Enable and Disable Active Directory User in C#

Description

In this article, I am going to give C# code examples to Enable Active Directory user and Disable Active Directory user account in C# with two methods.

Summary

Enable Active Directory User Account via userAccountControl using C#

To use DirectoryEntry class, you need to add reference System.DirectoryServices.ActiveDirectory

private static void EnableADUserUsingUserAccountControl(string username)
     {
        try
        {
            DirectoryEntry domainEntry = Domain.GetCurrentDomain().GetDirectoryEntry();
            // ldap filter
            string searchFilter = string.Format(@"(&(objectCategory=person)(objectClass=user)
                    (!sAMAccountType=805306370)(|(userPrincipalName={0})(sAMAccountName={0})))", username);

            DirectorySearcher searcher = new DirectorySearcher(domainEntry, searchFilter);
            SearchResult searchResult = searcher.FindOne();
            if (searcher != null)
            {
                DirectoryEntry userEntry = searchResult.GetDirectoryEntry();

                int old_UAC=(int)userEntry.Properties["userAccountControl"][0];

                // AD user account disable flag
                int ADS_UF_ACCOUNTDISABLE = 2;

                // To enable an ad user account, we need to clear the disable bit/flag:
                userEntry.Properties["userAccountControl"][0] = (old_UAC & ~ADS_UF_ACCOUNTDISABLE);
                userEntry.CommitChanges();

                Console.WriteLine("Active Director User Account Enabled successfully 
                                          through userAccountControl property");
            }
            else
            {
                //AD User Not Found
            }
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
    }

Disable Active Directory User Account via userAccountControl using C#

private static void DisableADUserUsingUserAccountControl(string username)
    {
        try
        {
            DirectoryEntry domainEntry = Domain.GetCurrentDomain().GetDirectoryEntry();
            // ldap filter
            string searchFilter = string.Format(@"(&(objectCategory=person)(objectClass=user)
                  (!sAMAccountType=805306370)(|(userPrincipalName={0})(sAMAccountName={0})))", username);

            DirectorySearcher searcher = new DirectorySearcher(domainEntry, searchFilter);
            SearchResult searchResult = searcher.FindOne();
            if (searcher != null)
            {
                DirectoryEntry userEntry = searchResult.GetDirectoryEntry();

                int old_UAC = (int)userEntry.Properties["userAccountControl"][0];

                // AD user account disable flag
                int ADS_UF_ACCOUNTDISABLE = 2;

                // To disable an ad user account, we need to set the disable bit/flag:
                userEntry.Properties["userAccountControl"][0] = (old_UAC | ADS_UF_ACCOUNTDISABLE);
                userEntry.CommitChanges();

                Console.WriteLine("Active Director User Account Disabled successfully 
                                    through userAccountControl property");
            }
            else
            {
                //AD User Not Found
            }
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
    }

Enable AD User Account via UserPrincipal using C#

To use PrincipalContext class, you need add reference System.DirectoryServices.AccountManagement which is available only from .NET 3.5;

private static void EnableADUserUsingUserPrincipal(string username)
    {
        try
        {                
            PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);

            UserPrincipal userPrincipal = UserPrincipal.FindByIdentity
                    (principalContext, username);

            userPrincipal.Enabled = true;

            userPrincipal.Save();

            Console.WriteLine("Active Director User Account Enabled successfully through UserPrincipal");
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
    }

Disable AD User Account via UserPrincipal using C#

 private static void DiableADUserUsingUserPrincipal(string username)
    {
        try
        {
            // To use this class, you need add reference System.DirectoryServices.AccountManagement which 
is available only from .NET 3.5;
            PrincipalContext principalContext = new PrincipalContext(ContextType.Domain);

            UserPrincipal userPrincipal = UserPrincipal.FindByIdentity
                    (principalContext, username);

            userPrincipal.Enabled = false;

            userPrincipal.Save();

            Console.WriteLine("Active Director User Account Disabled successfully through UserPrincipal");
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
    }

Note : This article is applies to Windows Server 2003, Windows Server 2008,Windows Server 2008 R2 and Windows Server 2012.

Thanks,
Morgan
Software Developer


Advertisement

Leave a Comment