Adding NETWORK SERVICE as new user to AD LDS instance administrator member

Question

I try to add the Network Service as a member of the Administrator group of my AD LDS instance but "constraint violation occurred" error always prompts me; but then if i add the Network Service manually from ADSI and then i delete it the strange thing happens, my code starts to work fine

My question, is there any constraint that you have to follow the first time you add a new user to your group?

My code:

  Using lEntry As New DirectoryEntry(mLDAPAddress &"CN=Administrators,CN=Roles" & "," & mLDAPInstance)
            Try
                Dim lMembers = lEntry.Properties("member")
                lMembers.Add("CN=SccAdmin,CN=SccAdmins" & "," & mLDAPInstance)
                'The above works fine, the below not so
                lMembers.Add("CN=S-1-5-20,CN=ForeignSecurityPrincipals" & "," & mLDAPInstance)
                lEntry.CommitChanges()
                Return True
            Catch ex As System.Runtime.InteropServices.COMException
                aError = ex.Message
            End Try
        End Using

Why am i receiving -1s? Is this not a valid question? If you think so please point me into the right direction... — wookiee, Nov 23 '15 at 08:40

score 0 · Accepted Answer · answered Nov 20 '15 at 19:26

0

The foreign security principal is getting created when you add it with ADSI Edit in the background. Try adding "NT AUTHORITY\NETWORK SERVICE" in your code in lieu of the DN of the FSP as you're doing now.

answered Nov 20 '15 at 19:26

Brian Desmond

4,473
1
13
11

Adding NETWORK SERVICE as new user to AD LDS instance administrator member

1 Answers1