Adding and removing users from Active Directory groups in .NET

Question

I am writing the following methods to add and remove users from active directory in C#.

void AddUserToGroup(string userId, string groupName); void RemoveUserFromGroup(string userId, string groupName); 

How best to implement these methods?

Here is some code from CodeProject. I can't see where the AD server is specified in these examples though? (is it implicitly supplied by the .NET framework when using the LDAP protocol?). Are these examples worth following?

public void AddToGroup(string userDn, string groupDn) {     try     {         DirectoryEntry dirEntry = new DirectoryEntry("LDAP://" + groupDn);         dirEntry.Properties["member"].Add(userDn);         dirEntry.CommitChanges();         dirEntry.Close();     }     catch (System.DirectoryServices.DirectoryServicesCOMException E)     {         //doSomething with E.Message.ToString();      } }   public void RemoveUserFromGroup(string userDn, string groupDn) {     try     {         DirectoryEntry dirEntry = new DirectoryEntry("LDAP://" + groupDn);         dirEntry.Properties["member"].Remove(userDn);         dirEntry.CommitChanges();         dirEntry.Close();     }     catch (System.DirectoryServices.DirectoryServicesCOMException E)     {         //doSomething with E.Message.ToString();      } } 

Answer 1

Ugh. LDAP. If you're using the .Net Framework 3.5 or above, I highly recommend using the System.DirectoryServices.AccountManagement namespace. That makes things so much easier.

public void AddUserToGroup(string userId, string groupName)  {      try      {          using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "COMPANY"))         {             GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, groupName);             group.Members.Add(pc, IdentityType.UserPrincipalName, userId);             group.Save();         }     }      catch (System.DirectoryServices.DirectoryServicesCOMException E)      {          //doSomething with E.Message.ToString();       }  }   public void RemoveUserFromGroup(string userId, string groupName) {        try      {          using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "COMPANY"))         {             GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, groupName);             group.Members.Remove(pc, IdentityType.UserPrincipalName, userId);             group.Save();         }     }      catch (System.DirectoryServices.DirectoryServicesCOMException E)      {          //doSomething with E.Message.ToString();       } } 

Answer 2

The server is part of the groupDn variable value. For example:

LDAP://myServer/CN=MyGroup,CN=Groups,CN=MyContainer,DN=mydomain.com

The whole thing is the LDAP path for the group. The first part (myServer) is the server name.

The part after the server name (e.g. CN=...) is the DN (distinguished name) of the group.