locked
AD + Add User + System.DirectoryServices. RRS feed

  • Question

  • HI,

    I want to Add a user to AD under a particular group say "AD_GrpA".

    the group name is static.

    I want to directly add users under that group.

    I am able to add users but the user gets added directly under the domain.

    How to directly add the user under the specific group.

    -----------------------------

    I am using the dll System.Directoryservices to implement the add functionality.

    ------------------------------

    I am trying to add the user to AD using a webapplication in C# language.

    help appreciated in advance.


    RT_MagStar


    • Edited by RT_MagStar Friday, July 20, 2012 2:08 PM
    Friday, July 20, 2012 12:58 PM

Answers

  • Hi RT_MagStar,

    Before .NET, managing Active Directory objects was a bit lengthy and you needed a good knowledge on the principal store to have your head around on what you want to do. We usually use the System.DirectoryServices namespace, but with .NET 3.5 they introduced System.DirectoryServices.AccountManagement which manages directory objects independent of the System.DirectoryServices namespace .

    P.S. : System.DirectoryServices.AccountManagement is a newer namespace (introduced in .NET 3.5) as compared to System.DirectoryServices. So it would be good if you can modify obsolete methods/namespaces with the newer namespace 'System.DirectoryServices.AccountManagement'.

    Regards,
    Devang Bhavsar


    Sunday, July 22, 2012 6:01 AM

All replies

  • You've posted this in the wrong forum really, but as I've done just this for some test users in my SharePoint dev box it's almost related!

    You don't say how you're trying this, but I'm going to assume powershell. I used a simple script, ADSI and a CSV to generate several hundred accounts very quickly.

    The following should give you enough to work out what to do..

    Paul.

    $class = "User"
    $dc="dc=fabrikam,dc=local"
    $ou="ou=SharePoint Users"
    $ADSI = [ADSI]"LDAP://$ou,$dc"

    Typing $ADSI should show you the Path to the desired OU..

    $user = $ADSI.create($class,"cn=Userfirstname UserSurname")
    $user.setinfo()
    $user.put("Samaccountname","userfirstname.usersurname")
    $user.put("Description","user description text")
    $user.psbase.invokeset("AccountDisabled","False")
    $user.setinfo()
    $user.put("Userprincipalname","userfirstname.usersurname@fabrikam.local")
    $user.psbase.invoke("setPassword","Password01")
    $user.setinfo()
    $currentUAC = [int]($user.userAccountControl.ToString())
    $newUAC = $currentUAC -bor 65536
    $user.put("userAccountControl",$newUAC)
    $user.setinfo()


    Please ensure that you mark a question as Answered once you receive a satisfactory response. This helps people in future when searching and helps prevent the same questions being asked multiple times.


    Friday, July 20, 2012 2:04 PM
  • Cimares,

    thanks for your reply and specifying about the missing detail.


    RT_MagStar

    Friday, July 20, 2012 2:10 PM
  • Hi RT_MagStar,

    If you are using System.DirectoryServices.dll in C#, then please go through the following code snippets which adds user to AD group:

    1) Reference : http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C#36

    public void AddToGroup(string userDn, string groupDn)
    {
        try
        {
            DirectoryEntry dirEntry = new DirectoryEntry("LDAP://" + groupDn);
            dirEntry.Properties["member"].Add(userDn);
            dirEntry.CommitChanges();
            dirEntry.Close();
        }
        catch (System.DirectoryServices.DirectoryServicesCOMException E)
        {
            //doSomething with E.Message.ToString();
    
        }
    }

    2) Reference : http://www.codeproject.com/Articles/90142/Everything-in-Active-Directory-via-C-NET-3-5-Using

    /// <summary>
     /// Adds the user for a given group
     /// </summary>
     /// <param name="sUserName">The user you want to add to a group</param>
     /// <param name="sGroupName">The group you want the user to be added in</param>
     /// <returns>Returns true if successful</returns>
     public bool AddUserToGroup(string sUserName, string sGroupName)
     {
     try
     {
     UserPrincipal oUserPrincipal = GetUser(sUserName);
     GroupPrincipal oGroupPrincipal = GetGroup(sGroupName);
     if (oUserPrincipal == null || oGroupPrincipal == null)
     {
     if (!IsUserGroupMember(sUserName, sGroupName))
     {
     oGroupPrincipal.Members.Add(oUserPrincipal);
     oGroupPrincipal.Save();
     }
     }
     return true;
     }
     catch
     {
     return false;
     }
     }

    Hope this helps. Happy Coding!

    Regards,
    Devang Bhavsar



    Friday, July 20, 2012 2:11 PM
  • Devang Basvar,

    Thank you very much for your code sample.

    In code sample, the dll it is referring to is system.directoryservices.accountmanagement but i need to use system.directoryservices.

    can i use the same methods or should i modify those methods.



    RT_MagStar

    Friday, July 20, 2012 3:04 PM
  • Hi RT_MagStar,

    Before .NET, managing Active Directory objects was a bit lengthy and you needed a good knowledge on the principal store to have your head around on what you want to do. We usually use the System.DirectoryServices namespace, but with .NET 3.5 they introduced System.DirectoryServices.AccountManagement which manages directory objects independent of the System.DirectoryServices namespace .

    P.S. : System.DirectoryServices.AccountManagement is a newer namespace (introduced in .NET 3.5) as compared to System.DirectoryServices. So it would be good if you can modify obsolete methods/namespaces with the newer namespace 'System.DirectoryServices.AccountManagement'.

    Regards,
    Devang Bhavsar


    Sunday, July 22, 2012 6:01 AM