Interesting Stuff

Creating a new UserPrincipal or GroupPrincipal for existing object when saved causes object to be deleted

We have been encountered a number of issues regarding the System.DirectoryService.Accountmanagement namespace over the past few weeks.   One of these issues is the following:

 

PROBLEM:

=========

Suppose you want to create a new principal, pick one: userprincipal or groupprincipal, and that principal already exists in your specified context. 

 

If you use the new operator with the principal, then call the Save method, you will receive the following exception:

 

"System.DirectoryServices.AccountManagement.PrincipalExistsException: The object already 

exists." 

 

As a bonus, the namespace will delete the existing object from the Active directory. 

 

RESOLUTION:

=========== 

This is a known issue with the System.DirctoryServices.AccountManagment namespace and will be addressed in a future update/release to the .Net framework.

 

WORK AROUND:

============

The simple work around is to test to see if the object exists in the Active Directory before calling the New operator to attempt to create a UserPrincipal or GroupPrincipal associated with it.

 

Or just use the System.DirectoryServices namespace to create either the user or the group.

 

 

Steps To Reproduce:

====================

The example is using the GroupPrincipal class.  The same issue can be reproduced with using the UserPrincipal class.

 

1. Create a simple VB.Net console application and add the following code to the main function:

 

 

 Dim newGroupPrincipal As GroupPrincipal

 Using ouPrincipalContext As PrincipalContext = New PrincipalContext(ContextType.Domain,

                                  "MyDomain.Com", "OU=My Group,DC=MyDomain,DC=Com")

 

            Try

                newGroupPrincipal = New GroupPrincipal(ouPrincipalContext)

                With newGroupPrincipal

                    .Name = "test group that will be deleted"

                    .IsSecurityGroup = True

                    .GroupScope = GroupScope.Global

                    .SamAccountName = "test group that will be deleted"

                    .Save()

                End With

            Catch ex As Exception

                Debug.WriteLine(ex.ToString)

            End Try

 End Using

 

 

2. Run this code twice.  The second time around you will receive the

 

"System.DirectoryServices.AccountManagement.PrincipalExistsException" and you will notice that the principal has been deleted. 

 

3. Run it a third time and the principal will be created anew.

 

Stack Trace:

 

System.DirectoryServices.AccountManagement.PrincipalExistsException: The object already exists. (Exception from

 

HRESULT: 0x80071392) ---> System.DirectoryServices.DirectoryServicesCOMException (0x80071392): The object already exists. (Exception from HRESULT: 0x80071392)

   at System.DirectoryServices.DirectoryEntry.CommitChanges()

....

Published Friday, September 12, 2008 7:01 PM by MaxV@microsoft.com

Comments

 

car insurance » Creating a new UserPrincipal or GroupPrincipal for existing object when saved causes object to be deleted said:

PingBack from http://hoursfunnywallpaper.cn/?p=5945

September 12, 2008 3:28 PM
 

Optio praetorri said:

I've been helping out my old colleagues on the identity team these past few weeks (so that people could

September 12, 2008 3:36 PM
Anonymous comments are disabled

About MaxV@microsoft.com

I am an Escalation Engineer on the Developer Suport Core technologies team supporting all things programmatic with the Active Directory, Powershell, and some things programmatic using WMI.

This Blog

Syndication

© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Microsoft
Page view tracker