0

I have a system that creates, in realtime, an user in AD and prints a tag for credentials. That user is used by a person to navigate in the internet.

Everything was ok until now. That user cannot log on company's computer, only on the proxy servers.

In class UserPrincipal, we have the "PermittedWorkstations" property, but it is readonly.

Is there a way to set the PermittedWorkstations (or set the computers restrictions os the users, adding the computers that he is able to logon - like this image https://i.stack.imgur.com/tu2Kp.png)?

Marco
  • 1
  • First you need to ask yourself: why I need this? It will solve my problem? –  Feb 12 '15 at 16:16
  • Hi DeFirmo. We only have one AD domain in our company. In this case, when I create an user, it becomes a part of "domain users" group, which allows the user logon on any computer of the company. So, I need it. With the solution proposed by Rainer Schaack, it solved my problem. Thank you. – Marco Feb 13 '15 at 12:50

2 Answers2

0

As DeFirmo already mentioned: it is unlikely that the problem will be solved by setting the "Permitted Workstation", but nevertheless:

Use direct ADSI commands, the following works for me:

using System.DirectoryServices;

....

using (DirectoryEntry de = new DirectoryEntry("LDAP://CN=NewlyCreatedUser,CN=Users,DC=ad,DC=local"))
{
    de.Properties["userWorkstations"].Add("WS1,WS2");
    de.CommitChanges();
}
Rainer Schaack
  • 1,558
  • 13
  • 16
  • Oh, thank you @RainerSchaack, it worked for me too. That was what I was looking for. The property "PermittedWorkstations" of "UserPrincipal" class shows me the computers that I added from the solution you proposed. Now the users can only log on the proxy servers. Thank you again. – Marco Feb 13 '15 at 12:55
0

You must use the Add method of PermittedWorkstations Of User.Principal

User.PermittedWorkstations.Add("SampleWorkstation"));
zeuz1983
  • 123
  • 2
  • 10