I created a C# app that is creating a series of AD accounts from a database. The issue i am running into is the passwords i am gathering had no complexity requirements so when i am passing them into our domain i get an error saying "The server is unwilling to process the request". I traced my code and its breaking on the password because it is not complex enough for our domain. I then created a GPO for the specific OU that i am creating these accounts in to disable password complexity and for security i added in my user and the computer that i am running my C# app from.
I am still running into this error where it will change the password on the account i created. Am i missing something or is there a better way to get around this?
I have included the code i am using in my C# app to create and change the password. The code is correct because it works on accounts that do have a complex enough password. The DC is Server 2012, but i don't think that matters.
//Creates User
string cnUser = acctNumber + "_" + userName;
DirectoryEntry newUser = dirEntry.Children.Add("CN=" + cnUser, "user");
newUser.Properties["samAccountName"].Value = cnUser;
newUser.Properties["userPrincipalName"].Value = cnUser;
newUser.Properties["pwdLastSet"].Value = 0;
newUser.CommitChanges();
//Changes Password
String passwrd = userPassword.ToString();
newUser.Invoke("SetPassword", new object[] { passwrd });
newUser.CommitChanges();
//Sets User Account to Change Passowrd on new login
newUser.Properties["pwdLastSet"].Value = 0;
newUser.CommitChanges();
Best Answer
You may only define one password policy via GPO for the entire domain.
You may then set fine-grained password policies, however be aware that you do not apply fine grained password policies to OUs as you do with GPOs. Rather, you apply them to users and groups.
http://technet.microsoft.com/en-us/library/cc770394(v=WS.10).aspx