C# UserPrincipal.Enable returning FALSE for users who are in fact enabled

I'm using System.DirectoryServices.AccountManagement.UserPrincipal to work with some Active Directory users. The weird thing I'm seeing is that most of my enabled users (but not all) have an Enabled property that returns FALSE. Very odd. The code I'm using:

PrincipalContext pctx = new PrincipalContext(ContextType.Domain, "myDomain");
GroupPrincipal group = GroupPrincipal.FindByIdentity(pctx, IdentityType.SamAccountName, "Domain Users");

if (group != null)
	foreach (UserPrincipal user in group.GetMembers(false))
		Console.WriteLine(string.Format("User = {0}; Enabled = {1}", user.SamAccountName, user.Enabled.ToString()));

Open in new window

Is this something weird to do with the fact that the Enable field is nullable? I've tried specifically checking to see if the value for each user is null (if user.Enabled == null ...) but they're definitely returning False. I really can't think of any reason why it's not accurately returning the enable status. Only about six of my users seem to come back showing True for Enable, the rest are False. I don't really see a pattern to those that return True... they're not all in the same OU, not even in all of the same groups (except for Domain Users). Each time I run the program it's the same users that return True, but like I said, I really don't see anything in common about them.
Who is Participating?
elorcConnect With a Mentor Author Commented:
I actually figured this out but never closed it. The problem is that GetMembers() returns user objects with False. So I just added a step in to load each UserPrinciple based on the sAMAccountName value returned by GetMembers(). That did the trick. It's some extra work but it's a small domain so there isn't really a speed issue with it.
According to Microsoft's docs,
If the principal has not been persisted in the store, this property returns null. After the principal is persisted, the default enabled setting depends on the store. The AD DS and AD LDS stores disable new principals when they are persisted, whereas SAM enables new principals when they are persisted. The application can only set this property to a value after it has been persisted in the store.

AuthenticablePrincipal.Enabled Property (.NET  Framework 4)

It looks like you're using SAM. Are these users persisted?
elorcAuthor Commented:
Figured it out with the help of MSDN
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.