我在寻找一种方式来创建Active Directory用户，并设置自己的密码，preferably没有给我的应用程序/服务的域管理员权限。

I'm looking for a way to create Active Directory users and set their password, preferably without giving my application/service Domain Admin privileges.

我已经试过如下：

DirectoryEntry newUser = _directoryEntry.Children.Add("CN=" + fullname, USER);
newUser.Properties["samAccountName"].Value = username;
newUser.Properties["userPassword"].Value = password;
newUser.Properties["mail"].Value = email;
newUser.CommitChanges();

在创建用户，但似乎密码的用户从来没有设置。

The user is created, but it seems the password is never set on the user.

有没有人对如何在创建用户时，最初设置用户密码的想法？我知道

Does anyone have an idea on how to set the user's password initially when creating the user? I know about

.Invoke("SetPassword", new object[] { password })

但是，这需要我的code能与域管理员权限运行。因为我真的不明白这一点给予我的code域管理员权限，只需设置初始密码（我还允许用户密码重置，但在特定用户的上下文中的运行），我希望有人有一个聪明的解决方案，不要求我这样做。

But that requires my code to be run with Domain Admin privileges. As I don't really see the point to grant my code Domain Admin privileges, just to set the initial password (I also allow user password resets, but those run in the context of that particular user), I am hoping someone has a clever solution that doesn't require me to do so.

在此先感谢！

推荐答案

您可以现在就做这整个过程变得更加容易与System.DirectoryServices.AccountManagement（只要你在净3.5）：

You can do this whole process much easier now with System.DirectoryServices.AccountManagement (long as you're on .Net 3.5):

在这里看到一个完整的破败

这是你的具体情况一个简单的例子：

Here's a quick example of your specific case:

using(var pc = new PrincipalContext(ContextType.Domain))
{
  using(var up = new UserPrincipal(pc))
  {
    up.SamAccountName = username;
    up.EmailAddress = email;
    up.SetPassword(password);
    up.Enabled = true;
    up.ExpirePasswordNow();
    up.Save();
  }
}