Using the System.DirectoryServices.Protocols namespace to add/modify attributes on an Active Directory group. Code:
public void UpdateProperties(Dictionary<string, string> Properties) {
List<DirectoryAttributeModification> directoryAttributeModifications;
// ... Code to convert Properties dictionary to directoryAttributeModifications
// There is one 'Add' modification, to set the 'description' of the group
ModifyRequest modifyRequest = new ModifyRequest(groupDistinguishedName, directoryAttributeModifications.ToArray());
modifyRequest.Controls.Add(new PermissiveModifyControl());
ModifyResponse response = connection.SendRequest(modifyRequest) as ModifyResponse;
The PermissiveModifyControl is intended to keep the code from failing if the description already exists. The only information on PermissiveModifyControl I've found is here:
http://msdn.microsoft.com/en-us/library/bb332056.aspx
which states:
An LDAP modify request will normally fail if it attempts to add an attribute that already exists or if it attempts to delete an attribute that does not exist. With
PermissiveModifyControlthe modify operation succeeds without throwing aDirectoryOperationExceptionerror.
However, when the above code gets to the SendRequest(), it throws a DirectoryOperationException: "The attribute exists or the value has been assigned."
What I'm trying to avoid is having to query every property in the collection being passed; if it exists, create a Replace DirectoryAttributeModification; if it doesn't, create an Add instead. From what I can glean, PermissiveModifyControl is supposed to do just that.
Can anyone shed some light on why PermissiveModifyControl still throws a DirectoryOperationException, and how to properly use it?
Thanks in advance! James