Add a manager to an Active Directory Distribution Group using C# *with permissions*

I could only find this one c# example (http://www.codecomments.com/message851312.html), but here's another generic display to loop through the DACL..
http://www.cruto.com/resources/vbscript/vbscript-examples/ad/groups/List-the-Managed-By-Information-for-a-Group.asp

You need to use the managed ObjectSecurity to do that:

using (DirectoryEntry entry = new DirectoryEntry("LDAP://..."))
            {
                foreach (DirectoryEntry child in entry.Children)
                {
                    // Get the objects ObjectSecurity
                    ActiveDirectorySecurity compSecurity = child.ObjectSecurity;
                    // Setup accessRule
                    ActiveDirectoryAccessRule accesRule = new ActiveDirectoryAccessRule(new NTAccount("user1"), ActiveDirectoryRights.AccessSystemSecurity, System.Security.AccessControl.AccessControlType.Allow);
                    compSecurity.AddAccessRule(acceRule);
                    child.CommitChanges();
                }
            }
You can add more permission to the Entry by adding a bitwise to the Rights enum:

ActiveDirectoryRights.AccessSystemSecurity | ActiveDirectoryRights.ListObject.

HTH

I attempted to do that Kate, but it never really worked. Here is my code:

try
{
DirectoryEntry entry = new DirectoryEntry("LDAP://CN=$TEST,OU=DistributionLists,OU=Outlook,OU=NA,DC=NA,DC=NA",null,null,AuthenticationTypes.Secure);
           
ActiveDirectorySecurity sec = entry.ObjectSecurity;
ActiveDirectoryAccessRule rule = new ActiveDirectoryAccessRule(new NTAccount("NACORP", "NAUSERID"), ActiveDirectoryRights.WriteProperty,  AccessControlType.Allow, ActiveDirectorySecurityInheritance.None);
sec.AddAccessRule(rule);
entry.CommitChanges();
}
catch (Exception myExp)
{
       Console.WriteLine(myExp.Message.ToString());
}


And every time I run it, i get an exeption:
A constraint violation occurred. (Exception from HRESULT: 0x8007202F)

with the extended error message:
0000051B: AtrErr: DSID-031508EC, #1:
      0: 0000051B: DSID-031508EC, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 20119 (nTSecurityDescriptor)


At least I know I am on the right path. All of your continued help is appreciated!

I rule. I found what I was missing here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.adsi.general&tid=386e54af-2b4d-4280-b7b2-882c9ebaee60&p=1

Good ol Joe Kaplan (who writes an awesome Directory Services programming book) had the missing line of code..

de.Options.SecurityMasks = SecurityMasks.Dacl;

I had the tell the directory entry I was talking about a DACL so it knew what I was sending at it. Once I added this line in, It was smooooth sailing.

            DirectoryEntry de = new DirectoryEntry("LDAP://CN=$TEST,OU=DistributionLists,OU=Outlook,OU=NA,DC=NA,DC=NA", null, null, AuthenticationTypes.Secure);
            de.Options.SecurityMasks = SecurityMasks.Dacl;
            ActiveDirectorySecurity sd = de.ObjectSecurity;
            Guid myGuid = new Guid("bf9679c0-0de6-11d0-a285-00aa003049e2");
            NTAccount accountName = new NTAccount("NACORP", "NAUSERID");
            IdentityReference acctSID = accountName.Translate(typeof(SecurityIdentifier));
            ActiveDirectoryAccessRule myRule = new ActiveDirectoryAccessRule(new SecurityIdentifier(acctSID.Value), ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, myGuid);
            sd.AddAccessRule(myRule);
            de.CommitChanges();


This is now resolved. I would recommend saving this ticket around, as it would be usefull to have the reference.

Well done... i'll keep that one under my hat! :-)