c# - Unable to add/remove objects to group due to orphaned SIDs: PrincipalOperationException: An error (1332) occurred -

-

i need add/remove objects (users, groups) local group on server. below , works fine:

principal adobject = principal.findbyidentity(domaincontext, login); groupprincipal groupprincipal = groupprincipal.findbyidentity(machinecontext, identitytype.name, localgroupname); groupprincipal.members.add(adobject); groupprincipal.save();

except cases when local group contains orphaned sids (active directory users or groups deleted).

orphaned-sids

in case below exception:

system.directoryservices.accountmanagement.principaloperationexception: error (1332) occurred while enumerating group membership. member's sid not resolved.

this error message appears when try add, remove , enumerate members in local group. while reading current members of group below workaround works fine:

directoryentry group = (directoryentry)groupprincipal.getunderlyingobject(); foreach (object member in (ienumerable)group.invoke("members", null)) {    ... }

however converting groupprincipal directoryentry not solve issue adding , removing new members. have tried 3 methods below , none of them works:

1) group.invoke("add", new object[] {@"winnt://" + domain + "//" + login + ",user"}); 2) group.invoke("add", new object[] { @"ldap://" + adobject.distinguishedname }); 3) group.properties["member"].add(@"ldap://" + adobject.distinguishedname);

all 3 cases above gives same error:

system.directoryservices.accountmanagement.principaloperationexception: error (1332) occurred while enumerating group membership.  member's sid not resolved. @ system.directoryservices.accountmanagement.sammembersset.islocalmember(byte[] sid) @ system.directoryservices.accountmanagement.sammembersset.movenextlocal() @ system.directoryservices.accountmanagement.sammembersset.movenext() @ system.directoryservices.accountmanagement.principalcollectionenumerator.movenext() @ system.directoryservices.accountmanagement.principalcollection.containsenumtest(principal principal) @ system.directoryservices.accountmanagement.principalcollection.add(principal principal)

i need able add , remove users group without removing orphaned sids. can please suggest me solution/workaround problem?

it seems found workaround problem:

directoryentry group = (directoryentry)groupprincipal.getunderlyingobject(); iadsgroup nativegroup = (iadsgroup)group.nativeobject; // https://msdn.microsoft.com/en-us/library/aa706022(v=vs.85).aspx nativegroup.remove("ldap://" + adobject.sid.value); //nativegroup.remove(string.format("winnt:////{0}//{1}", domain, id)); //nativegroup.remove(string.format( "ntds:////{0}//{1}", domain, id));

if convert directoryentry native object , cast activeds.iadsgroup - add() , remove() methods works fine


Comments

Post a Comment

Popular posts from this blog

sequelize.js - Sequelize group by with association includes id -

-
so when requesting group sequelize follows: return models.workingcalendar .findall({ attributes: [ 'workingcalendar.periodid', 'workingcalendar.date', 'period.name' ], include: [ { model: models.period, attributes: [] } ], where: { getsudoid: currentgetsudo.id, unitplantid: unitplantid }, group: ['workingcalendar.periodid', 'workingcalendar.date', 'period.name'], }); sequelize run query: select [workingcalendar].[id], [workingcalendar].[periodid], [workingcalendar].[date], [period].[name] [workingcalendars] [workingcalendar] left outer join [periods] [period] on [wor
Read more

android - Robolectric "INTERNET permission is required" -

-
i'm getting error when create activity robolectric: java.lang.illegalargumentexception: internet permission required. this i'm doing: @config(constants = buildconfig.class, sdk = testconfig.min_sdk_unit_tests, manifest = "src/main/androidmanifest.xml") @runwith(robolectricgradletestrunner.class) public class atest { @test public void testtrackdonotaskmeagainselected() throws exception { final anactivity activity = robolectric.buildactivity(anactivity.class).create().get(); } update 1: our current setup, have manifests: app/src/androidtest/androidmanifest.xml app/src/debug/androidmanifest.xml app/src/main/androidmanifest.xml app/src/test/androidmanifest.xml i found debug executed instead of test , that's why permission in app/src/test/androidmanifest.xml ignored. add manifest: <uses-permission android:name="android.permission.internet" />
Read more

java - Android raising EPERM (Operation not permitted) when attempting to send UDP packet after network connection -

-
when responding supplicant_state_changed_action broadcast , attempting send udp packet, exception: java.net.socketexception: sendto failed: eperm (operation not permitted) @ libcore.io.iobridge.maybethrowaftersendto(iobridge.java:542) @ libcore.io.iobridge.sendto(iobridge.java:511) @ java.net.plaindatagramsocketimpl.send(plaindatagramsocketimpl.java:184) @ java.net.datagramsocket.send(datagramsocket.java:305) @ com.mycompany.app.serviceclass.discover(serviceclass.java:355)at com.mycompany.app.serviceclass.access$600(serviceclass.java:39) @ com.mycompany.app.serviceclass$statemachine.run(serviceclass.java:242) @ java.lang.thread.run(thread.java:818) caused by: android.system.errnoexception: sendto failed: eperm (operation not permitted) @ libcore.io.posix.sendtobytes(native method) @ libcore.io.posix.sendto(posix.java:211) @ libcore.io.blockguardos.sendto(blockguardos.java:278) @ libcore.io.iobridge.sendto(iobridge.java:509) @ java.net.plaindat
Read more