I'm writing a utility to manage a machines *local* accounts in c#
I am getting all the users in a specific Group just fine but when I
want to get some of the information on each user from their Properties
collection I can't get the properties on some users.
For example, I get all the users that are part of my machines
Administrators Group. I get get the properties of the built in local
Administrator account and some local IT account, and the Domain Admins
account but some of the users, I think the users that are on the domain
(I'm not sure) that are added to the local group throw an "Access is
denied" error when trying to do something like this;
if (user.Properties["Description"].Value != null)
lbUsers.Items.Add(user.Properties["Description"].Value.ToString());
I'm getting these users using this code;
DirectoryEntry localMachine = new DirectoryEntry("WinNT://" +
Environment.MachineName + ",Computer");
DirectoryEntry admGroup = localMachine.Children.Find("Administrators",
"group");
object members = admGroup.Invoke("members", null);
anybody have any ideas?
thanks
mike
PS If you want to reply directly instead of on the group, remove the x
from my email address. I get enough spam as it is and found when I post
to these groups my spam nearly doubles.
5  13044 
Are you logged in with a local machine account or a domain account when you
do this? Perhaps you don't have domain creds and therefore don't have
permission to read values out of AD? AD typically doesn't allow
unauthenticated users to query it. You get a different error with the LDAP
provider (which is what I'm more familiar with), but the error you are
getting with WinNT makes sense to me in this context.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net
--
"Michael Howes" <mh****@xfortebio.comwrote in message
news:eW**************@TK2MSFTNGP04.phx.gbl...
>
I'm writing a utility to manage a machines *local* accounts in c#
I am getting all the users in a specific Group just fine but when I want
to get some of the information on each user from their Properties
collection I can't get the properties on some users.
For example, I get all the users that are part of my machines
Administrators Group. I get get the properties of the built in local
Administrator account and some local IT account, and the Domain Admins
account but some of the users, I think the users that are on the domain
(I'm not sure) that are added to the local group throw an "Access is
denied" error when trying to do something like this;
if (user.Properties["Description"].Value != null)
lbUsers.Items.Add(user.Properties["Description"].Value.ToString());
I'm getting these users using this code;
DirectoryEntry localMachine = new DirectoryEntry("WinNT://" +
Environment.MachineName + ",Computer");
DirectoryEntry admGroup = localMachine.Children.Find("Administrators",
"group");
object members = admGroup.Invoke("members", null);
anybody have any ideas?
thanks
mike
PS If you want to reply directly instead of on the group, remove the x
from my email address. I get enough spam as it is and found when I post to
these groups my spam nearly doubles.
Are you logged in with a local machine account or a domain account when you
do this? Perhaps you don't have domain creds and therefore don't have
permission to read values out of AD? AD typically doesn't allow
unauthenticated users to query it. You get a different error with the LDAP
provider (which is what I'm more familiar with), but the error you are
getting with WinNT makes sense to me in this context.
I'm logged in with a domain account that has admin privileges on this
machine.
I can check with our IT guy and see what domain creds (probably not
many) I have. The easy test would be to have him log into my machine and
run it as him.
thanks
mike
Generally speaking, if you are logged in as a domain user, I'd expect your
account to be able to read these properties, so something else might be
wrong. However, it is pretty hard to say what the issue is. I wonder if
you would be able to read these attributes with the LDAP provider connecting
back to the domain.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net
--
>
I'm logged in with a domain account that has admin privileges on this
machine.
I can check with our IT guy and see what domain creds (probably not many)
I have. The easy test would be to have him log into my machine and run it
as him.
thanks
mike
Generally speaking, if you are logged in as a domain user, I'd expect your
account to be able to read these properties, so something else might be
wrong. However, it is pretty hard to say what the issue is. I wonder if
you would be able to read these attributes with the LDAP provider connecting
back to the domain.
I noticed that the DirectoryEntry constructor takes name, password,
and authentication type.
I assume I can use those and prompt for an domain admin name/pswd?
I just tried it, asked our IT guy to login as domain admin and it
wouldn't login and gave a COM exception.
But this is a bit odd, I'm trying to connect to the local machine with
a domain admin login?
I'm really out of my element here and really am guessing at this point.
Even looking at the user's DirectoryEntry object I can see that some
properties like Guid, say "UnauthorizedAccessException"
So how does one use the name/password/authentication type of the
DirectoryEntry constructor to pass in a name/password of of someone who
has domain admin privileges? and is his the correct way to be thinking
about this?
thanks
mike
That should work in general. The WinNT provider can be a little less
reliable than the LDAP provider when providing credentials, but it should
work in most cases.
Typically, you should be able to supply a username via "domain\user", a
password and AuthenticationTypes.Secure. If that doesn't work, let us know
what the actual COMException details were.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming" http://www.directoryprogramming.net
--
"Michael Howes" <mh****@xfortebio.comwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
>
>Generally speaking, if you are logged in as a domain user, I'd expect
your account to be able to read these properties, so something else might
be wrong. However, it is pretty hard to say what the issue is. I wonder
if you would be able to read these attributes with the LDAP provider
connecting back to the domain.
I noticed that the DirectoryEntry constructor takes name, password, and
authentication type.
I assume I can use those and prompt for an domain admin name/pswd?
I just tried it, asked our IT guy to login as domain admin and it
wouldn't login and gave a COM exception.
But this is a bit odd, I'm trying to connect to the local machine with a
domain admin login?
I'm really out of my element here and really am guessing at this point.
Even looking at the user's DirectoryEntry object I can see that some
properties like Guid, say "UnauthorizedAccessException"
So how does one use the name/password/authentication type of the
DirectoryEntry constructor to pass in a name/password of of someone who
has domain admin privileges? and is his the correct way to be thinking
about this?
thanks
mike
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Dinçer |
last post by:
Hi,
I am trying to get user data (email data actually) from Active Directory.
What I exactly want to do is, getting the email address according to
username from the domain.
For example, when I...
|
by: JerryP |
last post by:
Hello,
is there a way to launch the property dialogue for a directory from my c#
app ?
I would also like to launch the User Account Properties from Active
Directory Users and Computers, and the...
|
by: Dinçer |
last post by:
Hi,
I am trying to get user data (email data actually) from Active Directory.
What I exactly want to do is, getting the email address according to
username from the domain.
For example, when I...
|
by: agarrettb |
last post by:
Hi all,
I have a directory entry object the specifies "members" in its
properties collection to retrieve:
groupEntry.Properties("member")
Instead of just using "member" to return members I...
|
by: Kenneth Keeley |
last post by:
Hi,
I am looking for a sample of how to get the password last set for a user in
active directory in a format that we can read. I am using ASP.Net and C# I
have got as far as get the value. but I...
|
by: jimmyfishbean |
last post by:
Hi,
My client has the following network structure:
2 Windows 2003 servers :
Server 1 - Web server running IIS, ftp import and export folder,
ASP.NET SOAP web service and asp code on here....
|
by: Derek Martin |
last post by:
Using VB.Net, I would like to retrieve the currently logged in user's DN
from Active Directory. Alternatively, if, using WindowsIdentity, or
something similar, I would like to get the user's full...
|
by: =?Utf-8?B?dGhsMTAwMA==?= |
last post by:
Hi NG,
i need to list the logonHours for a specific user.
I'm trying to convert code from vbscript (is working) to vb.net, but the
vb.net code does not work.
Here are the code listings:
1:...
|
by: dotnetpeep |
last post by:
Hi
I am trying to find the passwordexpirationdate for a user. I am able to get that in active directory. The code is as follows
using (Domain domain = Domain.GetCurrentDomain())
...
|
by: lllomh |
last post by:
Define the method first
this.state = {
buttonBackgroundColor: 'green',
isBlinking: false, // A new status is added to identify whether the button is blinking or not
}
autoStart=()=>{
|
by: Mushico |
last post by:
How to calculate date of retirement from date of birth
|
by: DJRhino |
last post by:
Was curious if anyone else was having this same issue or not....
I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...
|
by: tracyyun |
last post by:
Hello everyone,
I have a question and would like some advice on network connectivity. I have one computer connected to my router via WiFi, but I have two other computers that I want to be able to...
|
by: giovanniandrean |
last post by:
The energy model is structured as follows and uses excel sheets to give input data:
1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
|
by: NeoPa |
last post by:
Hello everyone.
I find myself stuck trying to find the VBA way to get Access to create a PDF of the currently-selected (and open) object (Form or Report).
I know it can be done by selecting :...
|
by: NeoPa |
last post by:
Introduction
For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM)
Please note that the UK and Europe revert to winter time on...
|
by: nia12 |
last post by:
Hi there,
I am very new to Access so apologies if any of this is obvious/not clear.
I am creating a data collection tool for health care employees to complete. It consists of a number of...
| |
