3

I can add a user perfectly well, but then I can't add it to a local group. I get this error:-

A member could not be added to or removed from the local group because the member does not exist.

Here is the code I'm using. What I am doing wrong? It's just the local machine, I definitely have rights to do it, and the group definifely exists.

        try
        {
            using (DirectoryEntry hostMachineDirectory = new DirectoryEntry("WinNT://" + serverName))
            {
                DirectoryEntries entries = hostMachineDirectory.Children;

                foreach (DirectoryEntry entry in entries)
                {
                    if (entry.Name.Equals(userName, StringComparison.CurrentCultureIgnoreCase))
                    {
                        // Update password
                        entry.Invoke("SetPassword", password);
                        entry.CommitChanges();
                        return true;
                    }
                }

                DirectoryEntry obUser = entries.Add(userName, "User");
                obUser.Properties["FullName"].Add("Used to allow users to login to Horizon. User created programmatically.");
                obUser.Invoke("SetPassword", password);
                obUser.Invoke("Put", new object[] {
                "UserFlags",
                0x10000
                });

                obUser.CommitChanges();

                foreach (string group in groups)
                {
                    DirectoryEntry grp = hostMachineDirectory.Children.Find(group, "group");
                    if (grp != null) { grp.Invoke("Add", new object[] { obUser.Path.ToString() }); }

                }
                return true;
            }
        }
        catch (Exception ex)
        {
            returnMessage = ex.InnerException.Message;
            return false;
        }
Improve this question

1 Answer 1

Reset to default
14

I wrote some code ages ago which takes a different approach to yours, but as far as I can tell works (insofar as nobody ever reported problems to me!). Any use to you?

    /// <summary>
    /// Adds the supplied user into the (local) group
    /// </summary>
    /// <param name="userName">the full username (including domain)</param>
    /// <param name="groupName">the name of the group</param>
    /// <returns>true on success; 
    /// false if the group does not exist, or if the user is already in the group, or if the user cannont be added to the group</returns>
    public static bool AddUserToLocalGroup(string userName, string groupName)
    {
        DirectoryEntry userGroup = null;

        try
        {
            string groupPath = String.Format(CultureInfo.CurrentUICulture, "WinNT://{0}/{1},group", Environment.MachineName, groupName);
            userGroup = new DirectoryEntry(groupPath);

            if ((null == userGroup) || (true == String.IsNullOrEmpty(userGroup.SchemaClassName)) || (0 != String.Compare(userGroup.SchemaClassName, "group", true, CultureInfo.CurrentUICulture)))
                return false;

            String userPath = String.Format(CultureInfo.CurrentUICulture, "WinNT://{0},user", userName);
            userGroup.Invoke("Add", new object[] { userPath });
            userGroup.CommitChanges();

            return true;
        }
        catch (Exception)
        {
            return false;
        }
        finally
        {
            if (null != userGroup) userGroup.Dispose();
        }
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

good. Mind marking it as the answer then? I could use the points so everyone thinks I'm more knowledgable than I actually am! P
What if userName is a service account rather than local user (e.g. NT AUTHORITY\IUSR)? It didn't work for me.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.