none
VB.Net program to disable AD accounts RRS feed

  • Question

  • So I am attempt to create a VB.net program.  Part of the program will need to connect into AD and disable AD accounts.  However I seem to be getting an error when I attempt commit the changes I get error. 

    System.DirectoryServices.DirectoryServicesCOMException (0x80072014): The requested operation did not satisfy one or more constraints associated with the class of the object.

    The same program is able to search AD based on a couple of attributes and pull back info on those accounts, so the AD connection is working.  The account that I am running the program as full rights to the Test AD accounts that I am attempting to disable.  Below is the code that I am attempting to use to disable the accounts.

    Imports System
    Imports System.IO
    Imports System.Collections
    Imports System.DirectoryServices
    Public Class Form1
    
        Public strUserList() As String
        Public strDomainVerifiedList() As String
        Public strVerifiedUserList() As String
        Public objADConnection As Object
        Public ADEntry As New DirectoryEntry("LDAP://DC=domain,DC=com")
        Public ADSearch As New DirectorySearcher(ADEntry)
    
    
    
    
        Private Sub Select_File_Button_Click(sender As Object, e As EventArgs) Handles Select_File_Button.Click
            Dim myStream As Stream = Nothing
            Dim openFileDialog1 As New OpenFileDialog()
    
            openFileDialog1.InitialDirectory = "c:\"
            openFileDialog1.Filter = "txt files (*.txt)|*.txt|All files (*.*)|*.*"
            openFileDialog1.FilterIndex = 2
            openFileDialog1.RestoreDirectory = True
    
            If openFileDialog1.ShowDialog() = System.Windows.Forms.DialogResult.OK Then
                strUserList = IO.File.ReadAllLines(openFileDialog1.FileName)
                For Each strUser In strUserList
                    Users_import_lb.Items.Add(strUser)
                    DisableUsers_LB.Items.Add(strUser)
                Next
            End If
        End Sub
    
        Private Sub VerifyUsers_button_Click(sender As Object, e As EventArgs) Handles VerifyUsers_button.Click
            ADSearch.CacheResults = False
            ADSearch.PropertiesToLoad.Add("sAMAccountName")
            ADSearch.PropertiesToLoad.Add("mail")
            ADSearch.PropertiesToLoad.Add("employeeID")
    
            For Each strUser As String In strUserList
                If Username_RB.Checked Then
                    ADSearch.Filter = "(&(objectCategory=Person)(objectCategory=user)(sAMAccountName=" & strUser & "))"
                ElseIf Email_RB.Checked Then
                    ADSearch.Filter = "(&(objectCategory=Person)(objectCategory=user)(mail=" & strUser & "))"
                ElseIf EmployeeID_RB.Checked Then
                    ADSearch.Filter = "(&(objectCategory=Person)(objectCategory=user)(employeeID=" & strUser & "))"
                End If
    
                Dim results As SearchResultCollection = ADSearch.FindAll()
                Dim result As SearchResult
                If results.Count = 1 Then 'Was > 0
                    'InitPanel2()
                    For Each result In results
                        If result.Properties.Contains("sAMAccountName") Then Users_verify_lb.Items.Add(result.Properties("sAMAccountName")(0))
                        If result.Properties.Contains("employeeID") Then Users_verify_lb.Items.Add(result.Properties("employeeID")(0))
                        If result.Properties.Contains("mail") Then Users_verify_lb.Items.Add(result.Properties("mail")(0))
                    Next
                End If
    
            Next
    
        End Sub
    
        Private Sub DisableUsers_button_Click(sender As Object, e As EventArgs) Handles DisableUsers_button.Click
    
            For Each strUser As String In strUserList
                If Username_Disable_RB.Checked Then
                    ADSearch.Filter = "(&(objectCategory=Person)(objectCategory=user)(sAMAccountName=" & strUser & "))"
                ElseIf Email_Disable_RB.Checked Then
                    ADSearch.Filter = "(&(objectCategory=Person)(objectCategory=user)(mail=" & strUser & "))"
                ElseIf EmpID_Disable_RB.Checked Then
                    ADSearch.Filter = "(&(objectCategory=Person)(objectCategory=user)(employeeID=" & strUser & "))"
                End If
    
                ADSearch.SearchScope = SearchScope.Subtree
                Dim results As SearchResult = ADSearch.FindOne()
                If Not results Is Nothing Then
                    Dim iVal As Integer = ADEntry.Properties("userAccountControl").Value
                    ADEntry.Properties("userAccountControl").Value = iVal Or &H2
                    ADEntry.CommitChanges()
                    ADEntry.Close()
                End If
            Next
        End Sub
    
    End Class

    It is failing on the part in bold.  Any suggestions on what I am doing wrong?

    Thank You

    Mark Evers

    Tuesday, October 24, 2017 6:25 PM

Answers

  •  It doesn't look like you are using the results instance, which is returned when you execute FindOne. Try the following instead:

                If Not results Is Nothing Then
                   Dim ADUser As DirectoryEntry = results.GetDirectoryEntry()
                   ADUser.NativeObject.AccountDisabled = True
                   ADUser.CommitChanges()
                End If 



    Paul ~~~~ Microsoft MVP (Visual Basic)

    • Marked as answer by Evers_mark Tuesday, October 24, 2017 8:56 PM
    Tuesday, October 24, 2017 8:48 PM

All replies

  •  It doesn't look like you are using the results instance, which is returned when you execute FindOne. Try the following instead:

                If Not results Is Nothing Then
                   Dim ADUser As DirectoryEntry = results.GetDirectoryEntry()
                   ADUser.NativeObject.AccountDisabled = True
                   ADUser.CommitChanges()
                End If 



    Paul ~~~~ Microsoft MVP (Visual Basic)

    • Marked as answer by Evers_mark Tuesday, October 24, 2017 8:56 PM
    Tuesday, October 24, 2017 8:48 PM
  • Modified, and that worked perfectly.

    Thank you.

    Tuesday, October 24, 2017 8:56 PM
  •  It doesn't look like you are using the results instance, which is returned when you execute FindOne. Try the following instead:

                If Not results Is Nothing Then
                   Dim ADUser As DirectoryEntry = results.GetDirectoryEntry()
                   ADUser.NativeObject.AccountDisabled = True
                   ADUser.CommitChanges()
                End If 



    Paul ~~~~ Microsoft MVP (Visual Basic)

    How would you get this to pass Option Strict On?

    Live as if you were going to die today, learn as if you were going to live forever -Mahatma Gandhi

    Friday, December 28, 2018 6:48 PM