I think I know what's happening but I'm not sure of a work around...
I'm building a C# application to import 1000's of users, add them to their groups, create their homefolder and assigning rights to the folder.
In my test lab, it worked great with no errors. Once I put this in a real world situation it failed, because I think it was due to multiple domain controllers not knowing about the user immediately after inserting it into AD.
The reason I say this is because when I re-run the application even though it threw an error before, the second time through it works just fine because the user had a chance to sync in the AD environment and it was found the second time through.
The fields below are as follows:
szAccount = "domain\username"
szFileName = "\\fileserver\share\userna
// Adds an ACL entry on the specified directory for the specified account.
public static void AddDirectorySecurity(string szFileName, string szAccount, FileSystemRights szRights,
InheritanceFlags ifInheritance, PropagationFlags pfPropogation,
// Create a new DirectoryInfo object.
DirectoryInfo dInfo = new DirectoryInfo(szFileName);
// Get a DirectorySecurity object that represents the
// current security settings.
DirectorySecurity dSecurity = dInfo.GetAccessControl();
// Add the FileSystemAccessRule to the security settings.
// Set the new access settings.
I found a reference to someone using a SID mapping instead of an account name but I still don't see how that would work if the 2nd call happens to be to a domain controller that doesn't know about the user yet...? I also couldn't seem to get the SID call with the above function working at all....
Any ideas out there?