the error is: System.Runtime.InteropServices.COMException: A device attached to the system is not functioning.
if i change this code and modify like this:
entryDomain.Properties["member"].Add(de4.Properties["distinguishedName"].Value);
//Commit the changes to the directory.
entryDomain.CommitChanges();
the error is:System.Runtime.InteropServices.COMException: The requested operation did not satisfy one or more constraints associated with the class of the object.
Now, i have tried the code like this:
DirectoryEntry dom = new DirectoryEntry();
DirectoryEntry group = dom.Children.Find("CN=Testinfo"); //terstinfo is the group name
// Add a single user to a group;
DirectoryEntry usr = group.Children.Add("CN=test777","user");
usr.Properties["samAccountName"].Value = "testuser445";
usr.CommitChanges();
the error is :System.Runtime.InteropServices.COMException: There is a naming violation.
Yes, you have a number of problems with your code. I think you might be misunderstanding what relates to what in AD.
So, when you attach the RootDSE and get the defaultNamingContext, you have attached to the root partition for the domain. This partition is a kind of container, not a group or user.
Here you have the DirectoryEntry representing the "Administrators" group with 'de4'. However, you are adding an invalid member syntax. You can only add to the group's 'member' attribute a DN (i.e. "CN=someone,OU=foo,DC=..." format) string. You have added
'indra' which is completely meaningless to the directory. If 'indra' is a user, you need that user's DN (distinguishedName).
entryDomain.Properties["member"].Add(de4.Properties["distinguishedName"].Value);
//Commit the changes to the directory.
entryDomain.CommitChanges();
This code cannot work because 'entryDomain' points to the root partition. It is not a group, therefore it has no 'member' attribute. Even though you are adding the correct format at least, I don't think you would want to add the Administrators group as a
member anyway, I think you are trying to add to the Administrators group itself. So you have it backwards and to the wrong object.
DirectoryEntry group = dom.Children.Find("CN=Testinfo"); //terstinfo is the group name
// Add a single user to a group;
DirectoryEntry usr = group.Children.Add("CN=test777","user");
usr.Properties["samAccountName"].Value = "testuser445";
usr.CommitChanges();
If TestInfo is a group, then it has no Children. Groups have a 'member' attribute, they are not containers that hold other objects. They cannot have a .Children. To add to a group, you add to the 'member' attribute the member's DN.
So let's try this:
DirectoryEntry group = new DirectoryEntry(
"LDAP://CN=Group1,OU=Groups,DC...", //correct this for your environment!
"domain\\username",
"password",
AuthenticationTypes.Secure
);
using (group)
{
string dn = "CN=somemember,OU=someou,DC=domain,DC=com"; //DN for member
group.Properties["member"].Add(dn);
group.CommitChanges();
}
Thank u i got it.
I am able to display all the users in administrators group.
like this:
myserach.filter=(&(objectclass=group)(samaccountname=Administrators))
My doubt how to add the user ot administrator group.
But i cannot see the Administrator group.
Help me.
Thanks in advance.
You can add any group with code the same as with the MMC. If you attempt to add this group using the Windows UI tool, I would suspect you are getting an error as well. Most likely because depending on your domain functional level (Windows 2000 native, etc),
it will allow or disallow a global group to hold other global groups. If you research what rules are out there nesting groups, you will see that they depend on the domain functional level. Your code cannot do anything about this unless you change the functional
level.
One other comment, everywhere you are getting a DirectoryEntry or SearchResultCollection, you should be calling Dispose. I can see that you have not done this and it will likely cause problems in long running applications as objects can tend to leak memory
in .NET v1.x (and possibly v2) with this namespace.
nizdon
Member
117 Points
24 Posts
Active Directory
Nov 25, 2005 12:07 PM|LINK
While adding an existing or new active directory user to a groups(like Administrators,etc..) i am getting an error
"The server is unwilling to process the request" and some times "A device attached to the system is not functioning"
could any one can help me.
Thanks in advance.
dunnry
Star
9098 Points
1806 Posts
Re: Active Directory
Nov 25, 2005 04:27 PM|LINK
If you post the offending code you might have a better chance of getting an answer.
Weblog
The Book
LDAP Programming Help
nizdon
Member
117 Points
24 Posts
Re: Active Directory
Nov 28, 2005 07:25 AM|LINK
here is the code
DirectoryEntry de1 = new DirectoryEntry("LDAP://RootDSE");
string domain = de1.Properties["defaultNamingContext"][0].ToString();
DirectoryEntry entryDomain = new DirectoryEntry("LDAP://" + domain );
entryDomain.AuthenticationType=AuthenticationTypes.Delegation;
entryDomain.Username="Administrator";
entryDomain.Password="adminpassword";
DirectorySearcher mysearch=new DirectorySearcher(entryDomain);
mysearch.Filter = "(&(ObjectClass=group)(sAMAccountName=Administrators))";
SearchResult search=mysearch.FindOne();
DirectoryEntry de4=search.GetDirectoryEntry();
de4.Properties["member"].Add("indra");
de4.CommitChanges();
the error is: System.Runtime.InteropServices.COMException: A device attached to the system is not functioning.
if i change this code and modify like this:
entryDomain.Properties["member"].Add(de4.Properties["distinguishedName"].Value);
//Commit the changes to the directory.
entryDomain.CommitChanges();
the error is:System.Runtime.InteropServices.COMException: The requested operation did not satisfy one or more constraints associated with the class of the object.
Now, i have tried the code like this:
DirectoryEntry dom = new DirectoryEntry();
DirectoryEntry group = dom.Children.Find("CN=Testinfo"); //terstinfo is the group name
// Add a single user to a group;
DirectoryEntry usr = group.Children.Add("CN=test777","user");
usr.Properties["samAccountName"].Value = "testuser445";
usr.CommitChanges();
the error is :System.Runtime.InteropServices.COMException: There is a naming violation.
dunnry
Star
9098 Points
1806 Posts
Re: Active Directory
Nov 28, 2005 05:37 PM|LINK
So, when you attach the RootDSE and get the defaultNamingContext, you have attached to the root partition for the domain. This partition is a kind of container, not a group or user.
Here you have the DirectoryEntry representing the "Administrators" group with 'de4'. However, you are adding an invalid member syntax. You can only add to the group's 'member' attribute a DN (i.e. "CN=someone,OU=foo,DC=..." format) string. You have added 'indra' which is completely meaningless to the directory. If 'indra' is a user, you need that user's DN (distinguishedName).
This code cannot work because 'entryDomain' points to the root partition. It is not a group, therefore it has no 'member' attribute. Even though you are adding the correct format at least, I don't think you would want to add the Administrators group as a member anyway, I think you are trying to add to the Administrators group itself. So you have it backwards and to the wrong object.
If TestInfo is a group, then it has no Children. Groups have a 'member' attribute, they are not containers that hold other objects. They cannot have a .Children. To add to a group, you add to the 'member' attribute the member's DN.
So let's try this:
DirectoryEntry group = new DirectoryEntry(
"LDAP://CN=Group1,OU=Groups,DC...", //correct this for your environment!
"domain\\username",
"password",
AuthenticationTypes.Secure
);
using (group)
{
string dn = "CN=somemember,OU=someou,DC=domain,DC=com"; //DN for member
group.Properties["member"].Add(dn);
group.CommitChanges();
}
Weblog
The Book
LDAP Programming Help
nizdon
Member
117 Points
24 Posts
Re: Active Directory
Nov 30, 2005 04:23 AM|LINK
Thank u i got it.
I am able to display all the users in administrators group.
like this:
myserach.filter=(&(objectclass=group)(samaccountname=Administrators))
My doubt how to add the user ot administrator group.
But i cannot see the Administrator group.
Help me.
Thanks in advance.
nizdon
Member
117 Points
24 Posts
Re: Active Directory
Nov 30, 2005 05:34 AM|LINK
I am displaying chlids of the RootDse kloke this:
DirectoryEntry de = new DirectoryEntry("LDAP://RootDSE");
string domain = de.Properties["defaultNamingContext"][0].ToString();
DirectoryEntry entryDomain = new DirectoryEntry("LDAP://" + domain);
foreach(DirectoryEntry child in entryDomain.Children)
{
Response.Write("<br>" + child.Name.ToString());
}
the oupput i get is:
CN=Builtin
CN=Computers
OU=Domain Controllers
CN=ForeignSecurityPrincipals
CN=Infrastructure
CN=LostAndFound
CN=NTDS Quotas
CN=Program Data
CN=System
CN=TestPhanindra
CN=Users
i am adding the user to the group called TestPhanindra( this group is the child of rootdse) like this:
DirectoryEntry group = new DirectoryEntry(
"LDAP://CN=TestPhanindra,DC=plaindia,DC=com",
"domain\\Administrator",
"password",
AuthenticationTypes.Secure
);
using (group)
{
string dn = "CN=Nizdon,CN=Users,DC=plaindia,DC=com"; //DN for member
group.Properties["member"].Add(dn);
group.CommitChanges();
}
This code works fine for this group .I am able to add this user(nizdon) to TestPhanindra group.
I am not able to add the user to Administrators group.
I am displaying the groups present in my domain like this
DirectorySearcher mysearch=new DirectorySearcher(entryDomain);
SearchResultCollection mySearchResultColl;
SearchResult mySearchResult ;
string strName;
string strname1;
int nTotalObjects = 0;
string grpname="group";
string strCat = "(objectCategory=" + grpname + ")";
mysearch.Filter = strCat;
try
{
foreach(SearchResult result in mysearch.FindAll())
{
strName = result.GetDirectoryEntry().Name;
strName = strName.Remove(0, 3);
strname1=result.GetDirectoryEntry().Path ;
Console.WriteLine(strName +""+ strname1);
nTotalObjects++;
}
Console.WriteLine(nTotalObjects.ToString());
}
catch(Exception ex)
{
Console.WriteLine(ex.Message.ToString());
}
The OuTput i am getting is :
Administrators path is: LDAP://CN=Administrators,CN=Builtin,DC=plaindia,DC=com
TestPhanindra path is : LDAP://CN=TestPhanindra,DC=plaindia,DC=com
I am able to add user to TestPhanindra group.
But not able to add to Administrators .
One more doubt is How to add groups .
I have added groups like this:
string groupname="PhannindraTest";
string Desc="Mygroup description";
DirectoryEntry de1 = new DirectoryEntry("LDAP://RootDSE");
//DirectoryEntry de1 = new DirectoryEntry("GC://RootDSE");
string domain = de1.Properties["defaultNamingContext"][0].ToString();
DirectoryEntry entryDomain = new DirectoryEntry("LDAP://" + domain );
DirectoryEntry newGroup=entryDomain.Children.Add("CN=" + groupname, "group");
newGroup.Properties["saMAccountname"].Value = groupname;
newGroup.Properties["Description"].Value = Desc;
newGroup.CommitChanges();
This code works fine.But it is getting added to RootDse.
To this group i am able to add users.But not able to add to other groups.
Help me .
Thanks in advance.
dunnry
Star
9098 Points
1806 Posts
Re: Active Directory
Nov 30, 2005 01:59 PM|LINK
One other comment, everywhere you are getting a DirectoryEntry or SearchResultCollection, you should be calling Dispose. I can see that you have not done this and it will likely cause problems in long running applications as objects can tend to leak memory in .NET v1.x (and possibly v2) with this namespace.
Weblog
The Book
LDAP Programming Help
nizdon
Member
117 Points
24 Posts
Re: Active Directory
Dec 01, 2005 03:33 AM|LINK
I am able to add the user to any group like domain admins,enterprise admins,etc
But i am not able to add to Administrators group.
i want my user to be like Administrator user.
dunnry
Star
9098 Points
1806 Posts
Re: Active Directory
Dec 01, 2005 02:35 PM|LINK
Weblog
The Book
LDAP Programming Help
nizdon
Member
117 Points
24 Posts
Re: Active Directory
Dec 02, 2005 04:48 AM|LINK
It is not the local Adminstrator group.
when i am displaying groups present in my domain , i can see Administrator group.
Manually i am able to add to that Administrator group.
But when i am adding through program i am getting error.
" A device attached to system is not Functioning".