I'm trying to create nested security groups in an active directory, with the following code:
DirectoryEntry newContainer = dirEntry.Children.Add("CN=" + groupName, "group");
newContainer.Properties["description"].Value = groupId;
开发者_开发技巧GrpType gt = GrpType.GlobalGrp | GrpType.SecurityGrp;
int typeNum = (int)gt;
newContainer.Properties["groupType"].Add(typeNum);
newContainer.Properties["sAMAccountName"].Add(groupName);
newContainer.CommitChanges();
I get no problem when creating the first level groups, but when I try to create a sub-security group inside these groups, I get a "Naming violation" error, with no further answer.
And by the way, I can manually create those security groups.
According to the help you can find in : Howto: (Almost) Everything In Active Directory via C#
Here is an example of what you want to do whith ADSI :
/* Connection to Active Directory
*/
DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/ou=Monou,dc=dom,dc=fr", "user", "password");
/* Group1 creation
*/
DirectoryEntry aGrp1 = deBase.Children.Add("cn=yourGrp1", "group");
aGrp1.Properties["description"].Value = "The description you want";
aGrp1.Properties["groupType"].Add(ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP | ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED);
aGrp1.Properties["sAMAccountName"].Add("yourGrp1");
aGrp1.CommitChanges();
/* Group2 creation
*/
DirectoryEntry aGrp2 = deBase.Children.Add("cn=yourGrp2", "group");
aGrp2.Properties["description"].Value = "The description you want";
aGrp2.Properties["groupType"].Add(ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP | ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED);
aGrp2.Properties["sAMAccountName"].Add("yourGrp2");
aGrp2.CommitChanges();
/* Group2 MemberOf Group1
*/
aGrp1.Properties["Member"].Add(aGrp2.Properties["distinguishedName"].Value);
aGrp1.CommitChanges();
With Security Principals introduced with Framework .NET 3.5 you can do the same thing in a shortest way see : Managing Directory Security Principals in the .NET Framework 3.5
I will back later with it and then maybe better code
精彩评论