I'm trying to use System.DirectoryServices to update Active Directory from a
Web Service. When I try to commit the changes, I get the following error
message:
"A constraint violation occurred. (Exception from HRESULT: 0x8007202F)"
My code is like this:
<code>
*** method signature and stuff ***
try
{
*** Some other code *** (assignments etc)
// Connect to the Art and Design school directory entry
DirectoryEntry de = new
DirectoryEntry("LDAP://oursever.our.domain:389/OU=Art and
Design,OU=Student,OU=Development,OU=User
Accounts,DC=internal,DC=uwic,DC=ac,DC=uk", "AnAdminUser", "apwd");
// Get the children of the directory entry and then add to the Children
collection
DirectoryEntries users = null; // The Children Collection
DirectoryEntry user; // The user to Add()
if (de != null)
users = de.Children; // Throws COMException on failure
else
throw new Exception("The Directory Entry is null");
// Add the new child, passing in the
user = users.Add("CN=asurname aforename(dv04002701)", "user");
user.Properties["distinguishedName"].Add("CN=asurname
aforename(dv04002701),OU=Art and Design,OU=Student,OU=User Accounts);
user.Properties["cn"].Add("asurname aforename(dv04002701)");
user.Properties["description"].Add(aString);
user.Properties["title"].Add(aString);
user.Properties["givenName"].Add(aForename);
user.Properties["displayName"].Add(aSurname + ", " + aForename);
user.Properties["company"].Add(anEmailAddress);
user.Properties["mail"].Add("dv04002701");
user.Properties["name"].Add(aSurname.ToLower() + " " + aForename.ToLower() +
"(dv04002701)");
user.Properties["userPassword"].Add(aPassword);
//user.Properties["accountDisabled"].Add(false); // Gives error "The
specified directory service attribute or value does not exist." if included
//user.Properties["passwordExpired"].Add(false); // Gives error "The
specified directory service attribute or value does not exist." if included
user.Properties["objectCategory"].Add(anObjectCategory);
user.Properties["objectClass"].Add(anObjectClass);
user.Properties["sAMAccountName"].Add("dv04002701");
user.Properties["instanceType"].Add(4);
user.CommitChanges();
}
catch (COMException ce)
{
string m = ce.Message; // For debug only
throw RaiseException("GetException", "WSSoapException", ce.Message,
"2000", ce.Source, FaultCode.Server);
}
catch (Exception ex)
{
string m = ex.Message; // For debug only
throw RaiseException("GetException", "WSSoapException", ex.Message,
"2000", ex.Source, FaultCode.Server);
}
</code>
According to ADSI Edit, the following fields are mandatory:
- cn
- instanceType
- objectCategory
- objectClass
- sAMAccountName
The user I give has full permissions on Active Directory.
The exception is thrown on the call to CommitChanges().
Putting CommitChanges immediately after the call to Add() gives the same
error. Calling RefreshCache() on the DirecoryEntry (de) immediately after
the call to Add() returns with no error.
Can anyone help?
Peter
5  21131 
"Peter Bradley" <pb******@uwic.ac.ukwrote in message
news:%2****************@TK2MSFTNGP06.phx.gbl...
I'm trying to use System.DirectoryServices to update Active Directory from a Web Service.
When I try to commit the changes, I get the following error message:
"A constraint violation occurred. (Exception from HRESULT: 0x8007202F)"
My code is like this:
<code>
*** method signature and stuff ***
try
{
*** Some other code *** (assignments etc)
// Connect to the Art and Design school directory entry
DirectoryEntry de = new DirectoryEntry("LDAP://oursever.our.domain:389/OU=Art and
Design,OU=Student,OU=Development,OU=User Accounts,DC=internal,DC=uwic,DC=ac,DC=uk",
"AnAdminUser", "apwd");
// Get the children of the directory entry and then add to the Children collection
DirectoryEntries users = null; // The Children Collection
DirectoryEntry user; // The user to Add()
if (de != null)
users = de.Children; // Throws COMException on failure
else
throw new Exception("The Directory Entry is null");
// Add the new child, passing in the
user = users.Add("CN=asurname aforename(dv04002701)", "user");
user.Properties["distinguishedName"].Add("CN=asurname aforename(dv04002701),OU=Art and
Design,OU=Student,OU=User Accounts);
user.Properties["cn"].Add("asurname aforename(dv04002701)");
user.Properties["description"].Add(aString);
user.Properties["title"].Add(aString);
user.Properties["givenName"].Add(aForename);
user.Properties["displayName"].Add(aSurname + ", " + aForename);
user.Properties["company"].Add(anEmailAddress);
user.Properties["mail"].Add("dv04002701");
user.Properties["name"].Add(aSurname.ToLower() + " " + aForename.ToLower() +
"(dv04002701)");
user.Properties["userPassword"].Add(aPassword);
//user.Properties["accountDisabled"].Add(false); // Gives error "The specified
directory service attribute or value does not exist." if included
//user.Properties["passwordExpired"].Add(false); // Gives error "The specified directory
service attribute or value does not exist." if included
user.Properties["objectCategory"].Add(anObjectCategory);
user.Properties["objectClass"].Add(anObjectClass);
user.Properties["sAMAccountName"].Add("dv04002701");
user.Properties["instanceType"].Add(4);
user.CommitChanges();
}
catch (COMException ce)
{
string m = ce.Message; // For debug only
throw RaiseException("GetException", "WSSoapException", ce.Message, "2000", ce.Source,
FaultCode.Server);
}
catch (Exception ex)
{
string m = ex.Message; // For debug only
throw RaiseException("GetException", "WSSoapException", ex.Message, "2000", ex.Source,
FaultCode.Server);
}
</code>
According to ADSI Edit, the following fields are mandatory:
- cn
- instanceType
- objectCategory
- objectClass
- sAMAccountName
The user I give has full permissions on Active Directory.
The exception is thrown on the call to CommitChanges().
Putting CommitChanges immediately after the call to Add() gives the same error. Calling
RefreshCache() on the DirecoryEntry (de) immediately after the call to Add() returns with
no error.
Can anyone help?
Peter
Remove all this:
user.Properties["userPassword"].Add(aPassword);
//user.Properties["accountDisabled"].Add(false); // Gives error "The
specified directory service attribute or value does not exist." if included
//user.Properties["passwordExpired"].Add(false); // Gives error "The
specified directory service attribute or value does not exist." if included
user.Properties["objectCategory"].Add(anObjectCategory);
user.Properties["objectClass"].Add(anObjectClass);
user.Properties["instanceType"].Add(4);
These properties can't be set like this.
The password can only be set by calling the SetPassword method, using
user.Invoke("SetPassword", password );
but you can only do this after the user has been comitted.
accountDisabled can only be set by means of the userAccountControl property, something like
this will do:
user.Properties["userAccountControl"].Add(ADS_UF_NORMAL_ACCOUNT|ADS_UF_PASSWD_CANT_CHAN GE);
search MSDN for the values of ADS_UF_XXXXX, or add a reference to activeds.tlb to your
project.
all other properties are added automatically and are tied to the "user" type object.
Willy.
Remove all this:
>
user.Properties["userPassword"].Add(aPassword);
//user.Properties["accountDisabled"].Add(false); // Gives error "The
specified directory service attribute or value does not exist." if
included
//user.Properties["passwordExpired"].Add(false); // Gives error "The
specified directory service attribute or value does not exist." if
included
user.Properties["objectCategory"].Add(anObjectCategory);
user.Properties["objectClass"].Add(anObjectClass);
user.Properties["instanceType"].Add(4);
These properties can't be set like this.
The password can only be set by calling the SetPassword method, using
user.Invoke("SetPassword", password );
but you can only do this after the user has been comitted.
accountDisabled can only be set by means of the userAccountControl
property, something like this will do:
user.Properties["userAccountControl"].Add(ADS_UF_NORMAL_ACCOUNT|ADS_UF_PASSWD_CANT_CHAN GE);
search MSDN for the values of ADS_UF_XXXXX, or add a reference to
activeds.tlb to your project.
all other properties are added automatically and are tied to the "user"
type object.
Willy.
Many thanks for that Willy.
In actual fact I managed to get it to work without removing any of those.
The spec was wrong. The objectCategory, according to the spec, was to be
set to "Person". In fact it needed to be set to
"CN=Person,CN=Schema,CN=Configuration,DC=internal, DC=uwic,DC=ac,DC=uk".
The objectCategory, objectClass and instanceType properties all appear to
have been set correctly.
However you may well be correct about the setting of the password and the
other things. I notice the account is disabled in AD.
Cheers
Peter
"Peter Bradley" <pb******@uwic.ac.ukwrote in message
news:%2***************@TK2MSFTNGP02.phx.gbl...
>Remove all this:
user.Properties["userPassword"].Add(aPassword);
//user.Properties["accountDisabled"].Add(false); // Gives error "The
specified directory service attribute or value does not exist." if included
//user.Properties["passwordExpired"].Add(false); // Gives error "The
specified directory service attribute or value does not exist." if included
user.Properties["objectCategory"].Add(anObjectCategory);
user.Properties["objectClass"].Add(anObjectClass);
user.Properties["instanceType"].Add(4);
These properties can't be set like this.
The password can only be set by calling the SetPassword method, using
user.Invoke("SetPassword", password );
but you can only do this after the user has been comitted.
accountDisabled can only be set by means of the userAccountControl property, something
like this will do:
user.Properties["userAccountControl"].Add(ADS_UF_NORMAL_ACCOUNT|ADS_UF_PASSWD_CANT_CHAN GE);
search MSDN for the values of ADS_UF_XXXXX, or add a reference to activeds.tlb to your
project.
all other properties are added automatically and are tied to the "user" type object.
Willy.
Many thanks for that Willy.
In actual fact I managed to get it to work without removing any of those. The spec was
wrong. The objectCategory, according to the spec, was to be set to "Person". In fact it
needed to be set to
"CN=Person,CN=Schema,CN=Configuration,DC=internal, DC=uwic,DC=ac,DC=uk".
That's correct, but you don't have to set it, it's set automatically when you add the "user"
object type to the container (as user is a person after all).
The objectCategory, objectClass and instanceType properties all appear to have been set
correctly.
However you may well be correct about the setting of the password and the other things. I
notice the account is disabled in AD.
Yep, you can't set some attributes like this, some can be set through the
"userAccountControl" property while others need to be set by explicit method calls. Please
refer to the ADSI docs for details .
Willy.
Yep, you can't set some attributes like this, some can be set through the
"userAccountControl" property while others need to be set by explicit
method calls. Please refer to the ADSI docs for details .
Willy.
Thanks Willy. I've got there in the end. Certainly the accounts are now
enabled when created, and I'm pretty sure that a password has been created.
The only thing I don't appear to be able to do is to set the
userAccountControl property directly at all. I notice that the
documentation says, "This value is set by the system". It seems to set it
to 544 (rather than the 531 the user wanted), but I notice that a lot of
live accounts already on the system have this value (544), too.
So I'm letting my users check over the accounts I've created to see if
they're happy with them.
(Another problem solved by indirection)
:)
Peter
"Peter Bradley" <pb******@uwic.ac.ukwrote in message
news:eT*************@TK2MSFTNGP03.phx.gbl...
>Yep, you can't set some attributes like this, some can be set through the
"userAccountControl" property while others need to be set by explicit method calls.
Please refer to the ADSI docs for details .
Willy.
Thanks Willy. I've got there in the end. Certainly the accounts are now enabled when
created, and I'm pretty sure that a password has been created. The only thing I don't
appear to be able to do is to set the userAccountControl property directly at all. I
notice that the documentation says, "This value is set by the system". It seems to set it
to 544 (rather than the 531 the user wanted), but I notice that a lot of live accounts
already on the system have this value (544), too.
So I'm letting my users check over the accounts I've created to see if they're happy with
them.
(Another problem solved by indirection)
:)
Peter
Weird, what the user wanted (544) means: normal user, account disabled, account locked-out
and logon script enabled.
what you have set is: normal account and password not required.
Don't know how you tried to set userAccountControl, but IMO you got it wrong.
Mind to post some code?
Willy. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: hykim |
last post by:
Hello, everyone.
according to MSDN, there is any constructor of
System.DirectoryServices.SearchResultCollection Class.
if I implement DirectorySearcher.FindAll() method by myself, then how can I...
|
by: Jason Gleason |
last post by:
I am using the following method in a web service that utilizes the
system.directoryservices namespace:
public ArrayList GetAllAppPools(){
System.DirectoryServices.DirectoryEntry apppools = new...
|
by: D. Dante Lorenso |
last post by:
I'm trying to build a table that will store a history of records
by enumerating the records. I want the newest record to always
be number ZERO, so I created a trigger on my table to handle the...
|
by: ferg |
last post by:
I have a Customer table. The table has two different CHECK constraints.
Then there is the Customer details dialog, which provides the user with
an UI for changing users. I have some UPDATE sql,...
|
by: Luqman |
last post by:
I have created a form using single Table which has customerId and
companyName field, using Typed Dataset.
Now, if I click on Delete Button of Binding Navigator, the Customer Record
is deleted...
|
by: Richard Weeks |
last post by:
My question, stated as simply as possible, is: must a constraint
violation, as defined by the standard, cause compilation to halt?
I believe that in the presence of a constraint violation, at...
|
by: Pietro Cerutti |
last post by:
Dear all,
I would like to open another topic to try to clarify a doubt raised on
my previous post today with the subject 'printf("%d%d%d")'.
Reading through the standard, I cannot find a clear...
|
by: =?Utf-8?B?SmVycnkgQw==?= |
last post by:
I am using this code to get groups for a user and getting a error (5) on the
GetAuthorizationGroups() function .
There are two domains.
This function works on the local domain but does not work...
|
by: rorajoey |
last post by:
Violation of UNIQUE KEY constraint 'IX_surveyQuestions'. Cannot insert duplicate key in object 'dbo.surveyQuestions'.
This might seem like a simple matter of trying to insert a row with ID=20 when...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |
