Assigning new user default password with php

Active Directory
I've written some php codes (see codes below) to add a new user in our Active Directory. I've attached the php codes below. It does actually add a new user and put in all the settings in attributes correctly. However, even though I've set the userpassword (I can see the attribute set in ldap), the password is still blank when you first login. If I set the unicodepwd attribute instead of userpassword, it generates error. Any idea? Your advise will be much appreciated :)
// ****************
// Add new AD user
// ****************
$ldapconn = ldap_start();
$user["givenname"> = "Peter Alan";
$user["sn"> = "Pan";
$user["displayname"> = "Peter Pan";
$user["distinguishedname"> = "CN=PPan,OU=CKTest,DC=CK,DC=lan";
$user["homedirectory"> = '\salhome$%username%';
$user["homedrive"> = "h:";
$user["samaccountname"> = "PPan";
$user["profilepath"> = '\salprofiles$mandatory';
$user["objectcategory"> =
$user['cn'] = "PPan";
$user["userprincipalname"> = $user["samaccountname">."@DOMAIN";
$user['objectclass'][0] = "top";
$user['objectclass'][1] = "person";
$user['objectclass'][2] = "organizationalPerson";
$user['objectclass'][3] = "user";
$user['mail'] = "ppan@DOMAIN";

user['userPassword'] ='pwd';
//user['userPassword'] ='{MD5}'.base64_encode(pack('H*',md5('password')));
// $user["unicodepwd"> = "{md5}".base64_encode(pack("H*",md5("password")));

$user["userAccountControl"> = "544";


$dn = "CN=PPan,OU=CKTest,DC=CK,DC=lan";
$result = ldap_add($ldapconn, $dn, $user);

//assign user to AllStudents group
$group_name = "CN=AllStudents,OU=Groups,OU=Students,DC=CK,DC=lan";
$group_info['member'] = $dn; // User's DN is added to group's 'member'array


if ($result)
echo "User added!";
{ echo "There was a problem!";}

Answer Wiki

Thanks. We'll let you know when a new response is added.

I’ve not done this with PHP, but I have done this with VBSCRIPT and had a similar problem initially.

I see some pieces of code are in functions not provided (though I don’t know they are needed), are you calling the .setinfo method after you set the password?

Here is a Microsoft page that gives a short example of what I’m talking about. This was the solution to the problem when I had it, it revolves around basically having to create the account first — then setting the password. Each time you modify something you need to setinfo.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Jerry Lees
    Be sure and check out my blog here on ITKE for more Network administration and VBSCRIPT tips. The VBScript Network and Systems Administrator's Cafe
    5,335 pointsBadges:
  • Lelyea
    I have 30+ hours in over two days attempting to add a user to AD (Server 2003 R2) using PHP and Openldap on a Red Hat 5 server. Your post showed me what I was doing wrong! I have it working now. Sorry - I don't know the answer to your password problem - haven't gotten there yet. I do have a question though: I would like all users added to AD with this script to only be members of the 'Guest' group, and not a member of the 'Domain Users' group. Can you tell me how to go about this?? Help from anyone would be greatly appreciated! Len
    10 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: