C# Active Directory: Add user to group in another domain

Question

I created a Windows Form application to create an active directory user account in domain1 and aims to add it to the groups which are inside domain2. Here is the code I used:

PrincipalContext pc1 = new PrincipalContext(ContextType.Domain, "domain1.company.com", "DC=domain1,DC=company,DC=com", ContextOptions.Negotiate);
UserPrincipal up = new UserPrincipal(pc1, "username", "password", true);
up.Save();

PrincipalContext pc2 = new PrincipalContext(ContextType.Domain, "domain2.company.com", "DC=domain2,DC=company,DC=com", ContextOptions.Negotiate);
GroupPrincipal gp = GroupPrincipal.FindByIdentity(pc2, "groupname");
gp.Members.Add(up);
gp.Save();

When I debug it in Visual Studio, the newly created user can be added to the group successfully. However, After I published and run it again, it returns error "There is no such object on the server".

Anyone know how to solve this?

And by publishing you exactly mean? – Vikram Singh Saini Oct 18 '17 at 03:09 — Vikram Singh Saini, Oct 18 '17 at 03:09
I just click "Build" and "Publish" in Visual Studio 2010. – R Dragon Oct 19 '17 at 05:38 — R Dragon, Oct 19 '17 at 05:38

score 0 · Accepted Answer · answered Oct 18 '17 at 04:12

I worked on the same requirement, not so exactly, and we were required to process newly created user.

So, I tried two solutions -

Solution 1

Make thread to sleep for few milliseconds such as-

PrincipalContext pc1 = new PrincipalContext(ContextType.Domain, "domain1.company.com", "DC=domain1,DC=company,DC=com", ContextOptions.Negotiate);
UserPrincipal up = new UserPrincipal(pc1, "username", "password", true);
up.Save();

Thread.Sleep (500);

PrincipalContext pc2 = new PrincipalContext(ContextType.Domain, "domain2.company.com", "DC=domain2,DC=company,DC=com", ContextOptions.Negotiate);
GroupPrincipal gp = GroupPrincipal.FindByIdentity(pc2, "groupname");
gp.Members.Add(up);
gp.Save();

This way, the AD is able to sync the user details in the entire domain and domain controller. And the user is found in next steps.

Solution 2

By default, the DirectoryEntry object holds information about a user in the cache for performance reason. It doesn't reflect changes automatically.

So, we need to refresh the related cache by-

PrincipalContext pc1 = new PrincipalContext(ContextType.Domain, "domain1.company.com", "DC=domain1,DC=company,DC=com", ContextOptions.Negotiate);
UserPrincipal up = new UserPrincipal(pc1, "username", "password", true);
up.Save();

 // Refresh cache so that we get updated user object
 var de = (DirectoryEntry)up.GetUnderlyingObject();
 de.RefreshCache();

PrincipalContext pc2 = new PrincipalContext(ContextType.Domain, "domain2.company.com", "DC=domain2,DC=company,DC=com", ContextOptions.Negotiate);
GroupPrincipal gp = GroupPrincipal.FindByIdentity(pc2, "groupname");
gp.Members.Add(up);
gp.Save();

I recommend using Solution 2 if it works out fine.

I tried to create another UserPrincipal object by FindByIdentify() method, but it also throws the same error. — R Dragon, Oct 19 '17 at 05:44
Did you check the link https://stackoverflow.com/questions/31984105/add-member-to-ad-group-from-a-trusted-domain? — Vikram Singh Saini, Oct 19 '17 at 08:08

C# Active Directory: Add user to group in another domain

1 Answers1

Solution 1

Solution 2

Linked