Solved

NTAccount Translation seconds after account has been created c#

Posted on 2010-08-17
2
760 Views
Last Modified: 2012-05-10
Hey all I am getting the following error, what I am doing is creating an account in the AD then a split second later creating their home folder. Another split second later I am assigning the permissions to the folder but for some reason I can not translate the account. Do I need to wait a set time?

17/08/2010 09:00:43: Permissions: EB0849758 FAILED - System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.NTAccount.Translate(Type targetType)
   at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified)
   at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule)
   at System.Security.AccessControl.FileSystemSecurity.AddAccessRule(FileSystemAccessRule rule)
   at KazooSoft.FolderPermissions.AddFolderSecurity(String folderName, String account, FileSystemRights rights, AccessControlType controlType) in \\ncs-srv09\staffhomes$\schurch\My Documents\Visual Studio 2010\Projects\KazooADIntegrationUtility\KS-FolderPermission.cs:line 68
0
Comment
Question by:KazooSoft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 12

Accepted Solution

by:
Rant32 earned 500 total points
ID: 33454551
Yes, it is possible that the domaincontroller that authenticated your fileserver has not received the update for the new user account yet. This is normal behaviour.

Within a 2003 AD site, any domain controller waits 15 seconds before sending an update notification to its replication partners, with a maximum of 3 hops. Reference: http://technet.microsoft.com/en-us/library/cc728010%28WS.10%29.aspx

Instead of waiting for a random interval, you may catch the specific exception and retry after 15 seconds.
0
 
LVL 4

Author Comment

by:KazooSoft
ID: 33454815
Cheers Rant, that's what I ended up doing.
0

Featured Post

Ready to get started with anonymous questions?

It's easy! Check out this step-by-step guide for asking an anonymous question on Experts Exchange.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
A hard and fast method for reducing Active Directory Administrators members.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question