views:

123

answers:

3

I am currently using PrincipalContext and UserPrincipal to return the users primary groupid.

How can I take this id and find the actual group name?

Also I have code that works correctly to assign the user's primary group, but once I assign them to the group I can not delete them from Domain Users which is the default primary group prior to my change. I have called Save() before trying to remove the domain users group.

My requirements state I must add the user to AD then assign their primary group and then remove them as a member of Domain Users.

+1  A: 

Without seeing your code, it is hard to know for sure, but it sounds like you're almost there! I had a similar task a few years ago and this blog article was very helpful to me. This Scripting Guy article talks about the steps in a little more detail.

I don't know if you can do this with System.DirectoryServices.AccountManagement stuff. Microsoft made some common AD tasks easier with that namespace, but I'd be surprised if this was one of them.

With regards to removing the "Domain Users" group assignment, that is not possible until the primary group has been changed.

This is untested pseudo-code, but I think something like this will work.

// get the group
DirectoryEntry groupToAdd = new DirectoryEntry("LDAP://" + groupDistinguishedName);
// add the member
groupToAdd.Properties["member"].Add(userDistinguishedName);
// commit and close
groupToAdd.CommitChanges();
groupToAdd.Close();

You said you already know how to assign the primary group, so once you've done that and committed it, you can remove the "Domain Users" membership.

//Get the domain users
DirectoryEntry domainUsers = new DirectoryEntry("LDAP://" + domainUserDistinguishedName);
// Remove the user from the domain user group
domainUsers.Properties["member"].Remove(userDistinguishedName);
//Commit the changes
domainUsers.CommitChanges();
domainUsers.Close();

For reference, here's a nice AD in C# overview. Hope this helps!

Josh
Josh, maybe I wasn't clear. I am not having problems adding/removing users from a group. I am having trouble determining what the groupname is for a given primaryGroupId. For example, I can use DirectoryEtnry.Properties.Contains("primaryGroupdId") and get back 1141 but I can't seem to find the group name when all I have is 1141.
madhatter84gn
A: 

Also, if PowerShell is an option, this looks like it will do almost exactly what you want.

Josh
A: 

Got it finally

 PrincipalContext principalContext = this.principalFactory.CreateActiveDirectoryManagementContext(locationType);
        UserPrincipal userPrincipal = this.principalFactory.CreateUserPrincipal(principalContext, userName);

        string primaryGroupId = userPrincipal.GetPrimaryGroupId();

        PrincipalSearchResult<Principal> results =
            userPrincipal.GetAuthorizationGroups();

        foreach (Principal principal in from principal in results
                                        let sid = principal.Sid.ToString()
                                        let test = sid.Split('-').ToList()
                                        let count = test.Count
                                        where test[count - 1].Equals(primaryGroupId)
                                        select principal)
        {
            return principal.Name;
        }

        return string.Empty;
madhatter84gn