C# UserPrincipal.Enable returning FALSE for users who are in fact enabled

Posted on 2011-10-03
Last Modified: 2013-12-16
I'm using System.DirectoryServices.AccountManagement.UserPrincipal to work with some Active Directory users. The weird thing I'm seeing is that most of my enabled users (but not all) have an Enabled property that returns FALSE. Very odd. The code I'm using:

PrincipalContext pctx = new PrincipalContext(ContextType.Domain, "myDomain");
GroupPrincipal group = GroupPrincipal.FindByIdentity(pctx, IdentityType.SamAccountName, "Domain Users");

if (group != null)
	foreach (UserPrincipal user in group.GetMembers(false))
		Console.WriteLine(string.Format("User = {0}; Enabled = {1}", user.SamAccountName, user.Enabled.ToString()));

Open in new window

Is this something weird to do with the fact that the Enable field is nullable? I've tried specifically checking to see if the value for each user is null (if user.Enabled == null ...) but they're definitely returning False. I really can't think of any reason why it's not accurately returning the enable status. Only about six of my users seem to come back showing True for Enable, the rest are False. I don't really see a pattern to those that return True... they're not all in the same OU, not even in all of the same groups (except for Domain Users). Each time I run the program it's the same users that return True, but like I said, I really don't see anything in common about them.
Question by:elorc
    LVL 9

    Expert Comment

    According to Microsoft's docs,
    If the principal has not been persisted in the store, this property returns null. After the principal is persisted, the default enabled setting depends on the store. The AD DS and AD LDS stores disable new principals when they are persisted, whereas SAM enables new principals when they are persisted. The application can only set this property to a value after it has been persisted in the store.

    AuthenticablePrincipal.Enabled Property (.NET  Framework 4)

    It looks like you're using SAM. Are these users persisted?
    LVL 1

    Accepted Solution

    I actually figured this out but never closed it. The problem is that GetMembers() returns user objects with False. So I just added a step in to load each UserPrinciple based on the sAMAccountName value returned by GetMembers(). That did the trick. It's some extra work but it's a small domain so there isn't really a speed issue with it.
    LVL 1

    Author Closing Comment

    Figured it out with the help of MSDN

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now