开发者

Inexplainable InvalidOperationException with GroupPrincipal and SAM PrincipalContext

开发者 https://www.devze.com 2022-12-17 05:27 出处:网络
I am trying to create a Principal like this: PrincipalContext pc = new PrincipalContext(ContextType开发者_如何学Go.Machine);

I am trying to create a Principal like this:

PrincipalContext pc = new PrincipalContext(ContextType开发者_如何学Go.Machine);
GroupPrincipal group = new GroupPrincipal(pc);

group.Name = "Some Group Name";
group.Description = "Some Group Name Description";

group.Save();

However, when the code is executed, I get the following exception message:

System.DirectoryServices.AccountManagement: Property is not valid for this store type.

If I do not set the Description property, the above code works perfectly fine, just doesn’t have a description for a group.

Am I doing something wrong?

Thanks in advance.

EDIT: I believe I have found a work-around for this (for anyone who maybe interested). A group can be created in the same way as above:

PrincipalContext pc = new PrincipalContext(ContextType.Machine);
GroupPrincipal group = new GroupPrincipal(pc);
group.Save();

Now you create a DirectoryEntry and link it to the newly created Group like this:

string path = "WinNT://" + machineName + "/" + group.SamAccountName;
DirectoryEntry dEntry = new DirectoryEntry(path);

This allows access to the Properties of that group, but the one I was interested in is Description, so:

dEntry.Properties["description"].Add("Some Decription");
dEntry.CommitChanges();

And that should do it.


Answer rewritten

I've got your answer, but you may not really like it. The information on the internet is scarce, but in code, it is explainable:

  • When you create your GroupPrincipal, a Context is added to it. This Context is internally of a hidden type: SAMStoreCtx, which inherits from an abstract type StoreCtx;
  • Each property on the GroupPrincipal that you call will call IsValidProperty, an internal member of SamStoreCtx;
  • However, it doesn't do so for the Name property;
  • Inside SAMStoreCtx, there's a piece of code that looks as follows (Reflector output):

    internal override bool IsValidProperty(Principal p, string propertyName)
    {
        ObjectMask none = ObjectMask.None;
        if (!ValidPropertyMap.TryGetValue(propertyName, out none))
        {
            return false;
        }
        if ((MaskMap[p.GetType()] & none) <= ObjectMask.None)
        {
            return false;
        }
        return true;
    }
    
  • Look closely at that code (it took me a moment) and you'll spot the bug. The line comparing a bit flag to none using the and-operator will always result in ObjectMask.None. The second if-statement is therefor always true.
  • The calling code (the Property Settor of Description) throws an exception when this method returns false.

I believe this to be a bug in the Microsoft library. It only happens with the SAMStoreCtx. Perhaps it is on purpose, but because the code is there but always returns false makes me believe the programmers intended the use of the or-operator instead. Checking my findings with other properties like DisplayName throws the same exception as expected.

You can contact Microsoft about this and show them this thread. I haven't checked the new betas of .NET 4.0 which might show up differently. You can check this for yourself by downloading Reflector and loading the relevant .NET assembly.

EDIT: I've contacted Microsoft for you and reported the bug through connect.microsoft.com here. You can follow the issue there if you like.


You can use the GetUnderlyingObject to get the DirectoryEntry for the group instead of searching for it.

var newGroup = new GroupPrincipal(context, groupName);

// You must save first           
newGroup.Save();

var entry = (DirectoryEntry) newGroup.GetUnderlyingObject();

entry.Properties["description"].Add(description);
entry.CommitChanges(); 
0

精彩评论

暂无评论...
验证码 换一张
取 消