CODEWITHSUNDEEP
c#active-directoryexchange-serverdirectorysearcher
BDarley
BDarley

Reputation: 1275

More than one ManagedBy entity on an Active Directory group

Is it possible to have more than one entity/person listed as a manager of an AD group?

I have a distribution group created using Exchange. The group has multiple ManagedBy entities when viewed from the Exchange side.

When I query using DirectorySearcher AD only shows just one entry for ManagedBy, the first entry.

I can update the ManagedBy with a string value of a known user but using something like the below doesn't seem to work.

Code snippet A:

using (var context = new PrincipalContext(ContextType.Domain, _connection.Domain, _connection.ServiceUserName, _connection.ServicePassword))
{
    using (var searcher = new PrincipalSearcher())
    {
        var sp = new GroupSearchPrincipal(context, groupDn);
        searcher.QueryFilter = sp;

        var groupSearch = searcher.FindOne();

        if (groupSearch is null)
        {
            throw new Exception($"The Group with SamAccountName {groupDn} could not be found");
        }

        var directoryEntry = (DirectoryEntry)groupSearch.GetUnderlyingObject();

        directoryEntry.Properties["managedBy"].Add(managerDn);

        directoryEntry.CommitChanges();
        directoryEntry.Close();
    }

    return SuccessResponse();
}

Committing the change yields the result shown in this screenshot:

Error Saving Changes

The error possibly means that I'm adding a value that already exists with the included new value from 'managerDn'. Clearing the value seems to confirm this.

directoryEntry.Properties["managedBy"].Clear();

Are multiple managedBy entries exclusive to Exchange?

Upvotes: 1

Views: 1280

Answers (1)

BDarley
BDarley

Reputation: 1275

If the group was created with Exchange it'll likely contain the attribute

msExchCoManagedByLink

This identifies the additional ManagedBy entities I was looking for.

Upvotes: 3

Related Questions