3

I have the code:

 public bool RemoveUserFromAdministratorsGroup(UserPrincipal oUserPrincipal, string computer)
 {
        try
        {
            PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Machine, computer, null, ContextOptions.Negotiate, _sServiceUser, _sServicePassword);
            GroupPrincipal oGroupPrincipal = GroupPrincipal.FindByIdentity(oPrincipalContext, "Administrators");

            oGroupPrincipal.Members.Remove(oUserPrincipal);
            oGroupPrincipal.Save();

            return true;
        }
        catch
        {
            return false;
        }

 }

It is worked without any excaption. But when i run my app again i see this user in my listview. So, the user wasn't removed.

andDaviD
  • 555
  • 1
  • 11
  • 26

3 Answers3

2

I have solved the issue without AccountManagment namespace.

 public bool RemoveUserFromAdminGroup(string computerName, string user)
 {
        try
        {
            var de = new DirectoryEntry("WinNT://" + computerName);
            var objGroup = de.Children.Find(Settings.AdministratorsGroup, "group");

            foreach (object member in (IEnumerable)objGroup.Invoke("Members"))
            {
                using (var memberEntry = new DirectoryEntry(member))
                    if (memberEntry.Name == user)
                        objGroup.Invoke("Remove", new[] {memberEntry.Path});
            }

            objGroup.CommitChanges();
            objGroup.Dispose();

            return true;
        }
        catch (Exception ex)
        {
            MessageBox.Show(ex.ToString());
            return false;
        }
 }
andDaviD
  • 555
  • 1
  • 11
  • 26
  • This is also the only way I could enumerate some machine-level groups, local or remote. The AccountManagement name space has some problems when there are domain-level principals in the machine-level groups. For example, adding CORP\myuser to the local Administrators group will cause the Members property on the GroupPrincipal to fail. – jproch Jun 07 '16 at 13:27
0

The below solution is for deleting the user with the help of Directory Service ...

   using System.DirectoryServices

  private DeleteUserFromActiveDirectory(DataRow in_Gebruiker)
  {
          DirectoryEntry AD = new DirectoryEntry(strPathActiveDirectory ,
              strUsername, strPassword)

          DirectoryEntry NewUser = 
              AD.Children.Find("CN=TheUserName", "User");

         AD.Children.Remove(NewUser);
         AD.CommitChanges();
         AD.Close();
  }
Glory Raj
  • 17,397
  • 27
  • 100
  • 203
  • This code is removed user which is located in the user group in domain. But i need remove account from administrator group on the remote machine. – andDaviD Oct 02 '11 at 09:38
0

I don't know what is exactly your problem but coding this way :

try
{
  PrincipalContext context = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "jpb", "passwd");

  /* Retreive a user principal
   */
  UserPrincipal user = UserPrincipal.FindByIdentity(context, "user1");

  /* Retreive a group principal
   */
  GroupPrincipal adminGroup = GroupPrincipal.FindByIdentity(context, @"dom\Administrateurs");

  foreach (Principal p in adminGroup.Members)
  {
    Console.WriteLine(p.Name);
  }

  adminGroup.Members.Remove(user);
  adminGroup.Save();
}
catch (Exception e)
{
  Console.WriteLine(e.Message);
}

Give me the following exception :

Information about the domain could not be retrieved (1355)

Digging a bit arround that show me that I was running my code on a computer that was not on the target domain. When I run the same code from the server itself it works. It seems that the machine running this code must at least contact the DNS of the target domain.

JPBlanc
  • 70,406
  • 17
  • 130
  • 175