I'm trying to create an app to configure a fresh install of AD or reset an AD to default values. This means using the DirectoryServices API.
My plan is to create some OU's, then some Groups (each with their own security poperties - ForeFront and CA is also installed). Then I will create some users and add them to the groups.
I know how to create OU's, groups, and users, and I know how to add users to groups.
But I don't know how to set the security properties of a group or a user.
I found this code, but it's not working for me:
static void SecurityStuff(string groupFQDN,string user)
{
DirectoryEntry directoryEntry = new DirectoryEntry(string.Format("LDAP://{0}",dudu.test.com/cn=batata,ou=Users and Groups,ou=FIM,ou=Local,dc=dudu,dc=test,dc=com),"username","password");
ActiveDirectorySecurity adSecurity = directoryEntry.ObjectSecurity;
string sd = adSecurity.GetSecurityDescriptorSddlForm(AccessControlSections.All);
IdentityReference newidentity = new System.Security.Principal.NTAccount("dudu.test.com",user);
ActiveDirectoryAccessRule newAccessRule = new ActiveDirectoryAccessRule(newidentity, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow);
try
{
directoryEntry.ObjectSecurity.AddAccessRule(newAccessRule);
}
catch (Exception e)
{
Console.WriteLine(e.Message.ToString());
}
directoryEntry.CommitChanges();
}
I get this error from the code:
Some or all identity references could not be translated.
Please point me in the right direction.
