CODEWITHSUNDEEP
javaactive-directoryldap
delucaezequiel
delucaezequiel

Reputation: 639

Remove User From a Group in Active Directory

I am trying to remove certain list of users from groups in Active Directory. While doing it I found with the following Exception/Error:

javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000054F: SvcErr: DSID-031A1248, problem 5003 (WILL_NOT_PERFORM)

Below is the code that I am using to create the connection to Active Directory.

Hashtable<String, Object> objEnvironment;
objEnvironment = new Hashtable<String, Object>(11);
objEnvironment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
objEnvironment.put(Context.PROVIDER_URL,  "LDAPS://<domain>:636");
objEnvironment.put(Context.SECURITY_AUTHENTICATION, "simple");
objEnvironment.put(Context.SECURITY_PRINCIPAL, <username>);
objEnvironment.put(Context.SECURITY_CREDENTIALS, <password>);
System.setProperty("javax.net.ssl.trustStore", <certificates store path>));
this.objLDAPContext = new InitialLdapContext(objEnvironment, null);

And for removing the group

Connection objActiveDirectory;
ModificationItem objModificationItem[];
objModificationItem = new ModificationItem[1];
objModificationItem[0]= new ModificationItem(LdapContext.REMOVE_ATTRIBUTE, new BasicAttribute("member", <user e-mail>));
objActiveDirectory = new Connection("LDAPS://<domain>:636"), <username>, <password>);
objActiveDirectory.getContext().modifyAttributes(<group distinguishedname>, objModificationItem);
objActiveDirectory.close();

Any idea of how should I face this issue?

Upvotes: 0

Views: 1598

Answers (1)

Brian Desmond
Brian Desmond

Reputation: 4503

You need to replace <user e-mail> with the distinguished name of the user.

Upvotes: 2

Related Questions