Reputation: 368
DirectoryServices.DirectoryEntry differences between group invoke("remove") and Property["member"].remove
Using DirectoryServices.DirectoryEntry class I'm trying to remove a user entry from a group in active directory using C# .NET
I came across two ways of doing that,
First way:
DirectoryEntry directoryEntry = new DirectoryEntry(myGroupPath);
directoryEntry.Properties["member"].Remove(userDistinguishedName);
directoryEntry.CommitChanges();
Second way
DirectoryEntry directoryEntry = new DirectoryEntry(myGroupPath);
directoryEntry.Invoke("Remove", userDistinguishedName);
Acording to the msdn Invoke documentation, it says that Invoke Calls a method on the native Active Directory Domain Services object. How is it different than the first way?
Upvotes: 2
Views: 1528
Answers (1)
Reputation: 368
Well I did my research and here's what I have reached to.
Let's start with the Second Way
DirectoryEntry.Invoke(methodName, ADsPath)
As the msdn Invoke documentation offers, Invoke Calls a method on the native Active Directory Domain Services object. In our case we're invoking the group membership Interface IADsGroup
Basically, IADsGroup:
Manages group membership data in a directory service. It enables you to get member objects, test if a given object belongs to the group, and to add, or remove, an object to, or from the group.
Is an interface that implements IADs & IDispatch interfaces.
a) IADs: supplies the basic maintenance functions for ADSI objects.
- Is an interface that defines basic object features, that is, properties and methods, of and ADSI object. E.g. “Get” is a method that gets the value for a property by its name. “Class” is a property that gets the name of the object’s schema class.
- Loads object’s attributes to the property cache. E.g. when calling Invoke(“Remove”), the first thing, it loads the member attribute to the cache.
- Accesses and modifies the object’s attribute values in the property cache.
- Commits changes to the persistent directory store.
b) IDispatch: interface to enable access by Automation clients, such as Visual Basic. Which exposes objects, methods and properties to programming tools and other applications that support Automation.
3. It provides methods for managing and extending the directory schema.
Interfaces defined by ADSI can support specific properties and syntaxes for your providers. However, providers can choose to extend an ADSI interfaces definitions and support other properties.
So, If you're using the well known common actions on AD, ADSI interfaces saves you the trouble of managing the property cache, and forgetting to commit changes which can be a problem
DirectoryEntry.Properties[“member”].Remove
Basically calls ADSI interface to retrieve the value of the property. IADsGroup does exactly the same for you.
Upvotes: 3
Related Questions
- System.DirectoryServices.Protocol add/remove user from group
- GroupPrincipal.Members.Remove() doesn't work with a large AD group
- DirectoryEntry.Invoke("groups",null) not retrieving all groups?
- Adding and removing users from Active Directory groups in .NET
- Getting Exception trying to delete a Local User Group using Directory Services Account Management in C#
- c# DirectoryEntry.Properties vs DirectoryEntry.InvokeGet?
- Why does removing a local group via WinNT protocol results in a NotImplementedException?
- DirectoryInfo.Delete vs Directory.Delete
- DirectoryEntry.Children.Remove throws "unspecified error"
- Active Directory Is User Deactivated Code Snippet Needed?