I think you are calling CommitChanges on the wrong DirectoryEntry. In the MSDN documentation (http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentries.add.aspx) it states the following (emphasis added by me)

我认为您在错误的 DirectoryEntry 上调用 CommitChanges。在 MSDN 文档（http://msdn.microsoft.com/en-us/library/system.directoryservices.directoryentries.add.aspx）中，它说明了以下内容（我添加的重点）

You must call the CommitChanges method on the new entryto make the creation permanent. When you call this method, you can then set mandatory property values on the new entry. The providers each have different requirements for properties that need to be set before a call to the CommitChanges method is made. If those requirements are not met, the provider might throw an exception. Check with your provider to determine which properties must be set before committing changes.

您必须在新条目上调用 CommitChanges 方法以使创建永久。当您调用此方法时，您可以在新条目上设置必需的属性值。每个提供程序对在调用 CommitChanges 方法之前需要设置的属性都有不同的要求。如果不满足这些要求，提供者可能会抛出异常。在提交更改之前，请咨询您的提供商以确定必须设置哪些属性。

So if you change your code to user.CommitChanges()it should work, if you need to set more properties than just the account name then you should get an exception.

因此，如果您将代码更改为user.CommitChanges()它应该可以工作，如果您需要设置比帐户名称更多的属性，那么您应该会收到异常。

Since you're currently calling CommitChanges() on the OU which hasn't been altered there will be no exceptions.

由于您当前正在未更改的 OU 上调用 CommitChanges()，因此不会有任何例外。

Assuming your OU path OU=x,DC=y,DC=comreally exists - it should work :-)

假设您的 OU 路径OU=x,DC=y,DC=com确实存在 - 它应该可以工作:-)

Things to check:

检查事项：

• you're adding a value to the "samAccountName" - why don't you just set its value:

  user.Properties["sAMAccountName"].Value = username;
  

• 您正在向“samAccountName”添加一个值 - 为什么不设置它的值：

  user.Properties["sAMAccountName"].Value = username;
  

Otherwise you might end up with several samAccountNames - and that won't work.....

否则，您最终可能会得到多个 samAccountNames - 这将不起作用.....

• you're not setting the userAccountControlproperty to anything - try using:

   user.Properties["userAccountControl"].Value = 512;  // normal account
  

• do you have multiple domain controllers in your org? If you, and you're using this "server-less" binding (not specifying any server in the LDAP path), you could be surprised where the user gets created :-) and it'll take several minutes up to half an hour to synchronize across the whole network

• do you have a strict password policy in place? Maybe that's the problem. I recall we used to have to create the user with the "doesn't require password" option first, do a first .CommitChanges(), then create a powerful enough password, set it on the user, and remove that user option.

• 您没有将该userAccountControl属性设置为任何内容 - 尝试使用：

   user.Properties["userAccountControl"].Value = 512;  // normal account
  

• 您的组织中有多个域控制器吗？如果您正在使用这种“无服务器”绑定（未在 LDAP 路径中指定任何服务器），您可能会对创建用户的位置感到惊讶:-) 并且需要几分钟到半小时全网同步

• 你有严格的密码政策吗？也许这就是问题所在。我记得我们曾经必须首先使用“不需要密码”选项创建用户，首先执行 .CommitChanges()，然后创建一个足够强大的密码，在用户上设置它，然后删除该用户选项。

Marc

马克

Check the below code

检查下面的代码

 DirectoryEntry ouEntry = new DirectoryEntry("LDAP://OU=TestOU,DC=TestDomain,DC=local");

        for (int i = 3; i < 6; i++)
        {
            try
            {
                DirectoryEntry childEntry = ouEntry.Children.Add("CN=TestUser" + i, "user");
                childEntry.CommitChanges();
                ouEntry.CommitChanges();
                childEntry.Invoke("SetPassword", new object[] { "password" });
                childEntry.CommitChanges();
            }
            catch (Exception ex)
            {

            }
        }