locked
Assgning ACL to newly created AD user thorws either Some or all identity references could not be translated OR The security ID structure is invalid RRS feed

  • Question

  • User666848575 posted

    Hi All,

    I have an application where in I create a directory for a new AD user. I am following 2 ways:-

    1> Use System.Security.Principal.SecurityIdentifier - like below

    SecurityIdentifier sid = new SecurityIdentifier(sid, 0);

    dirSecurity.AddAccessRule(
                                        new FileSystemAccessRule(sid, FileSystemRights.FullControl,
                                            InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                                            PropagationFlags.None, AccessControlType.Allow)
                                        );

                                    Directory.CreateDirectory(directoryName, dirSecurity);

    Here I get The security ID structure is invalid error while executing Directory.CreateDirectory(directoryName, dirSecurity);

    2> Second way, use DomainName\AccountName - like below

    string accountName = DomainName + "\\" + name;

    dirSecurity.AddAccessRule(
                                        new FileSystemAccessRule(accountName, FileSystemRights.FullControl,
                                            InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
                                            PropagationFlags.None, AccessControlType.Allow)
                                        );
                                    Directory.CreateDirectory(directoryName, dirSecurity);

    Here I get Some or all identity references could not be translated while executing dirSecurity.AddAccessRule(...

    I am trying to execute the above as soon as I create a user, but if I try after 20-30 seconds, the same code works fine. Please let me know what could be the issue. Thanks!

    Friday, December 21, 2012 4:11 AM

Answers

  • User700362322 posted

    I am trying to execute the above as soon as I create a user, but if I try after 20-30 seconds, the same code works fine.

    AD take some time to create a user.

    add some delay in between create user and assign folder permissions (NTFS security permissions).

    you can also track the handelers of AD e.g. usercreated, directory created or permission applied.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, December 25, 2012 9:54 AM