Creating Groups in AD

  • Thread starter Thread starter Jason
  • Start date Start date
J

Jason

I am trying to write code that creates groups in AD using the DirectoryEntry
object in .NET. (I used to be able to do this easily using VBScript...)

Anyways, the following code throws a VEY generic (and unhelpful) error
message. The most obvious reason is that I am not setting some required
property but I have no clue which property that may be. I cannot seem to
find any samples on how to manipulate groups (only on how to work with
users).

entry = New DirectoryEntry("LDAP://ou=MyGroups,dc=mydomain,dc=com")
group = entry.Children.Add("cn=test", "Group")
group.CommitChanges()

The exception thrown is "A constraint violation occurred".

Thanks,
Jason
 
Search for active directory and vb.net on google and you will find few
articles that will help.
 
I have already tried doing google searches but did so again with your
suggested criteria. No help. Have yet to find a single article on how to
create a group or what the minimum required fields are when creating said
group.

- Jason
 
This should work unless there is a privilege constraint, the user
credentials used to bind are those of the current user.
Therefore I suggest you execute the same code using explicit credentials of
a domain admin.

Willy.
 
I am trying to write code that creates groups in AD using the DirectoryEntry
object in .NET. (I used to be able to do this easily using VBScript...)

entry = New DirectoryEntry("LDAP://ou=MyGroups,dc=mydomain,dc=com")
group = entry.Children.Add("cn=test", "Group")
group.CommitChanges()

The exception thrown is "A constraint violation occurred".

You also need to set at least the mandatory attributes, which includes
"sAMAccountName" !

entry = New DirectoryEntry("LDAP://ou=MyGroups,dc=mydomain,dc=com")
group = entry.Children.Add("cn=test", "Group")
group.Properties["sAMAccountName"].Value = "test";
group.CommitChanges()

Also, be aware that the SAM account name needs to be UNIQUE in your
domain! If it's not unique, the creation will fail.

Marc

================================================================
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch
 
Thanks Marc. That was it.

- Jason

Marc Scheuner said:
I am trying to write code that creates groups in AD using the
DirectoryEntry
object in .NET. (I used to be able to do this easily using VBScript...)

entry = New DirectoryEntry("LDAP://ou=MyGroups,dc=mydomain,dc=com")
group = entry.Children.Add("cn=test", "Group")
group.CommitChanges()

The exception thrown is "A constraint violation occurred".

You also need to set at least the mandatory attributes, which includes
"sAMAccountName" !

entry = New DirectoryEntry("LDAP://ou=MyGroups,dc=mydomain,dc=com")
group = entry.Children.Add("cn=test", "Group")
group.Properties["sAMAccountName"].Value = "test";
group.CommitChanges()

Also, be aware that the SAM account name needs to be UNIQUE in your
domain! If it's not unique, the creation will fail.

Marc

================================================================
Marc Scheuner May The Source Be With You!
Berne, Switzerland m.scheuner -at- inova.ch
 
Back
Top