I'm writing a utility to manage a machines *local* accounts in c#
I am getting all the users in a specific Group just fine but when I
want to get some of the information on each user from their Properties
collection I can't get the properties on some users.
For example, I get all the users that are part of my machines
Administrators Group. I get get the properties of the built in local
Administrator account and some local IT account, and the Domain Admins
account but some of the users, I think the users that are on the domain
(I'm not sure) that are added to the local group throw an "Access is
denied" error when trying to do something like this;
if (user.Properties["Description"].Value != null)
lbUsers.Items.Add(user.Properties["Description"].Value.ToString());
I'm getting these users using this code;
DirectoryEntry localMachine = new DirectoryEntry("WinNT://" +
Environment.MachineName + ",Computer");
DirectoryEntry admGroup = localMachine.Children.Find("Administrators",
"group");
object members = admGroup.Invoke("members", null);
anybody have any ideas?
thanks
mike
PS If you want to reply directly instead of on the group, remove the x
from my email address. I get enough spam as it is and found when I post
to these groups my spam nearly doubles.
5  13143 
Are you logged in with a local machine account or a domain account when you
do this? Perhaps you don't have domain creds and therefore don't have
permission to read values out of AD? AD typically doesn't allow
unauthenticated users to query it. You get a different error with the LDAP
provider (which is what I'm more familiar with), but the error you are
getting with WinNT makes sense to me in this context.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net
--
"Michael Howes" <mh****@xfortebio.comwrote in message
news:eW**************@TK2MSFTNGP04.phx.gbl...
>
I'm writing a utility to manage a machines *local* accounts in c#
I am getting all the users in a specific Group just fine but when I want
to get some of the information on each user from their Properties
collection I can't get the properties on some users.
For example, I get all the users that are part of my machines
Administrators Group. I get get the properties of the built in local
Administrator account and some local IT account, and the Domain Admins
account but some of the users, I think the users that are on the domain
(I'm not sure) that are added to the local group throw an "Access is
denied" error when trying to do something like this;
if (user.Properties["Description"].Value != null)
lbUsers.Items.Add(user.Properties["Description"].Value.ToString());
I'm getting these users using this code;
DirectoryEntry localMachine = new DirectoryEntry("WinNT://" +
Environment.MachineName + ",Computer");
DirectoryEntry admGroup = localMachine.Children.Find("Administrators",
"group");
object members = admGroup.Invoke("members", null);
anybody have any ideas?
thanks
mike
PS If you want to reply directly instead of on the group, remove the x
from my email address. I get enough spam as it is and found when I post to
these groups my spam nearly doubles.
Are you logged in with a local machine account or a domain account when you
do this? Perhaps you don't have domain creds and therefore don't have
permission to read values out of AD? AD typically doesn't allow
unauthenticated users to query it. You get a different error with the LDAP
provider (which is what I'm more familiar with), but the error you are
getting with WinNT makes sense to me in this context.
I'm logged in with a domain account that has admin privileges on this
machine.
I can check with our IT guy and see what domain creds (probably not
many) I have. The easy test would be to have him log into my machine and
run it as him.
thanks
mike
Generally speaking, if you are logged in as a domain user, I'd expect your
account to be able to read these properties, so something else might be
wrong. However, it is pretty hard to say what the issue is. I wonder if
you would be able to read these attributes with the LDAP provider connecting
back to the domain.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net
--
>
I'm logged in with a domain account that has admin privileges on this
machine.
I can check with our IT guy and see what domain creds (probably not many)
I have. The easy test would be to have him log into my machine and run it
as him.
thanks
mike
Generally speaking, if you are logged in as a domain user, I'd expect your
account to be able to read these properties, so something else might be
wrong. However, it is pretty hard to say what the issue is. I wonder if
you would be able to read these attributes with the LDAP provider connecting
back to the domain.
I noticed that the DirectoryEntry constructor takes name, password,
and authentication type.
I assume I can use those and prompt for an domain admin name/pswd?
I just tried it, asked our IT guy to login as domain admin and it
wouldn't login and gave a COM exception.
But this is a bit odd, I'm trying to connect to the local machine with
a domain admin login?
I'm really out of my element here and really am guessing at this point.
Even looking at the user's DirectoryEntry object I can see that some
properties like Guid, say "UnauthorizedAccessException"
So how does one use the name/password/authentication type of the
DirectoryEntry constructor to pass in a name/password of of someone who
has domain admin privileges? and is his the correct way to be thinking
about this?
thanks
mike
That should work in general. The WinNT provider can be a little less
reliable than the LDAP provider when providing credentials, but it should
work in most cases.
Typically, you should be able to supply a username via "domain\user", a
password and AuthenticationTypes.Secure. If that doesn't work, let us know
what the actual COMException details were.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net
--
"Michael Howes" <mh****@xfortebio.comwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
>
>Generally speaking, if you are logged in as a domain user, I'd expect
your account to be able to read these properties, so something else might
be wrong. However, it is pretty hard to say what the issue is. I wonder
if you would be able to read these attributes with the LDAP provider
connecting back to the domain.
I noticed that the DirectoryEntry constructor takes name, password, and
authentication type.
I assume I can use those and prompt for an domain admin name/pswd?
I just tried it, asked our IT guy to login as domain admin and it
wouldn't login and gave a COM exception.
But this is a bit odd, I'm trying to connect to the local machine with a
domain admin login?
I'm really out of my element here and really am guessing at this point.
Even looking at the user's DirectoryEntry object I can see that some
properties like Guid, say "UnauthorizedAccessException"
So how does one use the name/password/authentication type of the
DirectoryEntry constructor to pass in a name/password of of someone who
has domain admin privileges? and is his the correct way to be thinking
about this?
thanks
mike
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Dinçer |
last post by:
Hi,
I am trying to get user data (email data actually) from Active Directory.
What I exactly want to do is, getting the email address according to
username from the domain.
For example, when I...
|
by: JerryP |
last post by:
Hello,
is there a way to launch the property dialogue for a directory from my c#
app ?
I would also like to launch the User Account Properties from Active
Directory Users and Computers, and the...
|
by: Dinçer |
last post by:
Hi,
I am trying to get user data (email data actually) from Active Directory.
What I exactly want to do is, getting the email address according to
username from the domain.
For example, when I...
|
by: agarrettb |
last post by:
Hi all,
I have a directory entry object the specifies "members" in its
properties collection to retrieve:
groupEntry.Properties("member")
Instead of just using "member" to return members I...
|
by: Kenneth Keeley |
last post by:
Hi,
I am looking for a sample of how to get the password last set for a user in
active directory in a format that we can read. I am using ASP.Net and C# I
have got as far as get the value. but I...
|
by: jimmyfishbean |
last post by:
Hi,
My client has the following network structure:
2 Windows 2003 servers :
Server 1 - Web server running IIS, ftp import and export folder,
ASP.NET SOAP web service and asp code on here....
|
by: Derek Martin |
last post by:
Using VB.Net, I would like to retrieve the currently logged in user's DN
from Active Directory. Alternatively, if, using WindowsIdentity, or
something similar, I would like to get the user's full...
|
by: =?Utf-8?B?dGhsMTAwMA==?= |
last post by:
Hi NG,
i need to list the logonHours for a specific user.
I'm trying to convert code from vbscript (is working) to vb.net, but the
vb.net code does not work.
Here are the code listings:
1:...
|
by: dotnetpeep |
last post by:
Hi
I am trying to find the passwordexpirationdate for a user. I am able to get that in active directory. The code is as follows
using (Domain domain = Domain.GetCurrentDomain())
...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
