Mega Code Archive

 

Categories / Delphi / System

 

Creating windows accounts using ADSI (Active Directory)

Title: Creating windows accounts using ADSI (Active Directory) Question: How can I create a Windows user account with Delphi and ADSI? Answer: In order to create Windows user accounts in Delphi you can use the ADSI (Active Directory Services Interface) from Microsoft. You might think that ADSI is only available for Windows 2000 - maybe due to it's name - but actually ADSI is available for all Win32 platforms. You may need to download ADSI for your Windows version (check http://www.microsoft.com/adsi for complete details). ADSI is included with Windows 2000. ADSI is a very large topic. I'm only stratching the top surface in this article. ADSI is a kind of a generic interface to many different computer (mostly directory based) services. Some of the standard ADSI Providers (COM interfaces which can use in your programs) are WinNT, IIS, LDAP and NDS. The WinNT provider can hereby be used to create user accounts, modify user account settings or modify groups (among a lot of other things). The following small program shows you the steps necessary to create user accounts under NT/2000 using ADSI: First you need import the ADSI Type Library (Menu Project/Import Type Library). The Type Library can be found in the system32 subdirectory (for example C:\WINNT\system32\activeds.tlb). The file required is named 'activeds.tlb'. If you can't find the file check if you've got ADSI installed correctly. After successfully importing the Type Library you'll find a new file in the Delphi Imports directory named activeds_tlb.pas (..\Delphi5\Imports\activeds_tlb.pas for example). Basically you need to include this file in your uses clause in order to enable ADSI programming with Delphi. On to the user creation example with ADSI. You need to replace [computername] with the actual computer name which you are using. The same applies to [accountname]. I've tested the example with WindowsNT 4.0 and Windows 2000. ... uses ActiveX, // used for the COM Moniker stuff... ActiveDs_TLB, // the created type library ComObj; // used for OleCheck and other COM functions implementation procedure TForm1.BtnCreateUserClick(Sender: TObject); var Usr: IADsUser; Comp: IADsContainer; begin try Comp := GetObject('WinNT://[computername],computer') as IADsContainer; Usr := Comp.Create('user', '[accountname]') as IADsUser; Usr.SetInfo; except on E: EOleException do begin ShowMessage(E.Message); end; end; end; procedure TForm1.BtnSetPasswordClick(Sender: TObject); var Usr: IADsUser; begin try Usr := GetObject('WinNT://[computername]/[accountname],user') as IADsUser; Usr.SetPassword('thenewpassword'); except on E: EOleException do begin ShowMessage(E.Message); end; end; end; // GetObject is a implementation of the VB GetObject call // I've found this code (GetObject) on the Usenet. // // With GetObject can you bind to an existing ADSI provider // using a 'ADSIPath' (for example WinNT://.... or // IIS://localhost). function TForm1.GetObject(const Name: string): IDispatch; var Moniker: IMoniker; Eaten: integer; BindContext: IBindCtx; Dispatch: IDispatch; begin OleCheck(CreateBindCtx(0, BindContext)); OleCheck(MkParseDisplayName(BindContext, PWideChar(WideString(Name)), Eaten, Moniker)); OleCheck(Moniker.BindToObject(BindContext, NIL, IDispatch, Dispatch)); Result := Dispatch; end; end. Over ADSI you can also modify the settings of a user account. The following code can be used to change the 'Password never expires' flag of any account: procedure TFormMain.ButtonNeverExpiresClick(Sender: TObject); var Usr: IADsUser; begin try Usr := GetObject('WinNT://[computername]/[acccoutname],user') as IADsUser; // Check the Checkbox State... if CheckBoxPasswordNeverExpires.Checked then Usr.Put('UserFlags', Usr.Get('UserFlags') OR 65536) // 65536 is defined as UF_DONT_EXPIRE_PASSWORD in iads.h // from the ADSI SDK available from Microsoft else Usr.Put('UserFlags', Usr.Get('UserFlags') XOR 65536); Usr.SetInfo; except on E: EOleException do begin ShowMessage(E.Message); end; end; end; From here... In order to get into the deeper parts of ADSI you need to check out the actual interfaces provided like IADsUser or IADsContainer. I recommend that you work with the ADSI SDK from Microsoft and by inspecting the created Type Library.