13

I used the example in this page to add a user to an Active Directory group, but I get an exception with the message "Server is unwilling to process the request" when executing

dirEntry.Properties["member"].Add(userDn);

Mauricio Ramalho
  • 849
  • 1
  • 8
  • 15
  • I would also like to add reference to link [C# : The server is unwilling to process the request](http://nzpcmad.blogspot.in/2012/03/c-server-is-unwilling-to-process.html). The link was helpful to me. – Vikram Singh Saini May 11 '15 at 13:36
  • @Mauricio I would request you to answer your own question. Because this question is getting hits so that one can answer. But then he finds that it had been answered. So it will be good if you can answer it own. – Vikram Singh Saini Jun 15 '15 at 08:20

6 Answers6

8

I had a similar issue where I was trying to add a member to a group. Specifically trying to add a group to a group and getting the same helpful error 'The server is unwilling to process the request' The answer provided by the OP did not work for me.

For me, the reason I was unable to add a group to my group was because the group I was trying to add members to was a 'global' scoped group whereas it needed to be a 'universal' scoped group. Hope this helps someone.

Ju66ernaut
  • 2,592
  • 3
  • 23
  • 36
  • Yes this error is always thrown when the type of data requested in the update is rejected. In your case the type of group, in my case another error with the DN value. – Tony Wall Jan 21 '16 at 17:10
3

This question took me a lot of time to solve. First of all, the error message looks like a joke. Second, there is nothing more, just that message.

Anyway, I managed to fix it by:

  1. Making sure that userDn contains the whole path (e.g., "LDAP://server-address/CN=" + userDn + ",OU=optional,DC=your-domain,DC=com". This is actually very important, if you don't supply the full path it will throw an Exception from HRESULT: 0x80005000.

  2. Replacing dirEntry.Properties["member"].Add(userDn); by entry.Invoke("Add", new object[] { userDn });

Then I wanted to remove a user and I expected entry.Invoke("Remove", new object[] { userDn }); to work. However, this devilish AD will only work if you use lower case "remove", so entry.Invoke("remove", new object[] { userDn }); worked for me.

Mauricio Ramalho
  • 849
  • 1
  • 8
  • 15
  • You probably had the wrong type of searcher. There is no requirement to use the full LDAP path unless you are not working with the LDAP classes rather than the higher level DirectorySearcher and DirectoryEntry. This exception is always thrown when the format of the value is not acceptable. I agree the message is silly and should be changed to a validation exception with clear indication which validation check failed. – Tony Wall Jan 21 '16 at 17:13
  • Maybe you found a workaround indirectly, but I think your issue was caused more by the type of searcher/root entry (e.g. sometimes you need to create the searcher which produces your entry from a global catalog, sometimes a DC, sometimes a domain). – Tony Wall Jan 21 '16 at 17:13
2

I got this generic error message when my path did not match the forest domain name. For example, if my forest domain name is ad.example.com, and I am trying to create a group with path CN=Users,DC=example,DC=net one has .com the other has .net - they don't line up. I would need to correct my group to match. My group path should then be CN=Users,DC=example,DC=com.

barrypicker
  • 9,740
  • 11
  • 65
  • 79
  • This resolved my issue when I was trying to use Ansible to create an Active Directory user. I needed to correct the Distinguished Name of the OU that I was trying to create a user in. In Ansible terms, I needed to correct the community.windows.win_domain_user > path. – Dave Dec 13 '22 at 20:20
1

ldapwiki.com describes potential causes for "The server is unwilling to process the request". Check ExtendedErrorMessage property of your exception to figure out what applies. In my case "00002145: SvcErr: DSID-031A1254, problem 5003 (WILL_NOT_PERFORM)". The following line resolved the issue:

ent.Properties["groupType"].Value = 8;

I had missed to set groupType and so attempted to nest a universal group in a global group. Find more information on groupType attribute in ldapwiki.com

Markus
  • 63
  • 2
  • 7
0

Just look out, because the start of the .properties("distinguished Name") can be different than the .properties("cn"). If the user is created with a , or ; in the .properties("cn"), the start of the .properties("distinguished Name") will be the username with \, or \;.

This can give an error if u are trying to add a user you found by use of .properties("cn") to a Group.

Laurenz Albe
  • 209,280
  • 17
  • 206
  • 263
David Busschots
  • 1
-1

After many days searching i find the problem. when you add user in group you must set "distinguished Name" not LDAP path.

You must write like this:

ent.Properties["member"].Add("CN=YourUserName,OU=optional,DC=yourdomain,DC=com");

This is wrong code:

ent.Properties["member"].Add("LDAP://CN=YourUserName,OU=optional,DC=yourdomain,DC=com");

Also when you do remove mast to save this rule

ent.Properties["member"].Remove("CN=YourUserName,OU=optional,DC=yourdomain,DC=com");

P.S. ent is DirectoryEntry object of group

Mate
  • 4,976
  • 2
  • 32
  • 38
Tornike Chuchulashvili
  • 11
  • 1