3

Okay, my problem right now is we're trying to write code that will add a user to a different group in our Active Directory. This is the solution we've written.

Part of the main method:

string newGroup = "TestDelete";
string userName = result.Properties["cn"][0].ToString();
string adduser = ad.AddToGroup(userName, newGroup);
Console.WriteLine(String.Format("{0} : {1}",userName, adduser));

Which calls this method from another class: 

public String AddToGroup(string userDn, string groupDn)
{
    try
    {
        DirectoryEntry ldapConnection = new DirectoryEntry("LDAP://OU=" + groupDn + ",DC=blah,DC=blah,DC=blah");
        ldapConnection.AuthenticationType = AuthenticationTypes.Secure;

        string newUser = "CN=" + userDn + "CN=Members,DC=blah,DC=blah,DC=blah";

        ldapConnection.Invoke("Add", new object[] { newUser });
        ldapConnection.CommitChanges();
        ldapConnection.Close();

        return "Success";
    }
    catch (System.DirectoryServices.DirectoryServicesCOMException E)
    {
        Console.WriteLine("Exception caught:\n\n" + E.ToString());
    }
}

It's throwing the exception

System.Runtime.InteropServices.COMException (0x80020006): Unknown name. (Exception from HRESULT: 0x80020006 (DISP_E_UNKNOWNNAME))
at System.DirectoryServices.DirectoryEntry.InvokeSet(String propertyName, Object[] args)
at adjustUsers.Program.AddToGroup(String userDn, String groupDn) in C:\Users\XXX\Documents\Visual Studio 2010\Projects\UserPruning\adjustUsers\Program.cs:line 45
at UserPruning.MainProgram.Main(String[] args) in C:\Users\XXX\Documents\Visual Studio 2010\Projects\UserPruning\UserPruning\MainProgram.cs:line 46

Which, as far as we've been able to find indicates a problem with our syntax.

Line 46 is 

string adduser = ad.AddToGroup(userName,newGroup)

Line 45 is 

ldapConnection.Invoke("Add", new object[] {newUser});

We've been trying to rewrite this piece of code for the last day and are still stumped.

Help?

Thanks

Improve this question

1 Answer 1

Reset to default
8

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
    // find your user
    UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

    if(user != null)
    {
        // find the group in question
        GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "TestDelete");

        // if found....
        if (group != null)
        {
            // add user to group
            group.Members.Add(user);
            group.Save();
        }
    }
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I wish I could up-vote this answer more than once. I feel like almost everything online that I found about AD manipulation via C# links to the Howto: (Almost) Everything in Active Directory via C# [codeproject.com/Articles/18102/… article, which uses the DirectoryEntry API. The DirectoryServices API is much nicer! Thank you very much!
The problem is that the AccountManagement namespace only works if the computer running it is on that domain and can resolve the domains you're querying.
I'm Querying another domain it can be the reason getting exception 'Information about the domain could not be retrieved (1355).' ?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.