Add Computer Account as memberOf Windows Authorization Access Group.

First, I will be running this code on a Windows 2003 Server machine, using .net 2.0.

Essentially I just need to add the Windows Authorization Access Group to a Computer Account. I was attempting to do this with DirectoryServices, but I had no luck. It informed me in the form of an error that the server was "unwilling" to perform the operation.

And if I try to do it using ADSI Edit (this was just to test, I need to do it programmatically not using some GUI) I was informed that  "Access to the attribute is not permitted because the attribute is owned by the Security Accounts Manager (SAM)."

The code snippet I have attached illustrates the end-result I want, but I cannot do it using the code I attached, it throws the "unwilling" error. So if someone could assist me that would be great.
DirectoryEntry entry = new DirectoryEntry("LDAP://CN=SomeComputerName,CN=Computers,DC=SomeDomainName,DC=com");
entry.Properties["memberOf"].Add("CN=Windows Authorization Access Group,CN=Builtin,DC=SomeDomainName,DC=com");
entry.CommitChanges();

Open in new window

LVL 2
Drifter88zxtWAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Drifter88zxtWConnect With a Mentor Author Commented:
I have found the solution myself, I was performing the operation backwards. It seems because of the was AD handles the references one must add the computer to the group entry's "member" attribute as follows:




DirectoryEntry entry = new DirectoryEntry("LDAP://CN=Windows Authorization Access Group,CN=Builtin,DC=SomeDomain,DC=com");
entry.Properties["member"].Add("CN=SomeComputer,CN=Computers,DC=SomeDomain,DC=com");
entry.CommitChanges();

Open in new window

0
All Courses

From novice to tech pro — start learning today.