0

I'm experiencing some problems when unlocking a locked account on AD.

I'll keep it very simple. I'm assuming that the account is currently locked.

UserPrincipal oUserPrincipal = ADMethods.GetUser("test.user");  
oUserPrincipal.UnlockAccount();  
oUserPrincipal.Save();`

oUserPrincipal is returned using an Admin account on the TEST AD though a PrincipalContext

Now ..

oUserPrincipal.UnlockAccount(); is generating an exception

System.UnauthorizedAccessException

When checking the logs on the "Test AD server", it's returning a failed negotiation stating that "test.user" is locked out. Since I'm returning a user principal using an admin account, why is unlockAccount method generating an error?

Would appreciate your help.

Exception is as follows.

System.UnauthorizedAccessException: Access is denied.

   at System.DirectoryServices.Interop.UnsafeNativeMetho  ds.IAds.SetInfo()
   at System.DirectoryServices.DirectoryEntry.CommitChan  ges()
   at System.DirectoryServices.AccountManagement.SDSUtil  s.WriteAttribute(String dePath, String attribute, Int32 value, NetCred credentials, AuthenticationTypes authTypes)
   at System.DirectoryServices.AccountManagement.ADStore  Ctx.WriteAttribute(Principal p, String attribute, Int32 value)
   at System.DirectoryServices.AccountManagement.ADStore  Ctx.UnlockAccount(AuthenticablePrincipal p)
   at System.DirectoryServices.AccountManagement.Account  Info.UnlockAccount()
   at ADMethodsAccountManagement.UnlockUserAccount(Strin  g sUserName) in C:\Users\christian.debono\documents\visual studio 2010\Projects\UnlockApp\UnlockApp\ADMethodsAccount  Management.cs:line 182
   at UnlockApp.Form1.UnlockButton_Click(Object sender, EventArgs e) in C:\Users\christian.debono\documents\visual studio 2010\Projects\UnlockApp\UnlockApp\Form1.cs:line 30
   at System.Windows.Forms.Control.OnClick(EventArgs e)
   at System.Windows.Forms.Button.OnClick(EventArgs e)
   at System.Windows.Forms.Button.OnMouseUp(MouseEventAr  gs mevent)
   at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
   at System.Windows.Forms.Control.WndProc(Message& m)
   at System.Windows.Forms.ButtonBase.WndProc(Message& m)
   at System.Windows.Forms.Button.WndProc(Message& m)
   at System.Windows.Forms.Control.ControlNativeWindow.O  nMessage(Message& m)
   at System.Windows.Forms.Control.ControlNativeWindow.W  ndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
christiandbn
  • 1
  • 1
  • 1
  • 1
    This : "Access is denied. ", seems self explanatory. – Mitch Wheat Nov 10 '10 at 08:49
  • yes but I'm running the executable with Administrator privileges, and the service account I'm using is an administrator on the server and on AD. I can use the account to log onto the server manually and do the changes, but not through this code. Any idea as to why this is throwing an Access denied exception? – christiandbn Nov 12 '10 at 10:42

1 Answers1

0

Are you sure that the Service User that you are using have rights to unlock accounts? I had experienced a situation before where we have a service user which have admin rights but was declined in unlocking accounts, also if the account you are unlocking have a higher permissions than the one unlocking it that wont work as well , I guess the best way to test it is if your own AD Account have the privilegde of unlocking the account try it first in Active Directory Users and Computer by unlocking the said account then when successful try it again on your code. Hope this makes sense.

Raymund
  • 7,684
  • 5
  • 45
  • 78