expiration date and time of the user. |
| BadLoginAddress | Gets the address of the last node, considered an "Intruder". |
| BadLoginCount | Gets the number of the bad logon attempts since last reset. |
| Department | Gets and sets the organizational unit within the organization. |
| Description | Gets and sets the description of the user account. |
| Division | Gets and sets the division within a company (organization). |
| EmailAddress | Gets and sets the email address of the user. |
| EmployeeID | Gets and sets employee identification number of the user. |
| FaxNumber | Gets and sets the list of fax phone numbers. In Active Directory the list has a single element. |
| FirstName | Gets and sets the first name of the user. |
| FullName | Gets and sets the full name of the user. |
| GraceLoginsAllowed | Gets and sets the number of times user can log on after password has expired. |
| GraceLoginsRemaining | Gets and sets the number of grace logins left before locking account. |
| HomeDirectory | Gets and sets the home directory of the user. |
| HomePage | Gets and sets the URL to the home page of the user. |
| IsAccountLocked | Gets and sets a flag to indicate whether or not an account is locked. |
| Languages | Gets and sets the array of language names for the end-user. |
| LastFailedLogin | Gets the date and time of the last failed network login. |
| LastLogin | Gets the date and time of the last network login. |
| LastLogoff | Gets the date and time of the last network logoff. |
| LastName | Gets and sets the last name of the user. |
| LoginHours | Gets and sets the time periods during each day of week indicating valid login periods. |
| LoginScript | Gets and sets the end-user's login script path. |
| LoginWorkstations | Gets and set the workstations and their net addresses for this end-user. |
| Manager | Gets and sets the manager of the user. |
| MaxLogins | Gets and sets the maximum number of simultaneous logins. |
| MaxStorage | Gets and set the maximum amount of disk space allowed for the user. |
| NamePrefix | Gets and sets the name prefix, such as Mr., Ms., or Hon., of the user. |
| NameSuffix | Gets and sets the name suffix, such as Jr. or III, of the user. |
| OfficeLocations | Gets and sets the array of end-user locations. In Active Directory the array has a single element. |
| OtherName | Gets and sets the additional name, such as the nickname, or the middle name of the user. |
| PasswordExpirationDate | Gets and sets the date and time when password will expire. |
| PasswordLastChanged | Gets the date and time of the last password change. |
| PasswordMinimumLength | Gets and sets the minimum number of characters allowed in a password. |
| PasswordRequired | Gets and sets a flag to indicate whether or not a password is required. |
| Picture | Gets and sets the picture of the user. |
| PostalAddresses | Gets and sets the array of end-user post office addresses. |
| PostalCodes | Gets and sets the array of postal codes for the Postal Addresses. In Active Directory the array has a single element. |
| Profile | Gets and sets the end-user's profile path. |
| RequireUniquePassword | Gets and sets a flag to indicate whether or not a new password must be different from ones in the password history list. |
| SeeAlso | Gets and sets the array of ADsPaths of other objects related to this user. |
| TelephoneHome | Gets and sets the list of home phone numbers of the user. In Active Directory the list has a single element. |
| TelephoneMobile | Gets and sets the list of mobile phone numbers of the user. In Active Directory the list has a single element. |
| TelephoneNumber | Gets and sets the list of work-related phone numbers. In Active Directory the list has a single element. |
| TelephonePager | Gets and sets the list of pager phone numbers. |
| Title | Gets and sets the user's title within the organization. |
As with any other ADSI object, the container object creates a Windows NT/Windows 2000 user account object. First, bind to a container object. Then, call the IADsContainer::Create method and specify mandatory or optional attributes.
User Creation Using WinNT
With WinNT, you do not have to specify any additional attributes when creating a user. You may call the IADsContainer::Create method to create the user object directly.
Dim dom As IADsContainer
Dim usr As IADsUser
On Error GoTo Cleanup
Set dom = GetObject("WinNT://MyDomain")
Set usr = dom.Create("user","jeffsmith")
usr.SetInfo
Cleanup:
If(Err.Number<>0) Then
MsgBox("An error has occurred. " & Err.Number)
End If
Set mach = Nothing
Set usr = Nothing
In this case, a domain user is created with the following default attribute values.
| Property | Value |
|---|---|
| Full Name | SAM Account Name (such as jeffsmith) |
| Password | Empty |
| User Must Change Password | TRUE |
| User Cannot Change Password | FALSE |
| Password Never Expires | FALSE |
| Account Disabled | FALSE |
| Group | Domain User |
| Profile | Empty |
| Account Never Expires | TRUE |
To create a local user, bind to a target machine, as shown in the following code example.
Dim mach As IADsContainer
Dim usr as IADsUser
On Error GoTo Cleanup
Set mach = GetObject("WinNT://MyMachine,Computer")
Set usr = mach.Create("user","jeffsmith")
usr.SetInfo
Cleanup:
If(Err.Number<>0) Then
MsgBox("An error has occurred. " & Err.Number)
End If
Set mach = Nothing
Set usr = Nothing
The newly created local user will have the same default properties as the domain user. The group membership, however, will be "users", instead of "domain user".
Client: Included in Windows XP and
Windows 2000 Professional.
Server: Included in Windows Server 2003 and
Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension
on Windows NT 4.0 SP6a and Windows 95/98/Me.
Header: Declared in Iads.h.