Re: ADSI ans Visual Basic .NET 2005

Something like that should work, yeah. Essentially, when dealing with the
WinNT provider, you have to use the IADsxxxx persistent object interface
methods for doing most operations because not much of the store is exposed
in the data model (the PropertyCollection and PropertyValueCollection).
This is different from LDAP/AD, where most of the operations can be
performed by just accessing the underlying AD data.

The difference has to do with the fact that the WinNT provider essentially
wraps a bunch of Windows APIs (the Net* ones in part) to do a lot of its
work. LDAP has a much richer data model from the get go, so you have more
choices.

The other way to do this is to use COM interop and set a reference to
activeds.tlb and then cast the NativeObject property to IADsGroup (or
whatever is appropriate). Then you get the strong typing and slightly less
complex programming. However, you then have to haul around the interop
assembly with you, so deployment is a little less easy. In VB.NET, you can
also disable Option Strict and use late binding, but I generally try to
avoid this method as it has a tendency to make your programs more fragile
due to pushing a lot of errors that would be caught by the compiler to
runtime. It is possible to test carefully to avoid this, but my experience
is that people who use late binding are usually the people who don't test
rigorously. :)

Even though our book is about the LDAP provider for the most part, we do
have an appendix on COM interop with ADSI that goes into more details on the
options if you are interested.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"glassman324" <glassman324@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9B7F56A2-03A2-4446-9C85-B75BB25F34AD@xxxxxxxxxxxxxxxx
Thank you Joe, it worked. I believe I understand how it works. So if I
want
to search for the group prior attempting to add it, I would use the
following:

If CType(oAdminGroup.Invoke("IsMember", New Object() {"WinNT://Domain/" &
SecurityGroup}), Boolean) Then
_SuccessCode = 1
Else
_SuccessCode = 2
End If

Thanks again Joe. Your response helped out tremendously!

"Joe Kaplan" wrote:

You can't do it like that, as the object isn't a child of the group (as
in
the OU hierarchy), but is a member of it. You need to invoke the Add
method:

Try something like this instead:

Dim oAdminGroup As New
DirectoryEntry("WinNT://ServerName/Administrators")
oAdminGroup.Invoke("Add", New Object()
{"WinNT://Domain/SecurityGroup,group"})
oAdminGroup.CommitChanges()

It is a little funky with the syntax as you have to use the Invoke method
which is actually calling down into COM to call the IADsGroup.Add method.
DirectoryEntry doesn't directly support the properties and methods on
interfaces like IADsUser and IADsGroup, just IADs.

Note that I'm not really a WinNT provider kind of guy, just an LDAP guy,
but
I think something about like this should work.

Joe K.


--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"glassman324" <glassman324@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:68F95BE0-F67C-44B0-8ED1-0ECFECDAD8D7@xxxxxxxxxxxxxxxx
I have been trying for most of the day now to transform the following
vbscript into visual basic .net 2005 with no luck whatsoever. The
script
adds an existing security group in active directory into a remote
computer's
Administrators group.

vbscript
Set oAdminGroup = GetObject("WinNT://ServerName/Administrators,group")
oAdminGroup.Add "WinNT://Domain/SecurityGroup,group"
Call oAdminGroup.SetInfo

visual basice .net 2005
Dim oAdminGroup As New
DirectoryEntry("WinNT://ServerName/Administrators")
AD.Children.Add(SecurityGroup, "group")
AD.CommitChanges()

The following Error is what I receive:
System.InvalidOperationException: The Active Directory object located
at
the
path WinNT://ServerName/Administrators is not a container.

Any thoughts would be great. Thanks.





.

Relevant Pages

  • Re: ADSI ans Visual Basic .NET 2005
    ... "Joe Kaplan" wrote: ... in the data model (the PropertyCollection and PropertyValueCollection). ... The difference has to do with the fact that the WinNT provider essentially ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: Integrated Windows Authentication Timeout?
    ... For the second search, if the user account has an SPN of HTTP/webserver, ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... You might consider enabling protocol transition authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Integrated Windows Authentication Timeout?
    ... is the username of the user account that runs the service. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... You might consider enabling protocol transition authentication since ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Integrated Windows Authentication Timeout?
    ... is the username of the user account that runs the service. ... You should then be able to see the SPNs that are on that account. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How do I convert sid retrieved from the AD to SDDL string form
    ... LDAP doesn't support joins. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... objectSid property to a SecurityIdentifier class. ...
    (microsoft.public.dotnet.security)