开发者

Trying to create nested security groups in Active Directory

开发者 https://www.devze.com 2023-03-21 12:03 出处:网络
I\'m trying to create nested security groups in an active directory, with the following code: DirectoryEntry newContainer = dirEntry.Children.Add(\"CN=\" + groupName, \"group\");

I'm trying to create nested security groups in an active directory, with the following code:

DirectoryEntry newContainer = dirEntry.Children.Add("CN=" + groupName, "group");
newContainer.Properties["description"].Value = groupId;

开发者_开发技巧GrpType gt = GrpType.GlobalGrp | GrpType.SecurityGrp;
int typeNum = (int)gt;

newContainer.Properties["groupType"].Add(typeNum);
newContainer.Properties["sAMAccountName"].Add(groupName);

newContainer.CommitChanges();

I get no problem when creating the first level groups, but when I try to create a sub-security group inside these groups, I get a "Naming violation" error, with no further answer.

And by the way, I can manually create those security groups.


According to the help you can find in : Howto: (Almost) Everything In Active Directory via C#

Here is an example of what you want to do whith ADSI :

/* Connection to Active Directory
 */
DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/ou=Monou,dc=dom,dc=fr", "user", "password");

/* Group1 creation
 */
DirectoryEntry aGrp1 = deBase.Children.Add("cn=yourGrp1", "group");
aGrp1.Properties["description"].Value = "The description you want";
aGrp1.Properties["groupType"].Add(ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP | ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED);
aGrp1.Properties["sAMAccountName"].Add("yourGrp1");
aGrp1.CommitChanges();

/* Group2 creation
 */
DirectoryEntry aGrp2 = deBase.Children.Add("cn=yourGrp2", "group");
aGrp2.Properties["description"].Value = "The description you want";
aGrp2.Properties["groupType"].Add(ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_GLOBAL_GROUP | ADS_GROUP_TYPE_ENUM.ADS_GROUP_TYPE_SECURITY_ENABLED);
aGrp2.Properties["sAMAccountName"].Add("yourGrp2");
aGrp2.CommitChanges();

/* Group2 MemberOf Group1
 */
aGrp1.Properties["Member"].Add(aGrp2.Properties["distinguishedName"].Value);
aGrp1.CommitChanges();

With Security Principals introduced with Framework .NET 3.5 you can do the same thing in a shortest way see : Managing Directory Security Principals in the .NET Framework 3.5


I will back later with it and then maybe better code

0

精彩评论

暂无评论...
验证码 换一张
取 消