Updating AD's managedBy attribute

Using the following code block to populate this attribute.
It throws an exception stating "The specified directory service attribute or value already exists.  "
Yet, when I look at the properties, the two values are there.  What could I be doing wrong or how can I avoid this error?  Only thing I was thinking is to completely remove it beforehand, trap that error (though expected) and then try this method.... help?

  group.Properties("ManagedBy").AddRange(New String() {Primary.DistinguishedName, Backup.DistinguishedName})
Catch ex As Exception
  debug.print ex.message
End Try

Open in new window

LVL 67
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kevin StanushApplication DeveloperCommented:
I don't see that the ManagedBy attribute is multi-valued, so are you trying to put two values into it ?  How are you looking at the properties ?
sirbountyAuthor Commented:
Yes, I am replacing a tool that is accomplishing multiple values, and I can look at it via powershell or visual studio and can see those values (just not through the ADUC interface)...
sirbountyAuthor Commented:
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Kevin StanushApplication DeveloperCommented:
ManagedBy is single-valued.  Its a DN-string, so the error is probably misleading. Usually it would be a constraint violation or something.  This shows it as Single-Valued for all Windows versions:

sirbountyAuthor Commented:
But if I can add multiple values to that attribute using powershell, I should be able to in visual studio, no?  They're both using .net?

I can easily accomplish this in powershell.

Syntax from EMS: Set-DistributionGroup [-ManagedBy  <MultiValuedProperty>]
Kevin StanushApplication DeveloperCommented:
Let me know where you see that in the EMS.  I'm just looking at the documentation of the ManagedBy attribute (see link above).  Our own application, Hyena, also updates AD dynamically and it gets the schema information as single-valued.

I also checked using the Schema Manager snapin, and it too shows it as single-valued.
Kevin StanushApplication DeveloperCommented:
Look at the bottom of this link:


Are you trying to maybe update a different value and using 'managedby' instead ?
sirbountyAuthor Commented:
No, I've been using managedBy, but the link you posted may shed some light on the discrepancy I'm seeing in VS... I'll try that attribute instead.

This is one link I've used for set-distributiongroup:
Kevin StanushApplication DeveloperCommented:
Your link above references listing the owners, but I think I figured out why both you and I are both right.  The problem comes from my literal interpretation of the AD attribute 'managedBy' and the terms used in Powershell to manage it.  I don't use Powershell.

When I used the EMC to set the Managed By on the Group Information tab for a group, I saw where you could add more than one user.  Well, this seemed impossible.  But it worked when I added two users.  So, I used our own product, Hyena, to view where the information went, and this is where I learned something.

Active Directory's attribute named "ManagedBy" can only accept one value.  When you add more than one user using Powershell and use the -ManagedBy qualifier, it puts the FIRST user into the 'ManagedBy' directory attribute, then it puts the rest into the 'MsExchCoManagedByLink' attribute.  This IMO is a real mess.

So, the command to set multiple managedby values using Powershell, would be:

Set-DistributionGroup -Identity TestDL -Managedby user1, user2

You probably already knew this would work, and my apologies for not believing you.  The problem is that the term "ManagedBy" here is a command qualifier and I took it literally to mean the 'managedby' directory attribute.

In looking at your original code, I suspect that it too is trying to set the 'managedby' attribute which only accepts one value.  So, can you put the rest into the 'MsExchCoManagedByLink' ?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sirbountyAuthor Commented:
Yep, this makes much more sense now and clearer from some articles I've read that reference what happens with the newer schema.
Code seems to be working now, so I'm satisfied - thank you for the quick turnaround on this one!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.