Creating a user account by using XML

Use the CreateUser procedure of the Managed Active Directory namespace to create an account for a user. The CreateUser procedure creates a new user within a specified organization according to the policy name you provide in the <policyName> element.

This procedure expects to be called with impersonate="1". The procedure impersonates the caller.

Example of a request that calls the CreateUser procedure

<request>
  <procedure>
	<execute namespace="Managed Active Directory" procedure="CreateUser">
	<executeData>
		<container>LDAP://OU=Reseller1,OU=Hosting,DC=contoso,DC=com</container>
		<userPrincipalName>upnMyUser1</userPrincipalName>
		<sAMAccountName>Accntname</sAMAccountName>
		<policyName>reseller</policyName>
		<displayName>Joe Smith</displayName>
		<givenName>Joe</givenName>
		<middleName>John</middleName>
		<sn>Smith</sn>
		<initials>JS</initials>
		<description>User description</description>
		<properties>
		<property name="otherHomePhone">
			<value>425-555-1212</value>
			<value>206-555-1212</value>
		</property>
		</properties>
		<preferredDomainController>myPrimaryDC.contoso.com
			</preferredDomainController>
	</executeData>
	<after source="executeData" destination="data" sourcePath="user" />
	</execute>
  </procedure>
</request>

Input for CreateUser

The following input is valid for this request:

• Container

  Use the <container> element to specify the Lightweight Directory Access Protocol (LDAP) path of the container in which you want to create the user. The container must correspond to the value entered the <policyName> element unless the policyName value is default.

  Important

  • The service provider's administration accounts should reside inside the hosting organizational unit or their default organizational unit will be the root of the domain instead of the hosting organizational unit.

  <container>LDAP://LDAP path of the container</container>
  

• Universal principal name

  Use the <userPrincipalName> element to specify the universal principal name of the user you want to create.

  <userPrincipalName>universal principal name of the user</userPrincipalName>
  

• Policy name (optional)

  By using the <policyName> element, you can specify the policy name appropriate for the type of user you want to create. This information is optional. If you do not include this element, the request uses the default value.

  Possible types for this name are:

  • default
  • hosting
  • reseller
  • customer

  <policyName>default|hosting|reseller|customer</policyName>
  

• Security Accounts Manager account name (optional)

  By using the <sAMAccountName> element, you can specify the Security Accounts Manager (SAM) account name for the user.

  This information is optional.

  <sAMAccountName>SAM account name for the user</sAMAccountName>
  

• Given name, surname, middle name, initials (all optional)

  In the <givenName> element, the <sn> element, the <middleName> element, and <initials> element, you can specify the user's first name, surname, middle name, and initials.

  This information is optional.

  <givenName>user's first name</givenName>
  <middleName>user's middle name</middleName>
  <sn>user's last name</sn>
  <initials>user's initials</initials>
  

• Display name (optional)

  By using the <displayName> element, you can specify the name you want to display for the user.

  This information is optional.

  <displayName>Name to display for this user</displayName>
  

• Description (optional)

  By using the <description> element, you can specify a description for the user. You can include the user’s title and position in the description.

  This information is optional.

  <description>description for the user</description>
  

• Other properties (optional)

  By using the <properties> element, you can add any valid Active Directory properties for user that you want to store with the user account, such as phone numbers and account numbers.

  This information is optional.

  <properties>property element</properties>
  

  <properties></properties>
• Preferred domain controller (optional)

  By using the <preferredDomainController> element, you can specify the domain controller that you want to use for this request. Using a single preferred domain controller eliminates replication delays that arise between multiple controllers.

  This information is optional.

  <preferredDomainController>your domain controller</preferredDomainController>
  

Typical response for CreateUser

This procedure returns the <user> tag containing the user object created and the membership and security policies supplied. Each object created has its LDAP path in a path attribute.

<response>
  <data>
	<user path="LDAP://cn=upnMyUser1,OU=Reseller1,OU=Hosting,DC=contoso,DC=com" 
		name="upnMyUser1" samName="upnMyUser1"></user>
  </data>
</response>

Important

• Although Active Directory is not case sensitive for elements such as the Lightweight Directory Access Protocol (LDAP) path, XML is case sensitive. To ensure that the procedure executes appropriately, specify all tags, elements, and data using uppercase and lowercase letters exactly as shown in the XML examples. For additional guidelines on how to use XML, see the Microsoft Web site (http://www.microsoft.com/).