My plan is to create some OU's, then some Groups (each with their own security poperties - ForeFront and CA is also installed). Then I will create some users and add them to the groups.
I know how to create OU's, groups, and users, and I know how to add users to groups.
But I don't know how to set the security properties of a group or a user.
I found this code, but it's not working for me:
Expand|Select|Wrap|Line Numbers
- static void SecurityStuff(string groupFQDN,string user)
- {
- DirectoryEntry directoryEntry = new DirectoryEntry(string.Format("LDAP://{0}",dudu.test.com/cn=batata,ou=Users and Groups,ou=FIM,ou=Local,dc=dudu,dc=test,dc=com),"username","password");
- ActiveDirectorySecurity adSecurity = directoryEntry.ObjectSecurity;
- string sd = adSecurity.GetSecurityDescriptorSddlForm(AccessControlSections.All);
- IdentityReference newidentity = new System.Security.Principal.NTAccount("dudu.test.com",user);
- ActiveDirectoryAccessRule newAccessRule = new ActiveDirectoryAccessRule(newidentity, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow);
- try
- {
- directoryEntry.ObjectSecurity.AddAccessRule(newAccessRule);
- }
- catch (Exception e)
- {
- Console.WriteLine(e.Message.ToString());
- }
- directoryEntry.CommitChanges();
- }
I get this error from the code:
Expand|Select|Wrap|Line Numbers
- Some or all identity references could not be translated.
Thanks.