Modifying user's group memberships using the System.DirectoryServices.Protocols (S.DS.P) Namespace

Hi everybody,

I am connecting to an Active Directory server using the System.DirectoryServices.Protocols namespace (this is necessary as the AD server lives in a different, untrusted domain to the web server; and the ADSI security does not allow us to connect using the DirectoryEntry classes.)

I am new to this namespace; but have made good progress recently. I can retrieve and modify user details, activate and deactivate their accounts, change their email address, telephone number, etc. and add new users into the directory. So I have got some familiarity with the classes and functionality which this namespace affords.

What is eluding me, however, is how I control a user's group memberships. I can list all the groups they belong to by way of the "memberOf" attribute - no problem. However, what if I want to add a user to a group? I have tried to use a "ModifyRequest" on this property, but just get errors - looking into it, I see that "memberOf" is a backlink to provide easy access to read-only what groups a member belongs to - fair enough.

A colleague has suggested that I look at it differently and start from the point of view of the groups- if I want to add a user to "MyGroup", instread of thinking along the lines of "Member.AddToGroup(MyGroup)" I think along the lines of "MyGroup.AddMember(member)".

However at the moment, I am at a loss.


Can anyone help?


Many thanks. 

6/17/2008 9:57:20 AM 2291 articles. 0 followers. Follow

2 Replies

Similar Articles

[PageSpeed] 40
Get it on Google Play
Get it on Apple App Store

I solved it, goes something like this:



Private Sub UpdateUserGroupMemberships()
            ' For each group which the user should be in, make sure they are a member of it.
            For Each groupName As String In Me.GroupMemberships
                ' Don't forget, groupName is the full, distinguished name.
                Dim id As New LdapDirectoryIdentifier(IPAddress)
                Dim creds As New NetworkCredential("Username", "Password")

                Using ldapConn As New LdapConnection(id, creds)
                    ldapConn.SessionOptions.ProtocolVersion = 3
                    ldapConn.SessionOptions.Signing = True
                    ldapConn.SessionOptions.Sealing = True
                    ldapConn.AuthType = AuthType.Negotiate

                    ' ** Build a query to find the object we're interested in **
                    Dim request As New SearchRequest("DC=Mydomain,DC=co,DC=uk", "(&(objectCategory=Group)(distinguishedName=" & groupName & "))", System.DirectoryServices.Protocols.SearchScope.Subtree)
                    ' ** Send the query to the LDAP server, and save the response into the private _SearchResponse object **
                    _SearchResponse = DirectCast(ldapConn.SendRequest(request), SearchResponse)

                    ' ** get all the existing group members **
                    Dim members As DirectoryAttribute = _SearchResponse.Entries(0).Attributes("member")

                    Dim existingGroupMembers As New List(Of String)

                    For i As Integer = 0 To members.Count - 1

                    ' If user is not currently in the group, add them:
                    If Not existingGroupMembers.Contains(Me._DistinguishedName) Then
                        Dim addMod As DirectoryAttributeModification = New DirectoryAttributeModification
                        addMod.Name = "member"
                        addMod.Operation = DirectoryAttributeOperation.Add

                        Dim addUserReq As ModifyRequest = New ModifyRequest(groupName, addMod)
                        Dim response As DirectoryResponse = ldapConn.SendRequest(addUserReq)
                    End If
                End Using
        End Sub
  Hope it helps somebody.
6/17/2008 11:01:52 AM

Nice! Actually I spent some time googling, trying to find an answer for you. But since I haven't worked with DirectoryServices.Protocols myself, the code wasn't obvious ;-) I'm sure your findings are valuable! Thanks for sharing!

If this post was useful to you, please mark it as answer. Thank you!
6/24/2008 6:21:40 AM

Similar Artilces:

changes made from one user's webpart's page, effects all user's
 I am just doing this offline right now in Visual Web Developer Express 2008I created the login inonce in the memberpage area, people can modify their webpart page. I created several users to test this out.  I loaded it in a browser.When I make changes as logged in user "A" .  Then logout and login as user "B", user "B,s" webpart page has been changed to user "A".This goes true for whomever I log in as.  It changes for everyone.Is there something specific I need to do in order to get everyone's changes to be unique for them...

Get User's Group on Active Directory
Hi! We have two servers, one running using an LDAP and the other using WinNT. I got the group/s of a particular user when logging on LDAP, but can't get the groups on WinNT. So my question is how can i return the group/s of a the logged user? DirectoryEntry entry = new DirectoryEntry("WinNT://DOMAIN/" + userLogged);return entry.Properties["FullName"].Value.ToString();// I tried entry.Properties["Group"].Value.ToString(), but to no effect.thanks. It's a little troublesome, but you should .Invoke the IADsMember::Groups method.  Read this entry here on how to do it and r...

rights or attributes needed to modify a user's group membership
We have a container admin who can change passwords, login scripts, but I need him to modify a user's group membership. What righs does he need to the container that I'd like for him to administer? wrote: > We have a container admin who can change passwords, login scripts, but I > need him to modify a user's group membership. > > What righs does he need to the container that I'd like for him to > administer? -- Craig Wilson CNE3, 4, 5 - MCSE - CCNA...

Compare a Group's objectSid to a user's primaryGroupId
Dunnry, this question is related to my quest that you solved yesterday about how to get a primary group for a user. The difference is this time I try to a a list of users that are member of a given group.When using the member property to get a list of members of a given Group (e.g. GroupA), it didn't list those users whose primaryGroup is GroupA. So I am thinking to use a filter like (primaryGroupID= GroupA's Objectsid) when search users.However, the GroupA's objestSid is byte[] type, and the primaryGroupID is int type. Though the method in yesterday's post "CreatePrimaryGroupSID" ...

How to determine an Active Directory user's full name for use in Visual Basic code
I'm looking for a way to pull specific user information from Active Directory based upon the logon of a user. For example: I would log into my company's Intranet using, but on the next page I would like John Smith to instead be displayed to welcome and more clearly identify the logged in user. For project purposes, the user's full name, not log on name, would be written to a SQL DB for quick identification. I have been to countless forums and blogs looking for an answer, but I am very new programming so I'm definitely missing some vital informa...

Use dddw's in reports or modify report sql to avoid dddw's
Is it more efficient to use dddw's in reports or to modify the report sql to avoid the use of dddw's. I am not sure how PB deals with dddw's in reports. Is the result set of the dddw cached in memory and than used by the report or is the dddw sql integrated into the reports sql like what occurs with database views and than sent to the database? I could not find any info on the net about this. Any help would be appreciated. I only recommend using DDDWs for data entry. If you're running a report that needs to show the "description" for a "code" val...

What's using each CPU
Hi, I have a NW65SP7 server running with a single quad core processor, and 8GB of RAM. If I go into NRM and choose "Profiling and Debug Information", and click on "Execution Profiling by NLM", the list is empty? I was guessing this would show me which threads or processes are using which CPU's. I can see in the health monitor and then clicking on each of the 4 CPU's that they are all being used, but I was curious what NLM's are using which and perhaps an average usage stat. Is there a simple way to accomplish this? Also if I go to "View...

Replace 1's and 0's in a gridview column with Yes's and No's
Is it possible to change the display of a column in a gridview to show a Yes for all 1's and a No for 0's that display in a particular column of a gridview bound to a database?  If so, can someone share the way with me?  I am using ASP.NET 2.0 with VB Code Behind.  Thanks One way you can do is thrrough  CASE in your select statement: Select YesNoColumn= CASE yourColumn WHEN 1 THEN 'Yes' WHEN 0 THEN 'No' ELSE '' END FROM YourtableLimno <Columns>     <asp:TemplateField HeaderText="yourHeader" SortExpression="yourDataField"> ...

It's Linux !? No, it's BSD ! No, no, it's...
kFreeBSD a Debian distro using the FreeBSD kernel ! ObiWan wrote: > kFreeBSD > > > > a Debian distro using the FreeBSD kernel ! Why use a BSD kernel? I hope the reason is more than, just because they can. It's easy to understand why the would want to use Debian packages. :) -- Jimmy Johnson Registered Linux User #380263 >> kFreeBSD >> >> >> ...

Unable to access user control's user control's function\property from another user control
Hi, I used to call an user control's user control function as stated below from my user control in ASP.Net 1.1 wucCompany.wucEmployee.GetEmployeeSomething() After migrating to ASP.Net 2.0, I am unable to use any properties/functions(even the public ones) of the user control's User control's from another user control.  The way I have to do is create property\function in wucCompany which calls the wucEmployee's property\function and call the wucDepartment.GetEmployeeSomething().Since I need to do this change in too many places, I can...

multiple SMTP's and different IP's, domain names to send email from this server using different SMTP's
Is anybody can help me with this 2 issues we have: 1. We need to have multiple SMTP's installed on our server - how do you do that 2. We need to rotate different IP's, domain names to send email from this server using different SMTP's          Thanks   Third party mail server.  Look at Smartermail or iMail, Exchange if you need that much. JeffPlease: Don't forget to click "Mark as Answer" on the post that helped you. That way future readers will know which post solved your issue. Is this only option? &n...

What's useful and what's fluff?
I've started reading ASP.Net Unleashed and the first chapter deals w/ ASP.Net Controls (e.g.: button, label, input, etc). As I read, it got me wondering about where to best focus my attention during my migration to ASP.Net. One of the things I've experienced over the years is that development languages, especially those tied to any visual RAD interface, tend to include a bunch of "neato" type features and controls that aren't used in day to day development. Most of the time, its because these "features" are actually quite constraining and add little to no value. I'm...

how to change a user's mailbox but keep the user's GW id
We have a user whose email has a space between her first name and middle name, which cause the problem in sending out email or receive email from the outside the network. Can someone advise how and where I suppose to change her email name to a valid name like from firstname Thank you very much! On Tue, 23 Oct 2007 15:27:51 +0000, April wrote: Duplicate. -- Joe Marton Novell Support Forum SysOp Novell does not officially monitor these forums! Use the Internet override - in ConsoleOne, GroupWise Tab, Inte...

login failed because user's IsApproved is false for user's account
Hi How can i detect if a user's login fails because their account is not approved yet (i.e IsApproved = false in Membership table) I am using a templated login control and if the user's login fails for this reason all that happens is that the FailureText control is displayed. How can i change the failure text if the user's account is not approved? thanks andrea Use Membership.GetUser Function this function Return a hydrated MembershipUser Object you can access its properties and check the validity see the link below

Web resources about - Modifying user's group memberships using the System.DirectoryServices.Protocols (S.DS.P) Namespace -

Tag Synonyms - Stack Overflow
Q&A for professional and enthusiast programmers

protocols(5) OS X Manual Page
HTML versions of the OS X, OS X Server, Xcode Tools, and CHUD man pages.

Source Browser
Source Browser Name Size Parent Directory - Apple16X50Serial/ - Apple3Com3C90x/ - AppleAC97Audio/ - AppleADBButtons/ - AppleADBDisplay/ - AppleADBKeyboard/ ...

CORE Security
Skip to main content Search form Search this site Solutions By Need Intelligent Vulnerability Management Security Risk Management Enterprise ...

How To Reset Your Password Without A System Disk [OS X Tips] Have you lost your Mac password? Are you unable to get into your computer because of it? Apple lets you restore your ...

.NET Framework 3.5
Daniel Moth technical blog on Microsoft technologies such as Visual Studio, .NET, parallel computing, debugging and others.

Div Rotation Using HTML5 and CSS3
In this article I describe rotation of a Div or Element using HTML 5 and CSS3.

- Gist is a simple way to share snippets of text and code with others.

PowerShell or Die –
Such a strong title, but I think it sums up my view on the question of “Should I bother with PowerShell?” quite nicely. I know I’m late to the ...

Apple Magic Triangle Deployment Results
For all intensive purposes, the migration went fairly smoothly. The client was quite happy with the result, although the users of the network ...

Resources last updated: 1/20/2016 6:16:49 PM