I used the example in this page to add a user to an Active Directory group, but I get an exception with the message "Server is unwilling to process the request" when executing
dirEntry.Properties["member"].Add(userDn);
I had a similar issue where I was trying to add a member to a group. Specifically trying to add a group to a group and getting the same helpful error 'The server is unwilling to process the request' The answer provided by the OP did not work for me.
For me, the reason I was unable to add a group to my group was because the group I was trying to add members to was a 'global' scoped group whereas it needed to be a 'universal' scoped group. Hope this helps someone.
This question took me a lot of time to solve. First of all, the error message looks like a joke. Second, there is nothing more, just that message.
Anyway, I managed to fix it by:
Making sure that
userDn
contains the whole path (e.g.,"LDAP://server-address/CN=" + userDn + ",OU=optional,DC=your-domain,DC=com"
. This is actually very important, if you don't supply the full path it will throw an Exception from HRESULT: 0x80005000.Replacing
dirEntry.Properties["member"].Add(userDn);
byentry.Invoke("Add", new object[] { userDn });
Then I wanted to remove a user and I expected entry.Invoke("Remove", new object[] { userDn });
to work. However, this devilish AD will only work if you use lower case "remove", so entry.Invoke("remove", new object[] { userDn });
worked for me.
Just look out, because the start of the .properties("distinguished Name")
can be different than the .properties("cn")
. If the user is created with a ,
or ;
in the .properties("cn")
, the start of the .properties("distinguished Name")
will be the username with \,
or \;
.
This can give an error if u are trying to add a user you found by use of .properties("cn")
to a Group.
After many days searching i find the problem. when you add user in group you must set "distinguished Name" not LDAP path.
You must write like this:
ent.Properties["member"].Add("CN=YourUserName,OU=optional,DC=yourdomain,DC=com");
This is wrong code:
ent.Properties["member"].Add("LDAP://CN=YourUserName,OU=optional,DC=yourdomain,DC=com");
Also when you do remove mast to save this rule
ent.Properties["member"].Remove("CN=YourUserName,OU=optional,DC=yourdomain,DC=com");
P.S. ent is DirectoryEntry object of group
来源:https://stackoverflow.com/questions/13748970/server-is-unwilling-to-process-the-request-active-directory-add-user-via-c-s