Creating and Mapping HomeDirectory Through Code- Active Directory

Posted on 2009-05-01
Last Modified: 2013-11-05
Hi all,

I have tried doing this is both C# and and am running into the same problems for both of them.

I have a program that creates a new user and also creates the users home directory. The problem is, is that the user is not getting the correct permissions to the drive. When I look at the permissions compared to the permissions given if i were to do this from the AD snapin they look exactly the same to me.

If i go into the user and reapply the homedrive mapping it works perfectly. I look at the folders security and It creates a new account (same username as I am creating with code) that has the exact same permissions that I am assigning.

My question is, has anyone else ran into this AND does anyone have a solution? Ill post the code up for my C# program in case anyone can see what I am missing.

Thanks in advance.
public static void CreateDir(String strSitePath, String strUserName)





                SecurityDescriptor secDesc = SecurityDescriptor.GetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);

                Dacl dacl = secDesc.Dacl;

                Sid sidUser = new Sid(strUserName);

                dacl.AddAce(new AceAccessAllowed(sidUser, AccessType.GENERIC_ALL, Microsoft.Win32.Security.AceFlags.OBJECT_INHERIT_ACE | Microsoft.Win32.Security.AceFlags.CONTAINER_INHERIT_ACE));


                secDesc.SetFileSecurity(strSitePath, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION);                




                MessageBox.Show("Didnt work");


Open in new window

Question by:cepacs
    LVL 22

    Assisted Solution

    You're probably running into permission inheritance issues (or share permission issues).  Have you seen:

    LVL 2

    Author Comment

    I have that set already. Its almost as if the permissions do not actually get applied. They show up where they should be, but they do not take effect.
    LVL 2

    Accepted Solution

    For anyone interested I ended up going with here is the code

    Private Sub createFolderFC(ByVal path As String, ByVal firstName As String, ByVal lastName As String)
            Dim dirInfo As New DirectoryInfo(path)
            Dim dirSecurity As DirectorySecurity = dirInfo.GetAccessControl()        
            Dim DE As DirectoryEntry = New DirectoryEntry()
            Dim sidBin() As Byte = DirectCast(DE.Properties("objectSid").Value, Byte())
            Dim sid As New SecurityIdentifier(sidBin, 0)
            dirSecurity.AddAccessRule(New FileSystemAccessRule(sid, FileSystemRights.FullControl, InheritanceFlags.ContainerInherit Or InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))
            dirSecurity.AddAccessRule(New FileSystemAccessRule(sid, FileSystemRights.FullControl, InheritanceFlags.ObjectInherit Or InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow))
            dirSecurity.AddAccessRule(New FileSystemAccessRule(sid, FileSystemRights.FullControl, AccessControlType.Allow))
        End Sub

    Open in new window


    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    The saying goes a bad carpenter blames his tools. In the Directory Services world a bad system administrator, well, even with the best tools they’re probably not going to become an all star.  However for the system admin who is willing to spend a li…
    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now