LDAP and AD - Error adding user to group with C #

3

I'm trying to add a user to the group, but I get the following error:

  

Message: The server is reluctant to process the request.   ErrorCode: -2147016651
  ExtendedError: 1359
  ExtendedErrorMessage: 0000054F: SvcErr: DSID-031A120C, Problem 5003 (WILL_NOT_PERFORM), Date 0
  HResult: -2147016651

I get this with the following code:

    public void UpdateUserGroup(ADEntry selectedEntry, ADEntry groupEntry, bool addUser)
    {
        DirectoryEntry selectedDirEntry = selectedEntry.ToDirectoryEntry(this.Connector.Credential);
        DirectoryEntry groupDirEntry = groupEntry.ToDirectoryEntry(this.Connector.Credential);

        if ((selectedDirEntry.SchemaClassName.Equals("user")) && (groupDirEntry.SchemaClassName.Equals("group")))
        {
            if (addUser)
            {
                groupDirEntry.Properties["member"].Add(selectedDirEntry.Path);
            }
            else
            {
                groupDirEntry.Properties["member"].Remove(selectedDirEntry.Path);
            }

            groupDirEntry.CommitChanges();
            groupDirEntry.RefreshCache();
        }
    }

The user I am using is DomainAdmin. Anyone have any suggestions for solution?

Thank you.

    
asked by anonymous 23.05.2014 / 17:33

2 answers

2

If you are in 3.5+ you should move to using the System.DirectoryServices.AccountManagement classes. Everything is much simpler. You have to initialize a MainContext and then rely on it to do the operations. I used the same as you, made it very easy to use the new namespace.

I do not have my source here, but I think this should solve the problem. If it does not resolve, let me know:

public void AddUserToGroup(string userId, string groupName) 
{ 
    try 
    { 
        using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "COMPANY"))
        {
            GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, groupName);
            group.Members.Add(pc, IdentityType.UserPrincipalName, userId);
            group.Save();
        }
    } 
    catch (System.DirectoryServices.DirectoryServicesCOMException E) 
    { 
        //doSomething with E.Message.ToString(); 

    } 
} 

public void RemoveUserFromGroup(string userId, string groupName)
{   
    try 
    { 
        using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "COMPANY"))
        {
            GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, groupName);
            group.Members.Remove(pc, IdentityType.UserPrincipalName, userId);
            group.Save();
        }
    } 
    catch (System.DirectoryServices.DirectoryServicesCOMException E) 
    { 
        //doSomething with E.Message.ToString(); 

    }
}
    
27.05.2014 / 07:07
0

I was able to resolve using DirectoryServices , I had to use the signature provided by the user and the password. In the end the method looks like this:

public void UpdateUserGroup(ADEntry selectedEntry, ADEntry groupEntry, bool addUser)
{
    if (selectedEntry.Type == ADEntryType.User && groupEntry.Type == ADEntryType.Group)
    {
        using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, this.Connector.Credential.Server, Connector.Credential.User, Connector.Credential.Password))
        {
            GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, groupEntry.Name);

            if (addUser)
            {
                group.Members.Add(pc, IdentityType.Name, selectedEntry.Name);                        
            }
            else
            {
                group.Members.Remove(pc, IdentityType.Name, selectedEntry.Name);
            }

            group.Save();
        }
    }            
}

Thanks Luiz for help .

    
27.05.2014 / 17:37