Menu
I am writing the following methods to add and remove users from active directory in C#.
void AddUserToGroup(string userId, string groupName); void RemoveUserFromGroup(string userId, string groupName); How best to implement these methods?
Here is some code from CodeProject. I can't see where the AD server is specified in these examples though? (is it implicitly supplied by the .NET framework when using the LDAP protocol?). Are these examples worth following?
public void AddToGroup(string userDn, string groupDn) { try { DirectoryEntry dirEntry = new DirectoryEntry("LDAP://" + groupDn); dirEntry.Properties["member"].Add(userDn); dirEntry.CommitChanges(); dirEntry.Close(); } catch (System.DirectoryServices.DirectoryServicesCOMException E) { //doSomething with E.Message.ToString(); } } public void RemoveUserFromGroup(string userDn, string groupDn) { try { DirectoryEntry dirEntry = new DirectoryEntry("LDAP://" + groupDn); dirEntry.Properties["member"].Remove(userDn); dirEntry.CommitChanges(); dirEntry.Close(); } catch (System.DirectoryServices.DirectoryServicesCOMException E) { //doSomething with E.Message.ToString(); } } 
864
Use Get-ADGroupMember cmdlet to List Members of an Active Directory Group. The PowerShell Get-ADGroupMember cmdlet is used to list the members of an Active Directory group. You can just type the cmdlet in a PowerShell window and you'll be prompted to enter the name of the group you want to use.
Go to “Active Directory Users and Computers”. Click on “Users” or the folder that contains the user account. Right click on the user account and click “Properties.”
Ugh. LDAP. If you're using the .Net Framework 3.5 or above, I highly recommend using the System.DirectoryServices.AccountManagement namespace. That makes things so much easier.
public void AddUserToGroup(string userId, string groupName) { try { using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "COMPANY")) { GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, groupName); group.Members.Add(pc, IdentityType.UserPrincipalName, userId); group.Save(); } } catch (System.DirectoryServices.DirectoryServicesCOMException E) { //doSomething with E.Message.ToString(); } } public void RemoveUserFromGroup(string userId, string groupName) { try { using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "COMPANY")) { GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, groupName); group.Members.Remove(pc, IdentityType.UserPrincipalName, userId); group.Save(); } } catch (System.DirectoryServices.DirectoryServicesCOMException E) { //doSomething with E.Message.ToString(); } } The server is part of the groupDn variable value. For example:
LDAP://myServer/CN=MyGroup,CN=Groups,CN=MyContainer,DN=mydomain.com
The whole thing is the LDAP path for the group. The first part (myServer) is the server name.
The part after the server name (e.g. CN=...) is the DN (distinguished name) of the group.
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
