Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
Hi all,
 
The issue I have come across arose from people in our Active Directory changing their name due to marriage. With a system I developed that allows our HR department to manage the AD User access I hit the issue of what to do when that happens, technically they need a new account and until now that was the process but managing to keep the SID of the user object would be really handy to deal with any odd file permissions lingering somewhere on the network (Before anyone says yes I know it should all be groups but... Can't be perfect all the time =P )
 
So this is the code I have to attempt a object name change, the CN rename and DN rename works fine, but it blows up when it has to start playing with the sAMAccount and userPrinciableName
 
            
Dim UserOBJChange As DirectoryEntry = GetUser(Username)
            UserOBJChange.Rename("CN=" & UserCN)
            UserOBJChange.CommitChanges()
 

            Dim UserOBJ As DirectoryEntry = GetUser(Username)
            Try
                SetProperties(UserOBJ, "givenName", FirstName)
                If MiddleInitial <> "" Then
                    SetProperties(UserOBJ, "initials", MiddleInitial)
                End If
                SetProperties(UserOBJ, "sn", LastName)
                SetProperties(UserOBJ, "mail", Email)
                SetProperties(UserOBJ, "displayName", displayNameAD)
                SetProperties(UserOBJ, "userPrincipalName", NewUsername + Domain)
                SetProperties(UserOBJ, "sAMAccountName", NewUsername)
                UserOBJ.CommitChanges()
 

 
            Catch ex As Exception
                Throw New Exception("User cannot be updated" & ex.Message)
            End Try
 
Commenting out the sam and principle and the code works fine, but that is 50% of the reason I want to change things...
 
The error message that is returned is the following:
 
User cannot be updatedThe server is unwilling to process the request. (Exception from HRESULT: 0x80072035)
 
And tips would be great!
 
Regards,
 
Caz
Posted 6-Mar-12 12:40pm
Comments
Volynsky Alex at 10-Aug-12 10:05am
   
Nice question Zac!
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

What needed to happen is that the CN needed to be changed in one function and then that function research the user based on CN before trying to edit any other information.
  Permalink  
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Searching in google gave me this[^]. Its written on C# though.
  Permalink  
Comments
Zac Newman at 7-Mar-12 0:17am
   
Heya Walter,
 
I stumbled across that myself, it is mainly addressing the issue of changing the CH and AD getting cranky over that. My rename function works well in dealing with the CN and DN. It is more the sAMAccount I have issues with.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Kornfeld Eliyahu Peter 275
1 Maciej Los 204
2 Sergey Alexandrovich Kryukov 200
3 King Fisher 185
4 OriginalGriff 183
0 OriginalGriff 6,223
1 DamithSL 4,724
2 Maciej Los 4,196
3 Kornfeld Eliyahu Peter 3,894
4 Sergey Alexandrovich Kryukov 3,496


Advertise | Privacy | Mobile
Web03 | 2.8.141220.1 | Last Updated 10 Aug 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100