Creating Groups in AD

J

Jason

I am trying to write code that creates groups in AD using the DirectoryEntry
object in .NET. (I used to be able to do this easily using VBScript...)

Anyways, the following code throws a VEY generic (and unhelpful) error
message. The most obvious reason is that I am not setting some required
property but I have no clue which property that may be. I cannot seem to
find any samples on how to manipulate groups (only on how to work with
users).

entry = New DirectoryEntry("LDAP://ou=MyGroups,dc=mydomain,dc=com")
group = entry.Children.Add("cn=test", "Group")
group.CommitChanges()

The exception thrown is "A constraint violation occurred".

Thanks,
Jason
 
G

Guest

Search for active directory and vb.net on google and you will find few
articles that will help.
 
J

Jason

I have already tried doing google searches but did so again with your
suggested criteria. No help. Have yet to find a single article on how to
create a group or what the minimum required fields are when creating said
group.

- Jason
 
W

Willy Denoyette [MVP]

This should work unless there is a privilege constraint, the user
credentials used to bind are those of the current user.
Therefore I suggest you execute the same code using explicit credentials of
a domain admin.

Willy.
 
M

Marc Scheuner [MVP ADSI]

I am trying to write code that creates groups in AD using the DirectoryEntry
object in .NET. (I used to be able to do this easily using VBScript...)

entry = New DirectoryEntry("LDAP://ou=MyGroups,dc=mydomain,dc=com")
group = entry.Children.Add("cn=test", "Group")
group.CommitChanges()

The exception thrown is "A constraint violation occurred".
Click to expand...

You also need to set at least the mandatory attributes, which includes
"sAMAccountName" !

entry = New DirectoryEntry("LDAP://ou=MyGroups,dc=mydomain,dc=com")
group = entry.Children.Add("cn=test", "Group")
group.Properties["sAMAccountName"].Value = "test";
group.CommitChanges()

Also, be aware that the SAM account name needs to be UNIQUE in your
domain! If it's not unique, the creation will fail.

Marc

================================================================
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch
 
J

Jason

Thanks Marc. That was it.

- Jason

Marc Scheuner said:
I am trying to write code that creates groups in AD using the
DirectoryEntry
object in .NET. (I used to be able to do this easily using VBScript...)

entry = New DirectoryEntry("LDAP://ou=MyGroups,dc=mydomain,dc=com")
group = entry.Children.Add("cn=test", "Group")
group.CommitChanges()

The exception thrown is "A constraint violation occurred".
Click to expand...

You also need to set at least the mandatory attributes, which includes
"sAMAccountName" !

entry = New DirectoryEntry("LDAP://ou=MyGroups,dc=mydomain,dc=com")
group = entry.Children.Add("cn=test", "Group")
group.Properties["sAMAccountName"].Value = "test";
group.CommitChanges()

Also, be aware that the SAM account name needs to be UNIQUE in your
domain! If it's not unique, the creation will fail.

Marc

================================================================
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Active Directory Throws An Error 1
How to read ACLs in AD with dotnet managed C# ? 1
Connect to a different domain in AD 1
There is a naming violation - Creating a contact object 2
Adding AD-user in AD-group 2
Iterate and List Members of an NT Group with LDAP 2
ADS/LDAP/System.DirectoryServices -> Get Users of Group 3
Global Group Info in Domain Local Group AD Query Help 3

Top