Hi all,
The issue I have come across arose from people in our Active Directory changing their name due to marriage. With a system I developed that allows our HR department to manage the AD User access I hit the issue of what to do when that happens, technically they need a new account and until now that was the process but managing to keep the SID of the user object would be really handy to deal with any odd file permissions lingering somewhere on the network (Before anyone says yes I know it should all be groups but... Can't be perfect all the time =P )
So this is the code I have to attempt a object name change, the CN rename and DN rename works fine, but it blows up when it has to start playing with the sAMAccount and userPrinciableName
Dim UserOBJChange As DirectoryEntry = GetUser(Username)
UserOBJChange.Rename("CN=" & UserCN)
UserOBJChange.CommitChanges()
Dim UserOBJ As DirectoryEntry = GetUser(Username)
Try
SetProperties(UserOBJ, "givenName", FirstName)
If MiddleInitial <> "" Then
SetProperties(UserOBJ, "initials", MiddleInitial)
End If
SetProperties(UserOBJ, "sn", LastName)
SetProperties(UserOBJ, "mail", Email)
SetProperties(UserOBJ, "displayName", displayNameAD)
SetProperties(UserOBJ, "userPrincipalName", NewUsername + Domain)
SetProperties(UserOBJ, "sAMAccountName", NewUsername)
UserOBJ.CommitChanges()
Catch ex As Exception
Throw New Exception("User cannot be updated" & ex.Message)
End Try
Commenting out the sam and principle and the code works fine, but that is 50% of the reason I want to change things...
The error message that is returned is the following:
User cannot be updatedThe server is unwilling to process the request. (Exception from HRESULT: 0x80072035)
And tips would be great!
Regards,
Caz
Submit an article or tip
Post your Blog