Click here to Skip to main content
11,805,604 members (53,029 online)
Rate this: bad
Please Sign up or sign in to vote.
Hi all,

The issue I have come across arose from people in our Active Directory changing their name due to marriage. With a system I developed that allows our HR department to manage the AD User access I hit the issue of what to do when that happens, technically they need a new account and until now that was the process but managing to keep the SID of the user object would be really handy to deal with any odd file permissions lingering somewhere on the network (Before anyone says yes I know it should all be groups but... Can't be perfect all the time =P )

So this is the code I have to attempt a object name change, the CN rename and DN rename works fine, but it blows up when it has to start playing with the sAMAccount and userPrinciableName

Dim UserOBJChange As DirectoryEntry = GetUser(Username)
            UserOBJChange.Rename("CN=" & UserCN)

            Dim UserOBJ As DirectoryEntry = GetUser(Username)
                SetProperties(UserOBJ, "givenName", FirstName)
                If MiddleInitial <> "" Then
                    SetProperties(UserOBJ, "initials", MiddleInitial)
                End If
                SetProperties(UserOBJ, "sn", LastName)
                SetProperties(UserOBJ, "mail", Email)
                SetProperties(UserOBJ, "displayName", displayNameAD)
                SetProperties(UserOBJ, "userPrincipalName", NewUsername + Domain)
                SetProperties(UserOBJ, "sAMAccountName", NewUsername)

            Catch ex As Exception
                Throw New Exception("User cannot be updated" & ex.Message)
            End Try

Commenting out the sam and principle and the code works fine, but that is 50% of the reason I want to change things...

The error message that is returned is the following:

User cannot be updatedThe server is unwilling to process the request. (Exception from HRESULT: 0x80072035)

And tips would be great!


Posted 6-Mar-12 11:40am
Volynsky Alex at 10-Aug-12 10:05am
Nice question Zac!
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

What needed to happen is that the CN needed to be changed in one function and then that function research the user based on CN before trying to edit any other information.
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

Searching in google gave me this[^]. Its written on C# though.
Zac Newman at 7-Mar-12 0:17am
Heya Walter,

I stumbled across that myself, it is mainly addressing the issue of changing the CH and AD getting cranky over that. My rename function works well in dealing with the CN and DN. It is more the sAMAccount I have issues with.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 310
1 Richard Deeming 225
2 Sergey Alexandrovich Kryukov 170
3 Abhinav S 128
4 ppolymorphe 125
0 OriginalGriff 3,300
1 Maciej Los 1,990
2 KrunalRohit 1,907
3 CPallini 1,855
4 Richard MacCutchan 1,227

Advertise | Privacy | Mobile
Web04 | 2.8.151002.1 | Last Updated 10 Aug 2012
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100