Reputation: 43
Having problems adding users to an Active Directory group using C#
Okay, my problem right now is we're trying to write code that will add a user to a different group in our Active Directory. This is the solution we've written.
Part of the main method:
string newGroup = "TestDelete";
string userName = result.Properties["cn"][0].ToString();
string adduser = ad.AddToGroup(userName, newGroup);
Console.WriteLine(String.Format("{0} : {1}",userName, adduser));
Which calls this method from another class:
public String AddToGroup(string userDn, string groupDn)
{
try
{
DirectoryEntry ldapConnection = new DirectoryEntry("LDAP://OU=" + groupDn + ",DC=blah,DC=blah,DC=blah");
ldapConnection.AuthenticationType = AuthenticationTypes.Secure;
string newUser = "CN=" + userDn + "CN=Members,DC=blah,DC=blah,DC=blah";
ldapConnection.Invoke("Add", new object[] { newUser });
ldapConnection.CommitChanges();
ldapConnection.Close();
return "Success";
}
catch (System.DirectoryServices.DirectoryServicesCOMException E)
{
Console.WriteLine("Exception caught:\n\n" + E.ToString());
}
}
It's throwing the exception
System.Runtime.InteropServices.COMException (0x80020006): Unknown name. (Exception from HRESULT: 0x80020006 (DISP_E_UNKNOWNNAME))
at System.DirectoryServices.DirectoryEntry.InvokeSet(String propertyName, Object[] args)
at adjustUsers.Program.AddToGroup(String userDn, String groupDn) in C:\Users\XXX\Documents\Visual Studio 2010\Projects\UserPruning\adjustUsers\Program.cs:line 45
at UserPruning.MainProgram.Main(String[] args) in C:\Users\XXX\Documents\Visual Studio 2010\Projects\UserPruning\UserPruning\MainProgram.cs:line 46
Which, as far as we've been able to find indicates a problem with our syntax.
Line 46 is
string adduser = ad.AddToGroup(userName,newGroup)
Line 45 is
ldapConnection.Invoke("Add", new object[] {newUser});
We've been trying to rewrite this piece of code for the last day and are still stumped.
Help?
Thanks
Upvotes: 3
Views: 6870
Answers (1)
Reputation: 754220
If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
- Managing Directory Security Principals in the .NET Framework 3.5
- MSDN docs on System.DirectoryServices.AccountManagement
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
// find your user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
// find the group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "TestDelete");
// if found....
if (group != null)
{
// add user to group
group.Members.Add(user);
group.Save();
}
}
}
The new S.DS.AM makes it really easy to play around with users and groups in AD!
Upvotes: 8
Related Questions
- Server is unwilling to process the request - Active Directory - Add User via C#
- .net : How to add a user to a Active Directory Security Group using C#?
- C# add active directory user to group
- Domain Users group is not getting for an active directory user
- C#.NET, Adding AD user to AD group - The object already exists
- Adding an AD user to an AD group
- User not found when adding an AD group to an SP group
- Active Directory Group Members Issue
- Add user to Active Directory group results in "Access Denied"
- Adding User to AD Security Group fails after user creation