Click here to Skip to main content
15,567,221 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hello,

In my small tool, I give the service desk user the ability to reset user passwords from "Active Directory Users and Computer Console".
The user can also change some AD attributes.

Now I have a problem
Admin-User1 = can do everything
Admin-User2 = is not allowed to write the attribute "UserCannotChangePassword".

Here is an example how I do it:
C#
PrincipalContext AdPrincipalContextUsers = new PrincipalContext(ContextType.Domain, "DC01", @"MyDom.local\Admin-User2", "PWD123");
string strDistinguishedName = "CN=Test-User1,OU=Users,OU=MYC,DC=MyDom,DC=local";

UserPrincipal objAdUser = UserPrincipal.FindByIdentity(AdPrincipalContextUsers, strDistinguishedName);
objAdUser.UserCannotChangePassword = (bool)ChkUserCannotChangePassword.IsChecked;
objAdUser.Save();


What I have tried:

About "try, catch" I can intercept, but this is not a nice solution.


I would love to solve it like this: When the program starts I check if the Admin-UserX has permission on the attribute. The checkbox is then "checkbox.enable=false".

Now my question:
How can I check the permission on the Active Directoy attribute.

Thanks for your help.
Greeting Brauschi
Posted

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900