Connectors

Setting User Passwords in Active Directory

To set a user password in Active Directory you need to use Project Automation as you cannot set it by directly mapping the columns.

In Project Automation we use the .NET DirectoryEntry object that you can get via GetDirectoryEntry(string) method.

If you are looking for a full guide to create new users and assign them a password please see our other article explaining this here.

The following steps will explain how you can use Project Automation to set user passwords for accounts being added to your AD.

If you want to update existing user passwords you will need to add code to the AfterUpdateItem method.

Enable Project Automation

Project Automation allows you to run your own .NET C# code at certain points in the Data Sync process. You can open and enable Project Automation by going to View > Project Automation Window. Then click Enable Project Automation to get started.

Enable Project Automation

This will then open the code view where we can write the code we need.

Set the Password

You need to add the userPassword column to the properties collection, and then add it to the schema. This is so that the column can be targeted by Project Automation.

UserPassword

Map this column to the corresponding column in your source. You also need to edit the schema properties, setting the Data Compare property Ignore to True, so that the password field does not trigger update events.

On any other update field, password will also appear in the updates as an update action but nothing will actually happen when the sync is run unless you have written additional code to update the password for updates.

Schema Mapping & Properties

As defining a password for users will not be very secure you will want users to have to change their password when they login, this has been set in the code below using pwdLastSet.

Your Project Automation code should look similar to:

 public override void AfterAddItem(object sender, DataCompareItemInvariant item, object identity)
    {
		Trace.WriteLine("AfterAddItem->{0}", identity);
       
        var values = item.ToAddItemDictionary(TargetMapping); //Gets column names from the target
       
        using(var entry = DataSourceB.GetDirectoryEntry(identity))
        {                                               
            entry.Invoke("SetPassword", values["UserPassword"]); //Set the password
            entry.Properties["pwdLastSet"].Value = 0; //Set user must change password at next logon
            entry.CommitChanges();           
        }   
    }

Set a Basic Default Password

Alternatively, if you do not have a password assigned in your source columns you can set a default password. This example sets a password of !password123 on any user account being added. It also unlocks the account and makes the user have to change their password at their next logon.

public override void AfterAddItem(object sender, DataCompareItemInvariant item, object identity)
    {        
        Trace.WriteLine("AfterAddItem->{0}", identity); 
        
        using(var entry = DataSourceB.GetDirectoryEntry(identity)) 
        {      
            var uac = (int)entry.Properties["userAccountControl"].Value;            
            uac = uac | 0x10000; //Password never Expires
            uac = uac & ~0x2; //Unlocked
            
            entry.Properties["userAccountControl"].Value = uac;
            entry.Invoke("SetPassword", "!password123"); //Set the password
            entry.Properties["pwdLastSet"].Value = 0; //Set user must change password at next logon           
            entry.CommitChanges();            
        }        
    }