Lock AD account c#

Question

Lock AD account c#

i need to lock AD account by c#. here is my function

/// <summary>
/// This Methoid will Disable the User Account based on the Directory Entry Object
/// </summary>
/// <param name="oDE">The Directoy Entry Object of the Account to Disable</param>
public void LockAccount(DirectoryEntry oDE)
{
   oDE.InvokeSet("IsAccountLocked", true); 
   //oDE.Properties["userAccountControl"][0] = ADMethods.ADAccountOptions.UF_NORMAL_ACCOUNT | ADMethods.ADAccountOptions.UF_DONT_EXPIRE_PASSWD | ADMethods.ADAccountOptions.UF_ACCOUNT_LOCKOUT;
   //oDE.CommitChanges();
   //oDE.Close();
}

Run it and prom exception:

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Runtime.InteropServices.COMException: Exception from HRESULT: 0x80005008 --- End of inner exception stack trace --- at System.DirectoryServices.DirectoryEntry.InvokeSet(String propertyName, Object[] args)

c#

active-directory

asked on Stack Overflow Sep 25, 2015 by

Nguyen Anh Duc • edited Sep 25, 2015 by

TFrost

1 Answer

I assume that the error comes up on the single uncommented line?

Is it possible that you do not have permission to lock a user. What account permission are you running under?

MSDN says InvokeSet should not be used

This CodeProject link goes into great detail with Active Directory, the specific code to disable an account is this:

public void Disable(string userDn)
{
    try
    {
        DirectoryEntry user = new DirectoryEntry(userDn);
        int val = (int)user.Properties["userAccountControl"].Value;
        user.Properties["userAccountControl"].Value = val | 0x2; 
             //ADS_UF_ACCOUNTDISABLE;

        user.CommitChanges();
        user.Close();
    }
    catch (System.DirectoryServices.DirectoryServicesCOMException E)
    {
        //DoSomethingWith --> E.Message.ToString();    
    }
}

answered on Stack Overflow Sep 25, 2015 by

timbo

User contributions licensed under CC BY-SA 3.0