Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 284
  • Last Modified:

Add User to AD Group from another Domain

How do you add a user to an AD group in one domain (external), from another domain (internal), in asp.net? I know they're referenced in the external domain by their SID, but I'm not sure how to add a user that way.  Here is the code I have for adding a new user: (Note: code taken from http://www.vbdotnetheaven.com/UploadFile/ecabral/ADandNETInVB11112005020216AM/ADandNETInVB.aspx)

    Dim dirEntry As DirectoryEntry
    If internal Then
        dirEntry = GetDirectoryEntry(True, False)
    Else
        dirEntry = GetDirectoryEntry(False, False)
    End If

    Dim deSearch As DirectorySearcher = New DirectorySearcher()
    'deSearch.SearchRoot = de
    deSearch.Filter = "(&(objectClass=group) (cn=" & GroupName & "))"
    Dim results As SearchResultCollection = deSearch.FindAll()
    Dim isGroupMember As Boolean = False
    If results.Count > 0 Then
        Dim group As New DirectoryEntry(results(0).Path)
        Dim members As Object = group.Invoke("Members", Nothing)
        For Each member As Object In CType(members, IEnumerable)
            Dim x As DirectoryEntry = New DirectoryEntry(member)
            Dim name As String = x.Name
            If name <> deUser.Name Then
                isGroupMember = False
            Else
                isGroupMember = True
                Exit For
            End If
        Next member
        If (Not isGroupMember) Then
            group.Invoke("Add", New Object() {deUser.Path.ToString()})
        End If
        group.Close()
    End If

Open in new window


0
Rainverse
Asked:
Rainverse
  • 3
  • 2
1 Solution
 
puppydogbuddyCommented:
check out the code at this link and see if it is what you are looking for:
                http://www.codeproject.com/KB/vb/ActiveDirectory_Group_VB.aspx
0
 
puppydogbuddyCommented:
I object to deleting this question because I believe the cited reference source (which has been viewed 41,000+ times) directly answers the question, and should remain as part of the  EE Knowledge Base.
0
 
RainverseAuthor Commented:
Actually it didn't. That reference is very helpful for most required AD actions but not for what I needed to do. The answer turned out to be the following:

You have to get a string value of the SID of the user in the internal domain. Then you can add that to the external AD group and it acts as a reference pointer to the internal AD user record.
0
 
puppydogbuddyCommented:
Rainverse,
Thank you for posting the solution to your question.  That gives us even more reason not to delete this post.  It should be saved in the knowledge base for the benefit of EE users who have a similar problem in the future.
0
 
RainverseAuthor Commented:
I usually do. Just been super busy.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now