I'm trying to write something that (amongst other things) adds a user to an AD group - using VS2010, .Net4 and the library facilities in
I've gotten a user and group by code like the sample below, and this works for other operations like enabling or disabling accounts.
group = System.DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(_UserContext, Name); user = System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(_UserContext, Name);
Now, trying to add the user to the group like:
I get an error with a stack trace beginning like the one listed below with a COM interop error 0x80005000 (unknown). This also happens with other users and on 32 and 64 bit builds. Searching this on the web comes up with a few forum questions, but I can't find any answers. In theory, this should work - this codeproject sample is doing much the same thing.
Has anyone seen this error or have any idea what might have caused it?
Stack trace top:
Unhandled Exception: System.DirectoryServices.AccountManagement.PrincipalOperati onException: Unknown error (0x80005000) ---> System.Runtime.InteropServices.COME xception: Unknown error (0x80005000) at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne ) at System.DirectoryServices.DirectorySearcher.FindOne() at System.DirectoryServices.AccountManagement.ADStoreCtx.IsMemberOfInStore(Gr oupPrincipal g, Principal p) --- End of inner exception stack trace --- at System.DirectoryServices.AccountManagement.ADStoreCtx.IsMemberOfInStore(Gr oupPrincipal g, Principal p) at System.DirectoryServices.AccountManagement.PrincipalCollection.ContainsNat iveTest(Principal principal) at System.DirectoryServices.AccountManagement.PrincipalCollection.Contains(Pr incipal principal) at System.DirectoryServices.AccountManagement.PrincipalCollection.Add(Princip al principal) at System.DirectoryServices.AccountManagement.PrincipalCollection.Add(UserPri ncipal user)
I also ran into the same issue with a (GroupPrincipal instance).Members.Add(UserPrincipal instance).
The workaround (in IronPython) is rather simple thanks to the GetUnderlyingObject method.
de = group.GetUnderlyingObject # Group member DNs are kept in 'member' attribute in LDAP de.Properties['member'].Add(user.DistinguishedName) de.CommitChanges() # Save your work
Just ran into this and noticed that the code project sample was explicitly using the domain's name when creating the context (instead of using null). I changed my code to explicitly specify the domain name, and now it's working fine - I can group.Members.Add(user) without issue.
User contributions licensed under CC BY-SA 3.0