0

I'm trying to remove a certain user from an Active Directory group using C#. Here is my piece of code which should handle my task, even though it does not currently work.

public static bool RemoveUserFromGroup(string UserId, string GroupId)
{
    using (var directory = new DirectoryEntry("LDAP://server"))
    {
        using (var dSearch = new DirectorySearcher(directory))
        {
            try
            {
                dSearch.Filter = "(sAMAccountName=" + UserId + ")";
                SearchResult sr = dSearch.FindOne();
                System.DirectoryServices.PropertyCollection UserProperties = sr.GetDirectoryEntry().Properties;
                if(UserProperties == null)
                    return false;
                foreach(object Group in UserProperties["memberOf"])
                {
                    if(Group.ToString() == GroupId)
                    {
                        UserProperties["memberOf"].Remove(GroupId);
                        directory.CommitChanges();
                        directory.Close();
                        return true;
                    }
                }
            }
            catch (Exception e)
            {
                return false;
            }
        }
    }
    return false;
}

Please excuse me if there are any typos within this code, I had to manually copy it from the machine I am developing on, which has no internet access sadly.

halfer
  • 19,824
  • 17
  • 99
  • 186
Tommy Naidich
  • 752
  • 1
  • 5
  • 23
  • possible duplicate of [Adding and removing users from Active Directory groups in .NET](http://stackoverflow.com/questions/2143052/adding-and-removing-users-from-active-directory-groups-in-net) – har07 Feb 23 '14 at 07:06

2 Answers2

1

Use:

public void RemoveUserFromGroup(string userId, string groupName)
{   
    try 
    { 
        using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "COMPANY"))
        {
            GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, groupName);
            group.Members.Remove(pc, IdentityType.UserPrincipalName, userId);
            group.Save();
        }
    } 
    catch (System.DirectoryServices.DirectoryServicesCOMException E) 
    { 
        //doSomething with E.Message.ToString(); 

    }
}
Community
  • 1
  • 1
  • I have already tried using this method but it did not work for me. I get the message "No principal matching the specified parameters was found". When I go into debug mod I can see that the count of "Members" throws an exception, but if I click "Result View" and expand the results I see the actual group members. Though, seems like I can not access them. Any ideas? – Tommy Naidich Feb 23 '14 at 07:28
  • 8
    Managed to bypass this error by switching "IdentityType.UserPrincipalName" to "IdentityType.SamAccountName". – Tommy Naidich Feb 23 '14 at 07:40
  • the above is the answer to this – AShah Feb 04 '19 at 18:48
0
 public string RemoveUserFromList(string UserID, string ListName)
    {
        try
        {
            using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "DomainName", UserName, Password))
            {
                GroupPrincipal group = GroupPrincipal.FindByIdentity(pc, ListName);
                group.Members.Remove(pc, IdentityType.SamAccountName, UserID);
                group.Save();
            }
            return "Success";
        }
        catch (Exception ex)
        {
            return ex.Message;
        }
    }
Dan W
  • 89
  • 1
  • 6