Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why in active directory group cannot be created as groupType = Local

Tags:

c#

active-directory

ldap

distinguishedname

I am not able to understand why creating group in active directory as "local" for groupType doesnt work. it throws following exception : 

 System.DirectoryServices.DirectoryServicesCOMException (0x80072035): The server is unwilling to process the request.

while following is the code sample :

        var parentEntry = new DirectoryEntry(ParentContainer);

        var groupToCreate = parentEntry.Children.Add(this.AttributeType + this.Name, "group");

        groupToCreate.Properties["description"].Add(this.Description);

        groupToCreate.Properties["displayName"].Add(Name);

        groupToCreate.Properties["groupType"].Add((int)GroupType.DomainLocalGroup); --> this line throws error. 


        groupToCreate.CommitChanges();

If i change from GroupType.DomainLocalGroup to GroupType.DomainGlobalGroup, everything works fine. Can any body let me know how to get rid of this problem?

enter image description here

like image 271
Usman Avatar asked Oct 18 '25 06:10

Usman

1 Answers

According to Microsoft, this how the group type enum is defined:

  • 1 (0x00000001) Specifies a group that is created by the system.
  • 2 (0x00000002) Specifies a group with global scope.
  • 4 (0x00000004) Specifies a group with domain local scope.
  • 8 (0x00000008) Specifies a group with universal scope.
  • 16 (0x00000010) Specifies an APP_BASIC group for Windows Server Authorization Manager.
  • 32 (0x00000020) Specifies an APP_QUERY group for Windows Server Authorization Manager.
  • 2147483648 (0x80000000) Specifies a security group. If this flag is not set, then the group is a distribution group.

But this is also a flag enum - meaning that values can be combined by adding them together. So yes, 0x80000004 is actually a valid value that means "a domain local security group". (0x4 is a domain local distribution group)

But you do have to cast to an integer (it won't let you set it with a hex value). I'm surprised the exception you got is "The server is unwilling to process the request" because when I do this:

(int) 0x80000004

I get this compiler error:

CS0221: Constant value '2147483652' cannot be converted to a 'int' (use 'unchecked' syntax to override)

That's because the decimal value of 0x80000004 is 2147483652, which does not fit in a 32-bit integer.

But you do need to give it a 32-bit integer (you can't just cast to a long). So you have to follow the suggestion and use unchecked when casting:

unchecked((int) 0x80000004)

Which gives you a decimal value of -2147483644.

So your code should look like this:

groupToCreate.Properties["groupType"].Add(unchecked((int) GroupType.DomainLocalGroup));
like image 127
Gabriel Luci Avatar answered Oct 20 '25 20:10

Gabriel Luci
Sign in to Comment

Related questions

Predicate return all items
Add string array to a JObject
Query Active Directory using DistinguishedName
MassTransit- The host path must be empty or contain a single virtual host name
Google PlayGamesAPI: How to validate ServerAuthCode in C#

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!