Reputation: 442
Use C# to disable a computer in Active Directory
I've been trying to write a quick and dirty C# .exe that I can distribute to some student workers in our IT office. The .exe should be able to detect the name of the machine on which it's being run, search for that name in Active Directory, and disable the computer entry. So far I haven't had a problem with the name detection or search, but the bit of removal code is giving me a false positive when I can go directly into Active Directory to see that the computer entry has not been disabled.
private void confirmRemoveButton_Click(object sender, EventArgs e)
{
string computerName = Environment.MachineName;
using (PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, null, "useraccount", "password"))
{
ComputerPrincipal computer = ComputerPrincipal.FindByIdentity(domainContext, computerName);
if (computer != null)
{
try
{
computer.Enabled = false;
label3.Visible = true;
label3.Text = "Computer was disabled in Active Directory.";
button1.Visible = true;
}
catch (Exception x)
{
label3.Visible = true;
label3.Text = "Unable to disable computer with exception " + x;
button1.Visible = true;
}
}
else if (computer == null)
{
label3.Visible = true;
label3.Text = "Computer was not found in Active Directory.";
button1.Visible = true;
}
else
{
label3.Visible = true;
label3.Text = "Unexpected error in computer search.";
button1.Visible = true;
}
}
}
This is the code I have right now; the preceding code is about having the user check the computer name against the detected computer name and confirm that they actually want to disable the computer account. Once they click to confirm this (misleadingly currently labeled as confirm removal button), it should run this code to report success or failure. However, in testing, it reports success though I can see the computer object is not disabled.
This link (http://stackoverflow.com/questions/591681/using-c-how-do-you-check-if-a-computer-account-is-disabled-in-active-directory) is a topic relating to disabling a computer account in the title, but the comments and code all seem to suggest that this applies to disabling a user account.
Any insight would be appreciated :)
Upvotes: 4
Views: 2216
Answers (2)
Reputation: 2453
You have to save the PrincipalComputer object. Otherwise your code is fine. Here's a simple console app version which will return nothing if the computer doesn't exist.
static void Main(string[] args)
{
Console.WriteLine("Enter the name of the computer you wish to disable");
string ComputerName = Console.ReadLine();
if (ComputerName != "" && ComputerName != null)
{
using (PrincipalContext TargetDomain = new PrincipalContext(ContextType.Domain, null, "admin", "password"))
{
ComputerPrincipal TargetComputer = ComputerPrincipal.FindByIdentity(TargetDomain, ComputerName);
if (TargetComputer != null)
{
if ((bool)TargetComputer.Enabled)
{
Console.WriteLine("Computer is currently enabled, it will now be disabled");
TargetComputer.Enabled = false;
Console.WriteLine("Is computer now enabled? " + TargetComputer.Enabled);
TargetComputer.Save();
}
else
{
Console.WriteLine("Computer is currently disabled, it will now be enabled");
TargetComputer.Enabled = true;
Console.WriteLine("Is computer now enabled? " + TargetComputer.Enabled);
TargetComputer.Save();
}
Console.Read();
}
}
}
}
dang, Kieren beat me to it!
Note, sometimes it can take awhile before AD recognizes what has happened.
Upvotes: 3
Reputation: 42003
You need to call Save on the ComputerPrincipal object:
http://msdn.microsoft.com/en-us/library/bb354074.aspx
Upvotes: 4
Related Questions
- Disable User Account in Active Directory using C# Code
- Using C#, how do you check if a computer account is disabled in active directory?
- Using Active Directory to prevent user from performing certain action in a window application
- How to check that windows account is disabled in C#?
- Lock Active Directory accounts programmatically
- how to delete computer account from Active Directory using c#
- Enable or Disable a User on Local Computer
- deleting computer account from AD c#
- Check if Active Directory Account is Locked out (WPF C#)
- Block access for user to change his machine address in C# .NET for Windows Forms