Assgning ACL to newly created AD user thorws either Some or all identity references could not be translated OR The security ID structure is invalid RSS

• • Reply
  

  user5796

  0 Points

  2 Posts

  Assgning ACL to newly created AD user thorws either Some or all identity references could not be ...

  Dec 21, 2012 08:11 AM|LINK

  Hi All,

  I have an application where in I create a directory for a new AD user. I am following 2 ways:-

  1> Use System.Security.Principal.SecurityIdentifier - like below

  SecurityIdentifier sid = new SecurityIdentifier(sid, 0);

  dirSecurity.AddAccessRule(
                                      new FileSystemAccessRule(sid, FileSystemRights.FullControl,
                                          InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                                          PropagationFlags.None, AccessControlType.Allow)
                                      );

                                  Directory.CreateDirectory(directoryName, dirSecurity);

  Here I get The security ID structure is invalid error while executing Directory.CreateDirectory(directoryName, dirSecurity);

  2> Second way, use DomainName\AccountName - like below

  string accountName = DomainName + "\\" + name;

  dirSecurity.AddAccessRule(
                                      new FileSystemAccessRule(accountName, FileSystemRights.FullControl,
                                          InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                                          PropagationFlags.None, AccessControlType.Allow)
                                      );
                                  Directory.CreateDirectory(directoryName, dirSecurity);

  Here I get Some or all identity references could not be translated while executing dirSecurity.AddAccessRule(...

  I am trying to execute the above as soon as I create a user, but if I try after 20-30 seconds, the same code works fine. Please let me know what could be the issue. Thanks!

• • Reply
  

  gnosischief

  Participant

  1022 Points

  222 Posts

  Re: Assgning ACL to newly created AD user thorws either Some or all identity references could not...

  Dec 25, 2012 01:54 PM|LINK

  user5796

  I am trying to execute the above as soon as I create a user, but if I try after 20-30 seconds, the same code works fine.

  AD take some time to create a user.

  add some delay in between create user and assign folder permissions (NTFS security permissions).

  you can also track the handelers of AD e.g. usercreated, directory created or permission applied.

  Please remember to click “Mark as Answer” on the post that helps you. This can be beneficial to other community members reading the thread.
  • Marked as answer by Angie xu - MSFT on Dec 28, 2012 02:32 AM