Menu
Simple question but I can't find the answer anywhere: is Active Directory transaction-aware?
In other words, will the following change be rolled back (since I didn't call scope.Complete()):
using (var scope = new TransactionScope())
{
DirectoryEntry entry = ...;
entry.Properties["givenName"].Value = "New Given Name";
entry.CommitChanges();
}
If not, is it possible to enable this somehow? Right now I have code that performs database updates and corresponding AD updates and I have compensating logic for the AD updates if they somehow fail. This solution is far from optimal.
Kind regards, Ronald Wildenberg
410
What Is Active Directory? Active Directory is a directory service/identity provider that enables administrators to connect users to Windows-based IT resources. Further, with AD, IT can manage and secure their Windows-based systems and applications.
Tens of thousands of companies use Microsoft Active Directory, including about 90 percent of Fortune 1000 companies. In recent years, some users have switched to Microsoft Azure Active Directory, which is a cloud-based identity and access management solution that works much in the same way as the original AD.
Benefits of Active Directory. Active Directory simplifies life for administrators and end users while enhancing security for organizations. Administrators enjoy centralized user and rights management, as well as centralized control over computer and user configurations through the AD Group Policy feature.
Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks.
Short answer is - no. ActiveDirectory is essentially an LDAP implementation (with some fancy extensions but at it's core it is still LDAP). Neither the LDAP protocols nor the specs have the concept of transactions so this really isn't possible.
It would be possible to emulate transactions on the client side but you'd have to do that yourself or use Spring which, I believe, will do that for you - obviously this is not as safe as server side transactions that you'd expect from a DB. A note on Spring - I'm not completely sure that Spring.NET supports 'transactions' for LDAP yet but they have something like that in the Java implementation of Spring. It might be worth a look.
From reading the docs on the CommitChanges method it just says that it sends your changes to the server - if it doesn't make a point of saying that they are transaction safe I would assume that they're not.
Some random thoughts - I guess it would be possible that Microsoft could add something like this onto ActiveDirectory (as it is more than just LDAP) but they probably won't if they haven't yet.
117
No. LDAP doesn't directly support transactions, however, it is possible to 'roll your own' solution by writing an enlistment class that implements the IEnlistmentNotification Interface. IEnlistmentNotification works with both explicit and implicit transactions in the System.Transactions namespace.
You can find more documentation (and an example) here: https://msdn.microsoft.com/en-us/library/system.transactions.ienlistmentnotification(v=vs.110).aspx
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
