How to add a new Windows user to the Users group by default

Question

I have a piece of code that creates a Windows user. Everything is fine and the user is indeed created. However, when I try to pinvoke LoadUserProfile, the operation fails, because the user is not in the Users group. Now, I know how to pragmatically add this user to the Users group, but I dont want to hard-code group name "Users", since it might change depending on the locale. Is there a way to add the user to the Users group by default (by the way, runas user /add command already does that)?

DirectoryEntry dirEntry = new DirectoryEntry("WinNT://" + domain);
DirectoryEntries entries = dirEntry.Children;
DirectoryEntry user = entries.Add(username, "User");
user.Properties["FullName"].Add("Dr Zoidberg");
user.Invoke("SetPassword", password);
user.CommitChanges();

Answer 1

Windows and Active Directory have a numberof "Well-Known SIDs" which are the security identifiers for builtin accounts and groups. You can use the well-known SID to bind to the Users group because it will not change regardless of the locale. An admin can even rename the Users group to something else, but the SID will remain the same.

The well-known SIDs are enumerated in System.Security.Principal.WellKnownSidType

See http://msdn.microsoft.com/en-us/library/system.security.principal.wellknownsidtype.aspx for more details.