• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1807
  • Last Modified:

C# UserPrincipal.Enable returning FALSE for users who are in fact enabled

I'm using System.DirectoryServices.AccountManagement.UserPrincipal to work with some Active Directory users. The weird thing I'm seeing is that most of my enabled users (but not all) have an Enabled property that returns FALSE. Very odd. The code I'm using:

PrincipalContext pctx = new PrincipalContext(ContextType.Domain, "myDomain");
GroupPrincipal group = GroupPrincipal.FindByIdentity(pctx, IdentityType.SamAccountName, "Domain Users");

if (group != null)
{
	foreach (UserPrincipal user in group.GetMembers(false))
	{
		Console.WriteLine(string.Format("User = {0}; Enabled = {1}", user.SamAccountName, user.Enabled.ToString()));
	}
}

Open in new window


Is this something weird to do with the fact that the Enable field is nullable? I've tried specifically checking to see if the value for each user is null (if user.Enabled == null ...) but they're definitely returning False. I really can't think of any reason why it's not accurately returning the enable status. Only about six of my users seem to come back showing True for Enable, the rest are False. I don't really see a pattern to those that return True... they're not all in the same OU, not even in all of the same groups (except for Domain Users). Each time I run the program it's the same users that return True, but like I said, I really don't see anything in common about them.
0
elorc
Asked:
elorc
  • 2
1 Solution
 
lisfolksCommented:
According to Microsoft's docs,
If the principal has not been persisted in the store, this property returns null. After the principal is persisted, the default enabled setting depends on the store. The AD DS and AD LDS stores disable new principals when they are persisted, whereas SAM enables new principals when they are persisted. The application can only set this property to a value after it has been persisted in the store.

AuthenticablePrincipal.Enabled Property (.NET  Framework 4)

It looks like you're using SAM. Are these users persisted?
0
 
elorcAuthor Commented:
I actually figured this out but never closed it. The problem is that GetMembers() returns user objects with False. So I just added a step in to load each UserPrinciple based on the sAMAccountName value returned by GetMembers(). That did the trick. It's some extra work but it's a small domain so there isn't really a speed issue with it.
0
 
elorcAuthor Commented:
Figured it out with the help of MSDN
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now