First, I will be running this code on a Windows 2003 Server machine, using .net 2.0.
Essentially I just need to add the Windows Authorization Access Group to a Computer Account. I was attempting to do this with DirectoryServices, but I had no luck. It informed me in the form of an error that the server was "unwilling" to perform the operation.
And if I try to do it using ADSI Edit (this was just to test, I need to do it programmatically not using some GUI) I was informed that "Access to the attribute is not permitted because the attribute is owned by the Security Accounts Manager (SAM)."
The code snippet I have attached illustrates the end-result I want, but I cannot do it using the code I attached, it throws the "unwilling" error. So if someone could assist me that would be great.
DirectoryEntry entry = new DirectoryEntry("LDAP://CN=SomeComputerName,CN=Computers,DC=SomeDomainName,DC=com");
entry.Properties["memberOf"].Add("CN=Windows Authorization Access Group,CN=Builtin,DC=SomeDomainName,DC=com");