Having problems adding users to an Active Directory group using C#

Okay, my problem right now is we're trying to write code that will add a user to a different group in our Active Directory. This is the solution we've written.

Part of the main method:

string newGroup = "TestDelete";
string userName = result.Properties["cn"][0].ToString();
string adduser = ad.AddToGroup(userName, newGroup);
Console.WriteLine(String.Format("{0} : {1}",userName, adduser)); 

Which calls this method from another class:

public String AddToGroup(string userDn, string groupDn)
{
    try
    {
        DirectoryEntry ldapConnection = new DirectoryEntry("LDAP://OU=" + groupDn + ",DC=blah,DC=blah,DC=blah");
        ldapConnection.AuthenticationType = AuthenticationTypes.Secure;

        string newUser = "CN=" + userDn + "CN=Members,DC=blah,DC=blah,DC=blah";

        ldapConnection.Invoke("Add", new object[] { newUser });
        ldapConnection.CommitChanges();
        ldapConnection.Close();

        return "Success";
    }
    catch (System.DirectoryServices.DirectoryServicesCOMException E)
    {
        Console.WriteLine("Exception caught:\n\n" + E.ToString());
    }
}

It's throwing the exception

System.Runtime.InteropServices.COMException (0x80020006): Unknown name. (Exception from HRESULT: 0x80020006 (DISP_E_UNKNOWNNAME))
at System.DirectoryServices.DirectoryEntry.InvokeSet(String propertyName, Object[] args)
at adjustUsers.Program.AddToGroup(String userDn, String groupDn) in C:\Users\XXX\Documents\Visual Studio 2010\Projects\UserPruning\adjustUsers\Program.cs:line 45
at UserPruning.MainProgram.Main(String[] args) in C:\Users\XXX\Documents\Visual Studio 2010\Projects\UserPruning\UserPruning\MainProgram.cs:line 46

Which, as far as we've been able to find indicates a problem with our syntax.

Line 46 is

string adduser = ad.AddToGroup(userName,newGroup)

Line 45 is

ldapConnection.Invoke("Add", new object[] {newUser});

We've been trying to rewrite this piece of code for the last day and are still stumped.

Help?

Thanks

If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• Managing Directory Security Principals in the .NET Framework 3.5
• MSDN docs on System.DirectoryServices.AccountManagement

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
    // find your user
    UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

    if(user != null)
    {
        // find the group in question
        GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "TestDelete");

        // if found....
        if (group != null)
        {
            // add user to group
            group.Members.Add(user);
            group.Save();
        }
    }
}

The new S.DS.AM makes it really easy to play around with users and groups in AD!