2

I am writing the following method to add users on active directory to a custom group in C#. I have an OU named "SHO Users" and a sub-ou named "SHO Sharepoint User" All my users are saved under sub-ou. I do have a group under the first ou "SHO Users" named "Test GRP". I need to add some of the users to "Test GRP" group with the following code but no luck. I'll really appreciate for any help. Thanks

public void AddToGroup(string userDn, string groupDn)
{
    try
    {
        DirectoryEntry dirEntry = new DirectoryEntry("LDAP://" + groupDn);
        dirEntry.Properties["member"].Add(userDn);
        dirEntry.CommitChanges();
        dirEntry.Close();
    }
    catch (System.DirectoryServices.DirectoryServicesCOMException E)
    {
        //doSomething with E.Message.ToString();

    }
}

protected void btnAdd_Click(object sender, EventArgs e)
{
string UserId = txtFirstname.Text + " " + txtLastname.Text;
AddToGroup("CN=" + UserId + ",OU=SHO Sharepoint User,OU=SHO Users,dc=test,dc=com", "CN=Test GRP,CN=Groups,DC=test,DC=com");
}
Improve this question
10
  • 1
    If you're on .Net 3.5 you should utilize the System.DirectoryServices.AccountManagement namespace (msdn.microsoft.com/en-us/library/…). Commented Jan 6, 2014 at 20:48
  • Unfortunately I'm not on .Net 3.5 and i think I have no choice just using directoryentry functions Commented Jan 6, 2014 at 21:00
  • Does the account running this have permission to add members to the group? From what I recall working with DirectoryEntries was extremely sensitive on this point. You'll need to ensure the application pool identity has this domain permission or you'll need to wrap the call in an impersonation context of a user who does Commented Jan 6, 2014 at 21:15
  • I think i do have the appropriate permission to do this because I'm adding users too and it's working fine. Commented Jan 6, 2014 at 21:48
  • Do you get an exception in the code block that is commented out? Commented Jan 6, 2014 at 21:56

1 Answer 1

Reset to default
1

Try this function:

public void AddToGroup(string userDn, string groupDn)
{
    try
    {
        DirectoryEntry dirEntry = new DirectoryEntry("LDAP://" + groupDn);
        dirEntry.Invoke("Add", new object[] { userDn });
        dirEntry.CommitChanges();
        dirEntry.Close();
    }
    catch (System.DirectoryServices.DirectoryServicesCOMException E)
    {
        //doSomething with E.Message.ToString();

    }
}

To check if the connection string is right you can use the tool AdExplorer. Just select the object you are interested in and copy the address from the top bar.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

still not working. can you take a look at my LDAP strings. I might doing something wrong.
If the machine running the application is not in the domain, you need to add the LDAP server in your connection string: LDAP://server/...
my webserver is already joined to the domain and i have the following on my web.config : <add key="DefaultActiveDirectoryServer" value="192.168.1.1"/>

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.