seeking example using ADSI API to programmatically create a Windows Group
https://stackoverflow.com/questions/8085193
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Seeking example using ADSI API to programmatically create a Windows Group. AD is Windows Active Directory http://en.wikipedia.org/wiki/Active_Directory
'SI' maybe Service Interface?
Anyway, this area is just not well documented. . . I have seen some PowerShell scripts . . . but really do not want to have to ensure PowerShell is installed etc. A simple program that runs and makes sure MY_XYZ_GROUP is added to the Window's set of Groups.....
Should be easy.... Appears not so easy.
La solution
ADSI = Active Directory Service Interfaces - it's an API to talk to Active Directory to create users, groups, computer accounts in Active Directory - the network based LDAP directory for Microsoft networks.
So do you need to create local users on a local machine/server, or do you need to create groups in your Active Directory??
If you're programming in .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
- Managing Directory Security Principals in the .NET Framework 3.5
- MSDN docs on System.DirectoryServices.AccountManagement
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
if(user != null)
{
// do something here....
}
// create a group
GroupPrincipal group = new GroupPrincipal(ctx, "Group01");
// set other properties on the group here.....
group.Save();
The new S.DS.AM makes it really easy to play around with users and groups in AD!
Update: unforutnately, the new S.DS.AM doesn't work with local groups :-( it's only intended for Active Directory use.
If you need to create a local Windows group, you need to use the older DirectoryEntry approach - something like:
// bind to your machine's WinNT:// provider
DirectoryEntry computer = new DirectoryEntry("WinNT://YourMachineNameHere");
// create a new local group on your computer
DirectoryEntry newGroup = computer.Children.Add("NewGroupName", "Group");
// save that group to the local machine
newGroup.CommitChanges();
// refresh the property cache so you can set properties like "Description" or others
newGroup.RefreshCache();
newGroup.Properties["description"].Value = "Description for your group....";
newGroup.CommitChanges();
Richard Mueller has a great list of Excel sheets showing all the various properties available, both on the LDAP-based Active Directory objects, as well as the very limited WinNT properties.
Autres conseils
NetLocalGroupAddMembers (Windows API) is the API that I was looking for, this much less work use vs. ADSI methods. Coded and tested and working as documented in MSDN.
Unclear why this API was so absent from all of my relevant and extensive internet searches - one reason is the 'Local' I wasn't including.
Here is the MSDN link: http://msdn.microsoft.com/en-us/library/windows/desktop/aa370436(v=VS.85).aspx
