Solved

Add User to AD Group from another Domain

Posted on 2010-09-01
8
273 Views
Last Modified: 2012-05-10
How do you add a user to an AD group in one domain (external), from another domain (internal), in asp.net? I know they're referenced in the external domain by their SID, but I'm not sure how to add a user that way.  Here is the code I have for adding a new user: (Note: code taken from http://www.vbdotnetheaven.com/UploadFile/ecabral/ADandNETInVB11112005020216AM/ADandNETInVB.aspx)

    Dim dirEntry As DirectoryEntry
    If internal Then
        dirEntry = GetDirectoryEntry(True, False)
    Else
        dirEntry = GetDirectoryEntry(False, False)
    End If

    Dim deSearch As DirectorySearcher = New DirectorySearcher()
    'deSearch.SearchRoot = de
    deSearch.Filter = "(&(objectClass=group) (cn=" & GroupName & "))"
    Dim results As SearchResultCollection = deSearch.FindAll()
    Dim isGroupMember As Boolean = False
    If results.Count > 0 Then
        Dim group As New DirectoryEntry(results(0).Path)
        Dim members As Object = group.Invoke("Members", Nothing)
        For Each member As Object In CType(members, IEnumerable)
            Dim x As DirectoryEntry = New DirectoryEntry(member)
            Dim name As String = x.Name
            If name <> deUser.Name Then
                isGroupMember = False
            Else
                isGroupMember = True
                Exit For
            End If
        Next member
        If (Not isGroupMember) Then
            group.Invoke("Add", New Object() {deUser.Path.ToString()})
        End If
        group.Close()
    End If

Open in new window


0
Comment
Question by:Rainverse
  • 3
  • 2
8 Comments
 
LVL 38

Expert Comment

by:puppydogbuddy
ID: 33587200
check out the code at this link and see if it is what you are looking for:
                http://www.codeproject.com/KB/vb/ActiveDirectory_Group_VB.aspx
0
 
LVL 38

Expert Comment

by:puppydogbuddy
ID: 33763803
I object to deleting this question because I believe the cited reference source (which has been viewed 41,000+ times) directly answers the question, and should remain as part of the  EE Knowledge Base.
0
 
LVL 5

Accepted Solution

by:
Rainverse earned 0 total points
ID: 33764105
Actually it didn't. That reference is very helpful for most required AD actions but not for what I needed to do. The answer turned out to be the following:

You have to get a string value of the SID of the user in the internal domain. Then you can add that to the external AD group and it acts as a reference pointer to the internal AD user record.
0
 
LVL 38

Expert Comment

by:puppydogbuddy
ID: 33764270
Rainverse,
Thank you for posting the solution to your question.  That gives us even more reason not to delete this post.  It should be saved in the knowledge base for the benefit of EE users who have a similar problem in the future.
0
 
LVL 5

Author Comment

by:Rainverse
ID: 33764393
I usually do. Just been super busy.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question