Windows ADSI programming

Our product - FirM - does Active Directory user and group management. And under windows 2000, works perfectly well.



Recently, under windows 2003 testing, user creation started failing with errors indicating that the user objects dont conform to user password strength policy settings.



Fair enough, lets go test.



It actually transpires that under the LDAP ADSI interface - the one we use - you CANNOT set the user password during the initial object creation. As of course, the user object isnt there. Yet you cannot create a user object, as the password isnt strong enough.



A chicken and egg problem...  AARRGH!



Who in their right mind would create such a "Chicken and Egg" problem ? Who on earth would impose this on their application developers mid-stream ?



Of course, investigating this problem isnt a trivial event. It took me about four hours to come to this conclusion.



Thankfully, there's a workaround. You have to revert to the old "WinNt" directory provider, which does allow user creation with passwords. This must be how the internal AD API's are handing new user creation in windows 2003 (where password policies are on by default).



Great. Now I have to recode and test significant pieces of my application, because some MORON within microsoft couldnt actually architect and implement a consistent API. Thank you, whoever you are.



And we're led to believe that the MS architects are somehow the smartest guys out there, doing the smartest stuff. That MS cant deliver large projects because the middle and upper management of MS are completely useless. Believe me, this isnt my current opinion.



And yet the folks who use these API's are some of the strongest MS supporters out there. One can only conclude that these folks are USED to dealing with this level of stupidity, and thing it commonplace. If you fit this description - please- take a look at ANY of the unix/java interfaces to see how a properly architected API performs..