I have written a .Net 3.5 C# code which updates few fields in AD. It worked fine until i wanted to update "manager" field in AD. I googled and found out that we need to have DN in manager field.
So I am fetching DN for manager and simply assigning it to "manager" attribute. but it does not update the "manager" attribute. The code does not give any error . We manually updated DN to "manager" field in AD that my code is generating , and it worked
fine. Only the code does not work.
Currently, none of employees have "manager" attribute set . So i need to create a property.
I was wondering if it has to do something with the permission ?
Should require no more permissions than updating any other field. Make sure you are call commitchanges after assigning the DN to the property or else it will not update.
Without seeing the code I am not sure. Works for me just fine. Check to make sure the DN you are using is the correct format. But if its not formatted correctly it should give you an error when you try and commit the changes. When using the DN I find it
best to always do a search in AD based on the user's samaccountname and pull the DN from that to ensure its correct.
'Found user to update manager. Cast the result as a DirectoryEntry
Dim DE as DirectoryEntry = New DirectoryEntry(result.path, UsernameStr, PasswordStr)
DE.Properties("manager").value = "CN=Smith\, Bob,OU=.OU=,DC=,DC=com" 'use code to search for manager's DN based on his samaccountname
DE.CommitChanges()
DE.Close()
I had the same general question on our Network guy at work. From what he told me, they can configure security on attribute level. Make sure you have full access rights to edit all attributes. Check with your network admin
Hello Gww, I am doing the same thing . Here is my code. I manually added the DN to AD [ got the value that my code generated ] and it worked fine. just the code does not update.
/** to set manager field ***********************************************************
string mangr = FindManager.GetManager(dr["Supervisor PERSON_ID"].ToString(), SettingFile);
if (mangr != "")
{
SetProperty(objDE, "Manager", mangr);
}
/*** this code will find the manager *************************************************
public static string GetManager(string employeeID, string SettingFile)
{
string ADRoot = AppSetting("RootPath", SettingFile);
DirectoryEntry de = new DirectoryEntry(ADRoot);
DirectorySearcher mySearcher = new DirectorySearcher(de);
mySearcher.Filter = "(&(objectClass=user)(objectClass=person)(employeeID=" + employeeID + "))";
mySearcher.PropertiesToLoad.Add("DistinguishedName");
string filter;
SearchResult resEnt;
string guid = string.Empty;
resEnt = mySearcher.FindOne();
if (resEnt != null)
{
string managerName = (string)resEnt.Properties["DistinguishedName"][0];
return managerName;
}
return "";
}
/** to set property ****************************************************************
static void SetProperty(DirectoryEntry oDE, string PropertyName, string PropertyValue)
{
//check if the property exists before adding it to the list
if (oDE.Properties.Contains(PropertyName))
{
//check if the value is valid, otherwise dont update
if (PropertyValue == null || PropertyValue == "")
{
oDE.Properties[PropertyName].Clear();
}
else
{
oDE.Properties[PropertyName].Value = PropertyValue;
}
}
else
{
if (PropertyValue != null && PropertyValue != "")
{
oDE.Properties[PropertyName].Add(PropertyValue);
}
}
}
Hello amosCabanban86, yes i did check with server guys and they said, the account has full authorization to update all AD attrinutes. so there is not much i can do about it :(
Two things you can check. Make sure the
GetManager function is returning the DN. But what I think the problem might be is that in your
SetProperty function you check to see if the property exists before updating. The problem with that is that if a property contains no data is technically does not exist. So when your code
oDE.Properties.Contains("manager")
runs looking for the manager field it will not it and not update it. Try commenting out that if/else statement and just use
oDE.Properties[PropertyName].Value = PropertyValue;.
Dulari
Hello Gww, I am doing the same thing . Here is my code. I manually added the DN to AD [ got the value that my code generated ] and it worked fine. just the code does not update.
/** to set manager field *********************************************************** string mangr = FindManager.GetManager(dr["Supervisor PERSON_ID"].ToString(), SettingFile); if (mangr != "") { SetProperty(objDE, "Manager", mangr); } /*** this code will find the manager ************************************************* public static string GetManager(string employeeID, string SettingFile) { string ADRoot = AppSetting("RootPath", SettingFile); DirectoryEntry de = new DirectoryEntry(ADRoot); DirectorySearcher mySearcher = new DirectorySearcher(de); mySearcher.Filter = "(&(objectClass=user)(objectClass=person)(employeeID=" + employeeID + "))"; mySearcher.PropertiesToLoad.Add("DistinguishedName"); string filter; SearchResult resEnt; string guid = string.Empty; resEnt = mySearcher.FindOne(); if (resEnt != null) { string managerName = (string)resEnt.Properties["DistinguishedName"][0]; return managerName; } return ""; } /** to set property **************************************************************** static void SetProperty(DirectoryEntry oDE, string PropertyName, string PropertyValue) { //check if the property exists before adding it to the list if (oDE.Properties.Contains(PropertyName)) { //check if the value is valid, otherwise dont update if (PropertyValue == null || PropertyValue == "") { oDE.Properties[PropertyName].Clear(); } else { oDE.Properties[PropertyName].Value = PropertyValue; } } else { if (PropertyValue != null && PropertyValue != "") { oDE.Properties[PropertyName].Add(PropertyValue); } } }
Dulari
Member
18 Points
13 Posts
Active Directory Manager field update
Jun 12, 2012 06:43 PM|LINK
Hi,
I have written a .Net 3.5 C# code which updates few fields in AD. It worked fine until i wanted to update "manager" field in AD. I googled and found out that we need to have DN in manager field.
So I am fetching DN for manager and simply assigning it to "manager" attribute. but it does not update the "manager" attribute. The code does not give any error . We manually updated DN to "manager" field in AD that my code is generating , and it worked fine. Only the code does not work.
Currently, none of employees have "manager" attribute set . So i need to create a property.
I was wondering if it has to do something with the permission ?
gww
Contributor
2143 Points
458 Posts
Re: Active Directory Manager field update
Jun 12, 2012 09:17 PM|LINK
Should require no more permissions than updating any other field. Make sure you are call commitchanges after assigning the DN to the property or else it will not update.
Dulari
Member
18 Points
13 Posts
Re: Active Directory Manager field update
Jun 12, 2012 09:32 PM|LINK
Thanks for replying. I am calling CommitChanges. It does update other fields but "manager"
gww
Contributor
2143 Points
458 Posts
Re: Active Directory Manager field update
Jun 13, 2012 12:55 PM|LINK
Without seeing the code I am not sure. Works for me just fine. Check to make sure the DN you are using is the correct format. But if its not formatted correctly it should give you an error when you try and commit the changes. When using the DN I find it best to always do a search in AD based on the user's samaccountname and pull the DN from that to ensure its correct.
'Found user to update manager. Cast the result as a DirectoryEntry Dim DE as DirectoryEntry = New DirectoryEntry(result.path, UsernameStr, PasswordStr) DE.Properties("manager").value = "CN=Smith\, Bob,OU=.OU=,DC=,DC=com" 'use code to search for manager's DN based on his samaccountname DE.CommitChanges() DE.Close()amosCabanban...
Member
441 Points
142 Posts
Re: Active Directory Manager field update
Jun 13, 2012 01:17 PM|LINK
I had the same general question on our Network guy at work. From what he told me, they can configure security on attribute level. Make sure you have full access rights to edit all attributes. Check with your network admin
Dulari
Member
18 Points
13 Posts
Re: Active Directory Manager field update
Jun 13, 2012 05:54 PM|LINK
Hello Gww, I am doing the same thing . Here is my code. I manually added the DN to AD [ got the value that my code generated ] and it worked fine. just the code does not update.
/** to set manager field *********************************************************** string mangr = FindManager.GetManager(dr["Supervisor PERSON_ID"].ToString(), SettingFile); if (mangr != "") { SetProperty(objDE, "Manager", mangr); } /*** this code will find the manager ************************************************* public static string GetManager(string employeeID, string SettingFile) { string ADRoot = AppSetting("RootPath", SettingFile); DirectoryEntry de = new DirectoryEntry(ADRoot); DirectorySearcher mySearcher = new DirectorySearcher(de); mySearcher.Filter = "(&(objectClass=user)(objectClass=person)(employeeID=" + employeeID + "))"; mySearcher.PropertiesToLoad.Add("DistinguishedName"); string filter; SearchResult resEnt; string guid = string.Empty; resEnt = mySearcher.FindOne(); if (resEnt != null) { string managerName = (string)resEnt.Properties["DistinguishedName"][0]; return managerName; } return ""; } /** to set property **************************************************************** static void SetProperty(DirectoryEntry oDE, string PropertyName, string PropertyValue) { //check if the property exists before adding it to the list if (oDE.Properties.Contains(PropertyName)) { //check if the value is valid, otherwise dont update if (PropertyValue == null || PropertyValue == "") { oDE.Properties[PropertyName].Clear(); } else { oDE.Properties[PropertyName].Value = PropertyValue; } } else { if (PropertyValue != null && PropertyValue != "") { oDE.Properties[PropertyName].Add(PropertyValue); } } }Dulari
Member
18 Points
13 Posts
Re: Active Directory Manager field update
Jun 13, 2012 05:56 PM|LINK
Hello amosCabanban86, yes i did check with server guys and they said, the account has full authorization to update all AD attrinutes. so there is not much i can do about it :(
gww
Contributor
2143 Points
458 Posts
Re: Active Directory Manager field update
Jun 14, 2012 11:53 AM|LINK
Two things you can check. Make sure the GetManager function is returning the DN. But what I think the problem might be is that in your SetProperty function you check to see if the property exists before updating. The problem with that is that if a property contains no data is technically does not exist. So when your code oDE.Properties.Contains("manager") runs looking for the manager field it will not it and not update it. Try commenting out that if/else statement and just use oDE.Properties[PropertyName].Value = PropertyValue;.
Dulari
Member
18 Points
13 Posts
Re: Active Directory Manager field update
Jun 14, 2012 05:31 PM|LINK
Thanks.. but figured it out.. code is perfectly fine but at the very last, i was again clearing the manager field. [God knows why :P]..