Set NTFS Permissions with DirectorySecurity after created Active Dirctory Groups

Question

I am a little confused about setting NTFS Permissions to a directory after I created Active Directory Groups (both programmatically). When I created the Active Directory Objects then I have to wait a few seconds to set the NTFS Permissions. If I have not this timeout then I get sometimes an error message that the identify (active directory groupname) could not found. Is it possible that the DirectorySecurity-Class from DirectoryInfo-Class has an different algorithm to get the idenfity from active directory objects? Because when I checking the existing of the groups in active directory with System.DirectoryServices all the objects exist suddenly after creation.

Answer 1

I have to use the SID from the AD Objects and use the SecurityIdentifier-Class for the identity. So when I set the permission now with a SecurityIdenfitier there won't be a translate from NTAccount and all works fine!

Answer 2

You may also be able to solve this by assign the permissions using the same DirectoryEntry reference that you used to create the security principal.