System.Directoryservices getting TxIsolationLevel exeption?

[Robert Wallström]

Hi
I am trying to add a user to a group in Active Directory using
System.Directory
Services

But when I CommitChanges() I get the following exeption:

(In swedish, I use a swedish version of XP-pro)
"Egenskapen TxIsolationLevel för den COM+-komponent som skapas är starkare
är TxIsolationLevel för transaktionens rotkomponent. Objektet kunde inte
skapas."

Freely interpreted to English:
"The property TxIsolationLevel for the COM+-component that is being created
is stronger than
TxIsolationLevel for the transaktions rootcomponent. The object could not be
created."

My code:
public class AdManipulator

{

private DirectoryEntry root;

private DirectorySearcher adSearcher;

private string topDomain;

private string domain;

private string manipulatorName;

private string manipulatorPass;

private string path;



public AdManipulator(string newManipulatorName, string
newManipulatorPass,string newAdDomain)

{

topDomain = newAdDomain.Substring(newAdDomain.IndexOf(".") + 1);

domain = newAdDomain.Substring(0,newAdDomain.IndexOf("."));

path = "LDAP://DC=" + domain + ",DC=" + topDomain;

manipulatorName = newManipulatorName;

manipulatorPass = newManipulatorPass;

root = new DirectoryEntry();

root.Username = newManipulatorName;

root.Password = newManipulatorPass;

root.Path = path;

root.AuthenticationType = AuthenticationTypes.Secure;

adSearcher = new DirectorySearcher(root);


}

//Below is the method wich casts exeption...

public bool addUserToGroup(AdUser user)

{

try

{

adSearcher.Filter = "(sAMAccountName=" + user.Username + ")";

SearchResult res = adSearcher.FindOne();

if(res == null)

{

throw new Exception("Error no such user!\n");

}

DirectoryEntry deUser = new DirectoryEntry(res.Path);

foreach(string st in user.Groups)

{

adSearcher.Filter = "(CN=" + st + ")";

res = adSearcher.FindOne();

if(res != null)

{

DirectoryEntry group = new DirectoryEntry(res.Path);

group.Properties["member"].Add(deUser.Properties["distinguishedName"].Value)
;

group.CommitChanges();//on executing this row I get an exeption...

}

}

}

catch(Exception ex)

{

throw new Exception("Error adding user to group.\n" + ex.Message);

}

return true;


}

}

//Bellow is the classhead for the AdUser object this is just a

//object wich carries data about a specific user..

//this object is used in addUserToGroup(AdUser user)

public class AdUser

{


//Common user variables, more could be used..

private string username;

private string password;

private string givenname;

private string initials;

private string surname;

private string displayname;

private string discription;

private string telephoneNumber;

private string mail;

private string url;

private StringCollection groups = new StringCollection();

}



Have anyone got an similar exeption?

Or might anyone se what Im doing wrong in my code..

Thank you...

[Joe Kaplan \(MVP - ADSI\)]

It sounds like the error is related to COM+. Can you get the code to work
outside of COM+ (in a console app for example)?

Joe K.

"Robert Wallström" <s02image@student.informatik.gu.se> wrote in message
news:O9wLKOiSEHA.2780@TK2MSFTNGP09.phx.gbl...

> Hi
> I am trying to add a user to a group in Active Directory using
> System.Directory
> Services
>
> But when I CommitChanges() I get the following exeption:
>
> (In swedish, I use a swedish version of XP-pro)
> "Egenskapen TxIsolationLevel för den COM+-komponent som skapas är starkare
> är TxIsolationLevel för transaktionens rotkomponent. Objektet kunde inte
> skapas."
>
> Freely interpreted to English:
> "The property TxIsolationLevel for the COM+-component that is being

created

> is stronger than
> TxIsolationLevel for the transaktions rootcomponent. The object could not

be

> created."
>
> My code:
> public class AdManipulator
>
> {
>
> private DirectoryEntry root;
>
> private DirectorySearcher adSearcher;
>
> private string topDomain;
>
> private string domain;
>
> private string manipulatorName;
>
> private string manipulatorPass;
>
> private string path;
>
>
>
> public AdManipulator(string newManipulatorName, string
> newManipulatorPass,string newAdDomain)
>
> {
>
> topDomain = newAdDomain.Substring(newAdDomain.IndexOf(".") + 1);
>
> domain = newAdDomain.Substring(0,newAdDomain.IndexOf("."));
>
> path = "LDAP://DC=" + domain + ",DC=" + topDomain;
>
> manipulatorName = newManipulatorName;
>
> manipulatorPass = newManipulatorPass;
>
> root = new DirectoryEntry();
>
> root.Username = newManipulatorName;
>
> root.Password = newManipulatorPass;
>
> root.Path = path;
>
> root.AuthenticationType = AuthenticationTypes.Secure;
>
> adSearcher = new DirectorySearcher(root);
>
>
> }
>
> //Below is the method wich casts exeption...
>
> public bool addUserToGroup(AdUser user)
>
> {
>
> try
>
> {
>
> adSearcher.Filter = "(sAMAccountName=" + user.Username + ")";
>
> SearchResult res = adSearcher.FindOne();
>
> if(res == null)
>
> {
>
> throw new Exception("Error no such user!\n");
>
> }
>
> DirectoryEntry deUser = new DirectoryEntry(res.Path);
>
> foreach(string st in user.Groups)
>
> {
>
> adSearcher.Filter = "(CN=" + st + ")";
>
> res = adSearcher.FindOne();
>
> if(res != null)
>
> {
>
> DirectoryEntry group = new DirectoryEntry(res.Path);
>
>

group.Properties["member"].Add(deUser.Properties["distinguishedName"].Value)

> ;
>
> group.CommitChanges();//on executing this row I get an exeption...
>
> }
>
> }
>
> }
>
> catch(Exception ex)
>
> {
>
> throw new Exception("Error adding user to group.\n" + ex.Message);
>
> }
>
> return true;
>
>
> }
>
> }
>
> //Bellow is the classhead for the AdUser object this is just a
>
> //object wich carries data about a specific user..
>
> //this object is used in addUserToGroup(AdUser user)
>
> public class AdUser
>
> {
>
>
> //Common user variables, more could be used..
>
> private string username;
>
> private string password;
>
> private string givenname;
>
> private string initials;
>
> private string surname;
>
> private string displayname;
>
> private string discription;
>
> private string telephoneNumber;
>
> private string mail;
>
> private string url;
>
> private StringCollection groups = new StringCollection();
>
> }
>
>
>
> Have anyone got an similar exeption?
>
> Or might anyone se what Im doing wrong in my code..
>
> Thank you...
>
>

[Robert Wallström]

Hi Joe.. and thank you for your reply.

In your answer you wondered if I could get my code to work outside of COM+,
I must admit that I dont really know what COM+ is/means and there for cant
answer that question.

Allthough when I test my code I test it in a consoleapplication project,
with a an easy "static void main(string args[]) method. (code at the of this
message).

I dont know if this makes any different but I am trying to add a user
previously just created..(maybe there is some kind of restriction on doing
so, if so is there a way around it?)

I dont know if this led you closer to my problem, but any answer is
appreciated..

Thank you once again..

//Below is another method from my AdManipulator class
//supplymented as description to my consoleapplication test class
public bool createUser(AdUser newUser)

{

try

{

/*the call below is executed whitout any execption and the user is added

to the Active directory..no problem here (I hope;-))

*/

DirectoryEntry user = addUserAccount(newUser);

/*the call below is executed whitout any execption and the user's password
is set

...no problem here (I hope;-))

*/

setUserPassword(user, newUser.Password);

/*the call below is executed whitout any execption and the user is enabled

...no problem here (I hope;-))

*/

enableUser(user);

if(newUser.Groups.Count > 0)

{

//the call below is the one that throws an exeption(look in previous post
for method code)

addUserToGroup(newUser);

}

}

catch(Exception ex)

{

throw new Exception("Error creating user.\n" + ex.Message);

}

return true;

}



//Bellow is my Consoleapplication test class..
class Class1

{

/// <summary>

/// The main entry point for the application.

/// </summary>

[STAThread]

static void Main(string[] args)

{

AdManipulator adm = new AdManipulator("adminuser","password","domain.com") ;

Console.Write("New user\nSupply new username:");

AdUser user = new AdUser(Console.ReadLine());

Console.Write("Supply password:");

user.Password = Console.ReadLine();

Console.Write("Supply group:");

user.addGroup(Console.ReadLine());

if(adm.createUser(user))

{

Console.WriteLine("Sucess!");

}

Console.ReadLine();

}

}



"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> skrev i
meddelandet news:OO6vzckSEHA.4068@TK2MSFTNGP09.phx.gbl...

> It sounds like the error is related to COM+. Can you get the code to work
> outside of COM+ (in a console app for example)?
>
> Joe K.
>
> "Robert Wallström" <s02image@student.informatik.gu.se> wrote in message
> news:O9wLKOiSEHA.2780@TK2MSFTNGP09.phx.gbl...

> > Hi
> > I am trying to add a user to a group in Active Directory using
> > System.Directory
> > Services
> >
> > But when I CommitChanges() I get the following exeption:
> >
> > (In swedish, I use a swedish version of XP-pro)
> > "Egenskapen TxIsolationLevel för den COM+-komponent som skapas är

starkare

> > är TxIsolationLevel för transaktionens rotkomponent. Objektet kunde inte
> > skapas."
> >
> > Freely interpreted to English:
> > "The property TxIsolationLevel for the COM+-component that is being

> created

> > is stronger than
> > TxIsolationLevel for the transaktions rootcomponent. The object could

not

> be

> > created."
> >
> > My code:
> > public class AdManipulator
> >
> > {
> >
> > private DirectoryEntry root;
> >
> > private DirectorySearcher adSearcher;
> >
> > private string topDomain;
> >
> > private string domain;
> >
> > private string manipulatorName;
> >
> > private string manipulatorPass;
> >
> > private string path;
> >
> >
> >
> > public AdManipulator(string newManipulatorName, string
> > newManipulatorPass,string newAdDomain)
> >
> > {
> >
> > topDomain = newAdDomain.Substring(newAdDomain.IndexOf(".") + 1);
> >
> > domain = newAdDomain.Substring(0,newAdDomain.IndexOf("."));
> >
> > path = "LDAP://DC=" + domain + ",DC=" + topDomain;
> >
> > manipulatorName = newManipulatorName;
> >
> > manipulatorPass = newManipulatorPass;
> >
> > root = new DirectoryEntry();
> >
> > root.Username = newManipulatorName;
> >
> > root.Password = newManipulatorPass;
> >
> > root.Path = path;
> >
> > root.AuthenticationType = AuthenticationTypes.Secure;
> >
> > adSearcher = new DirectorySearcher(root);
> >
> >
> > }
> >
> > //Below is the method wich casts exeption...
> >
> > public bool addUserToGroup(AdUser user)
> >
> > {
> >
> > try
> >
> > {
> >
> > adSearcher.Filter = "(sAMAccountName=" + user.Username + ")";
> >
> > SearchResult res = adSearcher.FindOne();
> >
> > if(res == null)
> >
> > {
> >
> > throw new Exception("Error no such user!\n");
> >
> > }
> >
> > DirectoryEntry deUser = new DirectoryEntry(res.Path);
> >
> > foreach(string st in user.Groups)
> >
> > {
> >
> > adSearcher.Filter = "(CN=" + st + ")";
> >
> > res = adSearcher.FindOne();
> >
> > if(res != null)
> >
> > {
> >
> > DirectoryEntry group = new DirectoryEntry(res.Path);
> >
> >

>

group.Properties["member"].Add(deUser.Properties["distinguishedName"].Value)

> > ;
> >
> > group.CommitChanges();//on executing this row I get an exeption...
> >
> > }
> >
> > }
> >
> > }
> >
> > catch(Exception ex)
> >
> > {
> >
> > throw new Exception("Error adding user to group.\n" + ex.Message);
> >
> > }
> >
> > return true;
> >
> >
> > }
> >
> > }
> >
> > //Bellow is the classhead for the AdUser object this is just a
> >
> > //object wich carries data about a specific user..
> >
> > //this object is used in addUserToGroup(AdUser user)
> >
> > public class AdUser
> >
> > {
> >
> >
> > //Common user variables, more could be used..
> >
> > private string username;
> >
> > private string password;
> >
> > private string givenname;
> >
> > private string initials;
> >
> > private string surname;
> >
> > private string displayname;
> >
> > private string discription;
> >
> > private string telephoneNumber;
> >
> > private string mail;
> >
> > private string url;
> >
> > private StringCollection groups = new StringCollection();
> >
> > }
> >
> >
> >
> > Have anyone got an similar exeption?
> >
> > Or might anyone se what Im doing wrong in my code..
> >
> > Thank you...
> >
> >

>
>

[Joe Kaplan \(MVP - ADSI\)]

Well, your error mentioned COM+ and transaction levels, so it looked like
you might be running this code inside of COM+/Enterprise Services. It seems
very unlikely that you would have done that on accident though as it
requires significant effort.

One general problem I see with your code is that you are catching the
exception that was thrown and rethrowing it with a more generic exception.
As a general rule, class library developers should never do this.
Essentially, you lose the context of the original exception including the
stack trace and add no value. If you ever do catch and rethrow, you should
just call throw without any arguments. This is covered in more detail in
the .NET Design Guidelines in MSDN. The only real reason to catch and
rethrow would be to add some debug or tracing information about the error
though.

The reason I bring this up is that it would be helpful to know what the type
is on the exception that gets thrown and what the stack trace is (you can
call ToString to print this out). Normally, adding a user to a group fails
because there are permissions issues, the user is already in the group, or
there is something about the object you are adding to the group that makes
it not valid to be a member of the group (this happens when you try to nest
the wrong types of groups for example).

Joe K.

"Robert Wallström" <s02image@student.informatik.gu.se> wrote in message
news:OXntqwkSEHA.3476@tk2msftngp13.phx.gbl...

> Hi Joe.. and thank you for your reply.
>
> In your answer you wondered if I could get my code to work outside of

COM+,

> I must admit that I dont really know what COM+ is/means and there for cant
> answer that question.
>
> Allthough when I test my code I test it in a consoleapplication project,
> with a an easy "static void main(string args[]) method. (code at the of

this

> message).
>
> I dont know if this makes any different but I am trying to add a user
> previously just created..(maybe there is some kind of restriction on doing
> so, if so is there a way around it?)
>
> I dont know if this led you closer to my problem, but any answer is
> appreciated..
>
> Thank you once again..
>
> //Below is another method from my AdManipulator class
> //supplymented as description to my consoleapplication test class
> public bool createUser(AdUser newUser)
>
> {
>
> try
>
> {
>
> /*the call below is executed whitout any execption and the user is added
>
> to the Active directory..no problem here (I hope;-))
>
> */
>
> DirectoryEntry user = addUserAccount(newUser);
>
> /*the call below is executed whitout any execption and the user's password
> is set
>
> ..no problem here (I hope;-))
>
> */
>
> setUserPassword(user, newUser.Password);
>
> /*the call below is executed whitout any execption and the user is enabled
>
> ..no problem here (I hope;-))
>
> */
>
> enableUser(user);
>
> if(newUser.Groups.Count > 0)
>
> {
>
> //the call below is the one that throws an exeption(look in previous post
> for method code)
>
> addUserToGroup(newUser);
>
> }
>
> }
>
> catch(Exception ex)
>
> {
>
> throw new Exception("Error creating user.\n" + ex.Message);
>
> }
>
> return true;
>
> }
>
>
>
> //Bellow is my Consoleapplication test class..
> class Class1
>
> {
>
> /// <summary>
>
> /// The main entry point for the application.
>
> /// </summary>
>
> [STAThread]
>
> static void Main(string[] args)
>
> {
>
> AdManipulator adm = new

AdManipulator("adminuser","password","domain.com") ;

>
> Console.Write("New user\nSupply new username:");
>
> AdUser user = new AdUser(Console.ReadLine());
>
> Console.Write("Supply password:");
>
> user.Password = Console.ReadLine();
>
> Console.Write("Supply group:");
>
> user.addGroup(Console.ReadLine());
>
> if(adm.createUser(user))
>
> {
>
> Console.WriteLine("Sucess!");
>
> }
>
> Console.ReadLine();
>
> }
>
> }
>
>
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> skrev

i

> meddelandet news:OO6vzckSEHA.4068@TK2MSFTNGP09.phx.gbl...

> > It sounds like the error is related to COM+. Can you get the code to

work

> > outside of COM+ (in a console app for example)?
> >
> > Joe K.
> >
> > "Robert Wallström" <s02image@student.informatik.gu.se> wrote in message
> > news:O9wLKOiSEHA.2780@TK2MSFTNGP09.phx.gbl...

> > > Hi
> > > I am trying to add a user to a group in Active Directory using
> > > System.Directory
> > > Services
> > >
> > > But when I CommitChanges() I get the following exeption:
> > >
> > > (In swedish, I use a swedish version of XP-pro)
> > > "Egenskapen TxIsolationLevel för den COM+-komponent som skapas är

> starkare

> > > är TxIsolationLevel för transaktionens rotkomponent. Objektet kunde

inte

> > > skapas."
> > >
> > > Freely interpreted to English:
> > > "The property TxIsolationLevel for the COM+-component that is being

> > created

> > > is stronger than
> > > TxIsolationLevel for the transaktions rootcomponent. The object could

> not

> > be

> > > created."
> > >
> > > My code:
> > > public class AdManipulator
> > >
> > > {
> > >
> > > private DirectoryEntry root;
> > >
> > > private DirectorySearcher adSearcher;
> > >
> > > private string topDomain;
> > >
> > > private string domain;
> > >
> > > private string manipulatorName;
> > >
> > > private string manipulatorPass;
> > >
> > > private string path;
> > >
> > >
> > >
> > > public AdManipulator(string newManipulatorName, string
> > > newManipulatorPass,string newAdDomain)
> > >
> > > {
> > >
> > > topDomain = newAdDomain.Substring(newAdDomain.IndexOf(".") + 1);
> > >
> > > domain = newAdDomain.Substring(0,newAdDomain.IndexOf("."));
> > >
> > > path = "LDAP://DC=" + domain + ",DC=" + topDomain;
> > >
> > > manipulatorName = newManipulatorName;
> > >
> > > manipulatorPass = newManipulatorPass;
> > >
> > > root = new DirectoryEntry();
> > >
> > > root.Username = newManipulatorName;
> > >
> > > root.Password = newManipulatorPass;
> > >
> > > root.Path = path;
> > >
> > > root.AuthenticationType = AuthenticationTypes.Secure;
> > >
> > > adSearcher = new DirectorySearcher(root);
> > >
> > >
> > > }
> > >
> > > //Below is the method wich casts exeption...
> > >
> > > public bool addUserToGroup(AdUser user)
> > >
> > > {
> > >
> > > try
> > >
> > > {
> > >
> > > adSearcher.Filter = "(sAMAccountName=" + user.Username + ")";
> > >
> > > SearchResult res = adSearcher.FindOne();
> > >
> > > if(res == null)
> > >
> > > {
> > >
> > > throw new Exception("Error no such user!\n");
> > >
> > > }
> > >
> > > DirectoryEntry deUser = new DirectoryEntry(res.Path);
> > >
> > > foreach(string st in user.Groups)
> > >
> > > {
> > >
> > > adSearcher.Filter = "(CN=" + st + ")";
> > >
> > > res = adSearcher.FindOne();
> > >
> > > if(res != null)
> > >
> > > {
> > >
> > > DirectoryEntry group = new DirectoryEntry(res.Path);
> > >
> > >

> >

>

group.Properties["member"].Add(deUser.Properties["distinguishedName"].Value)

> > > ;
> > >
> > > group.CommitChanges();//on executing this row I get an exeption...
> > >
> > > }
> > >
> > > }
> > >
> > > }
> > >
> > > catch(Exception ex)
> > >
> > > {
> > >
> > > throw new Exception("Error adding user to group.\n" + ex.Message);
> > >
> > > }
> > >
> > > return true;
> > >
> > >
> > > }
> > >
> > > }
> > >
> > > //Bellow is the classhead for the AdUser object this is just a
> > >
> > > //object wich carries data about a specific user..
> > >
> > > //this object is used in addUserToGroup(AdUser user)
> > >
> > > public class AdUser
> > >
> > > {
> > >
> > >
> > > //Common user variables, more could be used..
> > >
> > > private string username;
> > >
> > > private string password;
> > >
> > > private string givenname;
> > >
> > > private string initials;
> > >
> > > private string surname;
> > >
> > > private string displayname;
> > >
> > > private string discription;
> > >
> > > private string telephoneNumber;
> > >
> > > private string mail;
> > >
> > > private string url;
> > >
> > > private StringCollection groups = new StringCollection();
> > >
> > > }
> > >
> > >
> > >
> > > Have anyone got an similar exeption?
> > >
> > > Or might anyone se what Im doing wrong in my code..
> > >
> > > Thank you...
> > >
> > >

> >
> >

>
>

[Robert Wallström]

Hi again Joe..

I followed your recomendation regarding the exceptionhandeling.
This eventually resolved my issue..

It tourned out that the exception thrown had to do with accessrights.
(I could read that out of the exception after I had changed my handeling
like you recommended)

I might mention for anyone else reading this post that;
You (apperently) must bind and set appropriate authentication cridentials to
the object you currently are
manipulating..

This did work:
DirectoryEntry root = new DirectoryEntry();

root.Path = someLDAPpath

root.Username = someusername;//the first time I set username and password

root.Password = somepassword;

root.AuthenticationType = AuthenticationTypes.Secure;

DirectorySearcher searcher = new DirectorySearcher(root);

searcher.Filter = "(sAMAccountName=" + someUsernametosearchfor + ")";

SearchResult res = searcher.FindOne();

root.Close();

root.Dispose();

if(res == null)

{

return false;

}

DirectoryEntry deUser = new DirectoryEntry();

deUser.Username = someusername;//NOTE!! here I set the username and password
again but on a different object

deUser.Password = somepassword;

deUser.Path = res.Path;//here I set the paht pointing to the user that I
earlier searched for

deUser.AuthenticationType = AuthenticationTypes.Secure;

deUser.Invoke("SetPassword", new object[] {"somenewpassword"});

deUser.CommitChanges();

deUser.Close();

deUser.Dispose();



This did not work:

DirectoryEntry root = new DirectoryEntry();

root.Path = someLDAPpath;

root.Username = someusername;

root.Password = somepassword;

root.AuthenticationType = AuthenticationTypes.Secure;

DirectorySearcher searcher = new DirectorySearcher(root);

searcher.Filter = "(sAMAccountName=" + someusernametosearchfor + ")";

SearchResult res = searcher.FindOne();

if(res == null)

{

return false;

}

DirectoryEntry deUser = new DirectoryEntry(res.path);

deUser.Invoke("SetPassword", new object[] {user.Password});

deUser.CommitChanges();



Maybe someone knows if my assuption is correct, eg you MUST bind (with
cridentials)to the object you currenly are

manipulatin??

Anyhow thank you once again Joe..

Robert Wallström

"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> skrev i
meddelandet news:uH2VfylSEHA.2408@tk2msftngp13.phx.gbl...

> Well, your error mentioned COM+ and transaction levels, so it looked like
> you might be running this code inside of COM+/Enterprise Services. It

seems

> very unlikely that you would have done that on accident though as it
> requires significant effort.
>
> One general problem I see with your code is that you are catching the
> exception that was thrown and rethrowing it with a more generic exception.
> As a general rule, class library developers should never do this.
> Essentially, you lose the context of the original exception including the
> stack trace and add no value. If you ever do catch and rethrow, you

should

> just call throw without any arguments. This is covered in more detail in
> the .NET Design Guidelines in MSDN. The only real reason to catch and
> rethrow would be to add some debug or tracing information about the error
> though.
>
> The reason I bring this up is that it would be helpful to know what the

type

> is on the exception that gets thrown and what the stack trace is (you can
> call ToString to print this out). Normally, adding a user to a group

fails

> because there are permissions issues, the user is already in the group, or
> there is something about the object you are adding to the group that makes
> it not valid to be a member of the group (this happens when you try to

nest

> the wrong types of groups for example).
>
> Joe K.
>
> "Robert Wallström" <s02image@student.informatik.gu.se> wrote in message
> news:OXntqwkSEHA.3476@tk2msftngp13.phx.gbl...

> > Hi Joe.. and thank you for your reply.
> >
> > In your answer you wondered if I could get my code to work outside of

> COM+,

> > I must admit that I dont really know what COM+ is/means and there for

cant

> > answer that question.
> >
> > Allthough when I test my code I test it in a consoleapplication project,
> > with a an easy "static void main(string args[]) method. (code at the of

> this

> > message).
> >
> > I dont know if this makes any different but I am trying to add a user
> > previously just created..(maybe there is some kind of restriction on

doing

> > so, if so is there a way around it?)
> >
> > I dont know if this led you closer to my problem, but any answer is
> > appreciated..
> >
> > Thank you once again..
> >
> > //Below is another method from my AdManipulator class
> > //supplymented as description to my consoleapplication test class
> > public bool createUser(AdUser newUser)
> >
> > {
> >
> > try
> >
> > {
> >
> > /*the call below is executed whitout any execption and the user is added
> >
> > to the Active directory..no problem here (I hope;-))
> >
> > */
> >
> > DirectoryEntry user = addUserAccount(newUser);
> >
> > /*the call below is executed whitout any execption and the user's

password

> > is set
> >
> > ..no problem here (I hope;-))
> >
> > */
> >
> > setUserPassword(user, newUser.Password);
> >
> > /*the call below is executed whitout any execption and the user is

enabled

> >
> > ..no problem here (I hope;-))
> >
> > */
> >
> > enableUser(user);
> >
> > if(newUser.Groups.Count > 0)
> >
> > {
> >
> > //the call below is the one that throws an exeption(look in previous

post

> > for method code)
> >
> > addUserToGroup(newUser);
> >
> > }
> >
> > }
> >
> > catch(Exception ex)
> >
> > {
> >
> > throw new Exception("Error creating user.\n" + ex.Message);
> >
> > }
> >
> > return true;
> >
> > }
> >
> >
> >
> > //Bellow is my Consoleapplication test class..
> > class Class1
> >
> > {
> >
> > /// <summary>
> >
> > /// The main entry point for the application.
> >
> > /// </summary>
> >
> > [STAThread]
> >
> > static void Main(string[] args)
> >
> > {
> >
> > AdManipulator adm = new

> AdManipulator("adminuser","password","domain.com") ;

> >
> > Console.Write("New user\nSupply new username:");
> >
> > AdUser user = new AdUser(Console.ReadLine());
> >
> > Console.Write("Supply password:");
> >
> > user.Password = Console.ReadLine();
> >
> > Console.Write("Supply group:");
> >
> > user.addGroup(Console.ReadLine());
> >
> > if(adm.createUser(user))
> >
> > {
> >
> > Console.WriteLine("Sucess!");
> >
> > }
> >
> > Console.ReadLine();
> >
> > }
> >
> > }
> >
> >
> >
> > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>

skrev

> i

> > meddelandet news:OO6vzckSEHA.4068@TK2MSFTNGP09.phx.gbl...

> > > It sounds like the error is related to COM+. Can you get the code to

> work

> > > outside of COM+ (in a console app for example)?
> > >
> > > Joe K.
> > >
> > > "Robert Wallström" <s02image@student.informatik.gu.se> wrote in

message

> > > news:O9wLKOiSEHA.2780@TK2MSFTNGP09.phx.gbl...
> > > > Hi
> > > > I am trying to add a user to a group in Active Directory using
> > > > System.Directory
> > > > Services
> > > >
> > > > But when I CommitChanges() I get the following exeption:
> > > >
> > > > (In swedish, I use a swedish version of XP-pro)
> > > > "Egenskapen TxIsolationLevel för den COM+-komponent som skapas är

> > starkare

> > > > är TxIsolationLevel för transaktionens rotkomponent. Objektet kunde

> inte

> > > > skapas."
> > > >
> > > > Freely interpreted to English:
> > > > "The property TxIsolationLevel for the COM+-component that is being
> > > created
> > > > is stronger than
> > > > TxIsolationLevel for the transaktions rootcomponent. The object

could

> > not

> > > be
> > > > created."
> > > >
> > > > My code:
> > > > public class AdManipulator
> > > >
> > > > {
> > > >
> > > > private DirectoryEntry root;
> > > >
> > > > private DirectorySearcher adSearcher;
> > > >
> > > > private string topDomain;
> > > >
> > > > private string domain;
> > > >
> > > > private string manipulatorName;
> > > >
> > > > private string manipulatorPass;
> > > >
> > > > private string path;
> > > >
> > > >
> > > >
> > > > public AdManipulator(string newManipulatorName, string
> > > > newManipulatorPass,string newAdDomain)
> > > >
> > > > {
> > > >
> > > > topDomain = newAdDomain.Substring(newAdDomain.IndexOf(".") + 1);
> > > >
> > > > domain = newAdDomain.Substring(0,newAdDomain.IndexOf("."));
> > > >
> > > > path = "LDAP://DC=" + domain + ",DC=" + topDomain;
> > > >
> > > > manipulatorName = newManipulatorName;
> > > >
> > > > manipulatorPass = newManipulatorPass;
> > > >
> > > > root = new DirectoryEntry();
> > > >
> > > > root.Username = newManipulatorName;
> > > >
> > > > root.Password = newManipulatorPass;
> > > >
> > > > root.Path = path;
> > > >
> > > > root.AuthenticationType = AuthenticationTypes.Secure;
> > > >
> > > > adSearcher = new DirectorySearcher(root);
> > > >
> > > >
> > > > }
> > > >
> > > > //Below is the method wich casts exeption...
> > > >
> > > > public bool addUserToGroup(AdUser user)
> > > >
> > > > {
> > > >
> > > > try
> > > >
> > > > {
> > > >
> > > > adSearcher.Filter = "(sAMAccountName=" + user.Username + ")";
> > > >
> > > > SearchResult res = adSearcher.FindOne();
> > > >
> > > > if(res == null)
> > > >
> > > > {
> > > >
> > > > throw new Exception("Error no such user!\n");
> > > >
> > > > }
> > > >
> > > > DirectoryEntry deUser = new DirectoryEntry(res.Path);
> > > >
> > > > foreach(string st in user.Groups)
> > > >
> > > > {
> > > >
> > > > adSearcher.Filter = "(CN=" + st + ")";
> > > >
> > > > res = adSearcher.FindOne();
> > > >
> > > > if(res != null)
> > > >
> > > > {
> > > >
> > > > DirectoryEntry group = new DirectoryEntry(res.Path);
> > > >
> > > >
> > >

> >

>

group.Properties["member"].Add(deUser.Properties["distinguishedName"].Value)

> > > > ;
> > > >
> > > > group.CommitChanges();//on executing this row I get an exeption...
> > > >
> > > > }
> > > >
> > > > }
> > > >
> > > > }
> > > >
> > > > catch(Exception ex)
> > > >
> > > > {
> > > >
> > > > throw new Exception("Error adding user to group.\n" + ex.Message);
> > > >
> > > > }
> > > >
> > > > return true;
> > > >
> > > >
> > > > }
> > > >
> > > > }
> > > >
> > > > //Bellow is the classhead for the AdUser object this is just a
> > > >
> > > > //object wich carries data about a specific user..
> > > >
> > > > //this object is used in addUserToGroup(AdUser user)
> > > >
> > > > public class AdUser
> > > >
> > > > {
> > > >
> > > >
> > > > //Common user variables, more could be used..
> > > >
> > > > private string username;
> > > >
> > > > private string password;
> > > >
> > > > private string givenname;
> > > >
> > > > private string initials;
> > > >
> > > > private string surname;
> > > >
> > > > private string displayname;
> > > >
> > > > private string discription;
> > > >
> > > > private string telephoneNumber;
> > > >
> > > > private string mail;
> > > >
> > > > private string url;
> > > >
> > > > private StringCollection groups = new StringCollection();
> > > >
> > > > }
> > > >
> > > >
> > > >
> > > > Have anyone got an similar exeption?
> > > >
> > > > Or might anyone se what Im doing wrong in my code..
> > > >
> > > > Thank you...
> > > >
> > > >
> > >
> > >

> >
> >

>
>

[Joe Kaplan \(MVP - ADSI\)]

Yes, if you are supplying credentials, you must do so with each new bind.

When you use the DirectorySearcher, it will search the directory using the
rights of the account that was used to create its SearchRoot object. If you
use the SearchResult::GetDirectoryEntry method, it inherits the security
context from the SearchRoot too (unless you are using .NET 1.0 in which case
there is a bug and it will default to the current thread security context
regardless of credentials).

Glad that fixed it.

Joe K.

"Robert Wallström" <s02image@student.informatik.gu.se> wrote in message
news:%23YjEIWoSEHA.796@TK2MSFTNGP10.phx.gbl...

> Hi again Joe..
>
> I followed your recomendation regarding the exceptionhandeling.
> This eventually resolved my issue..
>
> It tourned out that the exception thrown had to do with accessrights.
> (I could read that out of the exception after I had changed my handeling
> like you recommended)
>
> I might mention for anyone else reading this post that;
> You (apperently) must bind and set appropriate authentication cridentials

to

> the object you currently are
> manipulating..
>
> This did work:
> DirectoryEntry root = new DirectoryEntry();
>
> root.Path = someLDAPpath
>
> root.Username = someusername;//the first time I set username and password
>
> root.Password = somepassword;
>
> root.AuthenticationType = AuthenticationTypes.Secure;
>
> DirectorySearcher searcher = new DirectorySearcher(root);
>
> searcher.Filter = "(sAMAccountName=" + someUsernametosearchfor + ")";
>
> SearchResult res = searcher.FindOne();
>
> root.Close();
>
> root.Dispose();
>
> if(res == null)
>
> {
>
> return false;
>
> }
>
> DirectoryEntry deUser = new DirectoryEntry();
>
> deUser.Username = someusername;//NOTE!! here I set the username and

password

> again but on a different object
>
> deUser.Password = somepassword;
>
> deUser.Path = res.Path;//here I set the paht pointing to the user that I
> earlier searched for
>
> deUser.AuthenticationType = AuthenticationTypes.Secure;
>
> deUser.Invoke("SetPassword", new object[] {"somenewpassword"});
>
> deUser.CommitChanges();
>
> deUser.Close();
>
> deUser.Dispose();
>
>
>
> This did not work:
>
> DirectoryEntry root = new DirectoryEntry();
>
> root.Path = someLDAPpath;
>
> root.Username = someusername;
>
> root.Password = somepassword;
>
> root.AuthenticationType = AuthenticationTypes.Secure;
>
> DirectorySearcher searcher = new DirectorySearcher(root);
>
> searcher.Filter = "(sAMAccountName=" + someusernametosearchfor + ")";
>
> SearchResult res = searcher.FindOne();
>
> if(res == null)
>
> {
>
> return false;
>
> }
>
> DirectoryEntry deUser = new DirectoryEntry(res.path);
>
> deUser.Invoke("SetPassword", new object[] {user.Password});
>
> deUser.CommitChanges();
>
>
>
> Maybe someone knows if my assuption is correct, eg you MUST bind (with
> cridentials)to the object you currenly are
>
> manipulatin??
>
> Anyhow thank you once again Joe..
>
> Robert Wallström
>
> "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> skrev

i

> meddelandet news:uH2VfylSEHA.2408@tk2msftngp13.phx.gbl...

> > Well, your error mentioned COM+ and transaction levels, so it looked

like

> > you might be running this code inside of COM+/Enterprise Services. It

> seems

> > very unlikely that you would have done that on accident though as it
> > requires significant effort.
> >
> > One general problem I see with your code is that you are catching the
> > exception that was thrown and rethrowing it with a more generic

exception.

> > As a general rule, class library developers should never do this.
> > Essentially, you lose the context of the original exception including

the

> > stack trace and add no value. If you ever do catch and rethrow, you

> should

> > just call throw without any arguments. This is covered in more detail

in

> > the .NET Design Guidelines in MSDN. The only real reason to catch and
> > rethrow would be to add some debug or tracing information about the

error

> > though.
> >
> > The reason I bring this up is that it would be helpful to know what the

> type

> > is on the exception that gets thrown and what the stack trace is (you

can

> > call ToString to print this out). Normally, adding a user to a group

> fails

> > because there are permissions issues, the user is already in the group,

or

> > there is something about the object you are adding to the group that

makes

> > it not valid to be a member of the group (this happens when you try to

> nest

> > the wrong types of groups for example).
> >
> > Joe K.
> >
> > "Robert Wallström" <s02image@student.informatik.gu.se> wrote in message
> > news:OXntqwkSEHA.3476@tk2msftngp13.phx.gbl...

> > > Hi Joe.. and thank you for your reply.
> > >
> > > In your answer you wondered if I could get my code to work outside of

> > COM+,

> > > I must admit that I dont really know what COM+ is/means and there for

> cant

> > > answer that question.
> > >
> > > Allthough when I test my code I test it in a consoleapplication

project,

> > > with a an easy "static void main(string args[]) method. (code at the

of

> > this

> > > message).
> > >
> > > I dont know if this makes any different but I am trying to add a user
> > > previously just created..(maybe there is some kind of restriction on

> doing

> > > so, if so is there a way around it?)
> > >
> > > I dont know if this led you closer to my problem, but any answer is
> > > appreciated..
> > >
> > > Thank you once again..
> > >
> > > //Below is another method from my AdManipulator class
> > > //supplymented as description to my consoleapplication test class
> > > public bool createUser(AdUser newUser)
> > >
> > > {
> > >
> > > try
> > >
> > > {
> > >
> > > /*the call below is executed whitout any execption and the user is

added

> > >
> > > to the Active directory..no problem here (I hope;-))
> > >
> > > */
> > >
> > > DirectoryEntry user = addUserAccount(newUser);
> > >
> > > /*the call below is executed whitout any execption and the user's

> password

> > > is set
> > >
> > > ..no problem here (I hope;-))
> > >
> > > */
> > >
> > > setUserPassword(user, newUser.Password);
> > >
> > > /*the call below is executed whitout any execption and the user is

> enabled

> > >
> > > ..no problem here (I hope;-))
> > >
> > > */
> > >
> > > enableUser(user);
> > >
> > > if(newUser.Groups.Count > 0)
> > >
> > > {
> > >
> > > //the call below is the one that throws an exeption(look in previous

> post

> > > for method code)
> > >
> > > addUserToGroup(newUser);
> > >
> > > }
> > >
> > > }
> > >
> > > catch(Exception ex)
> > >
> > > {
> > >
> > > throw new Exception("Error creating user.\n" + ex.Message);
> > >
> > > }
> > >
> > > return true;
> > >
> > > }
> > >
> > >
> > >
> > > //Bellow is my Consoleapplication test class..
> > > class Class1
> > >
> > > {
> > >
> > > /// <summary>
> > >
> > > /// The main entry point for the application.
> > >
> > > /// </summary>
> > >
> > > [STAThread]
> > >
> > > static void Main(string[] args)
> > >
> > > {
> > >
> > > AdManipulator adm = new

> > AdManipulator("adminuser","password","domain.com") ;

> > >
> > > Console.Write("New user\nSupply new username:");
> > >
> > > AdUser user = new AdUser(Console.ReadLine());
> > >
> > > Console.Write("Supply password:");
> > >
> > > user.Password = Console.ReadLine();
> > >
> > > Console.Write("Supply group:");
> > >
> > > user.addGroup(Console.ReadLine());
> > >
> > > if(adm.createUser(user))
> > >
> > > {
> > >
> > > Console.WriteLine("Sucess!");
> > >
> > > }
> > >
> > > Console.ReadLine();
> > >
> > > }
> > >
> > > }
> > >
> > >
> > >
> > > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com>

> skrev

> > i

> > > meddelandet news:OO6vzckSEHA.4068@TK2MSFTNGP09.phx.gbl...
> > > > It sounds like the error is related to COM+. Can you get the code

to

> > work

> > > > outside of COM+ (in a console app for example)?
> > > >
> > > > Joe K.
> > > >
> > > > "Robert Wallström" <s02image@student.informatik.gu.se> wrote in

> message

> > > > news:O9wLKOiSEHA.2780@TK2MSFTNGP09.phx.gbl...
> > > > > Hi
> > > > > I am trying to add a user to a group in Active Directory using
> > > > > System.Directory
> > > > > Services
> > > > >
> > > > > But when I CommitChanges() I get the following exeption:
> > > > >
> > > > > (In swedish, I use a swedish version of XP-pro)
> > > > > "Egenskapen TxIsolationLevel för den COM+-komponent som skapas är
> > > starkare
> > > > > är TxIsolationLevel för transaktionens rotkomponent. Objektet

kunde

> > inte

> > > > > skapas."
> > > > >
> > > > > Freely interpreted to English:
> > > > > "The property TxIsolationLevel for the COM+-component that is

being

> > > > created
> > > > > is stronger than
> > > > > TxIsolationLevel for the transaktions rootcomponent. The object

> could

> > > not
> > > > be
> > > > > created."
> > > > >
> > > > > My code:
> > > > > public class AdManipulator
> > > > >
> > > > > {
> > > > >
> > > > > private DirectoryEntry root;
> > > > >
> > > > > private DirectorySearcher adSearcher;
> > > > >
> > > > > private string topDomain;
> > > > >
> > > > > private string domain;
> > > > >
> > > > > private string manipulatorName;
> > > > >
> > > > > private string manipulatorPass;
> > > > >
> > > > > private string path;
> > > > >
> > > > >
> > > > >
> > > > > public AdManipulator(string newManipulatorName, string
> > > > > newManipulatorPass,string newAdDomain)
> > > > >
> > > > > {
> > > > >
> > > > > topDomain = newAdDomain.Substring(newAdDomain.IndexOf(".") + 1);
> > > > >
> > > > > domain = newAdDomain.Substring(0,newAdDomain.IndexOf("."));
> > > > >
> > > > > path = "LDAP://DC=" + domain + ",DC=" + topDomain;
> > > > >
> > > > > manipulatorName = newManipulatorName;
> > > > >
> > > > > manipulatorPass = newManipulatorPass;
> > > > >
> > > > > root = new DirectoryEntry();
> > > > >
> > > > > root.Username = newManipulatorName;
> > > > >
> > > > > root.Password = newManipulatorPass;
> > > > >
> > > > > root.Path = path;
> > > > >
> > > > > root.AuthenticationType = AuthenticationTypes.Secure;
> > > > >
> > > > > adSearcher = new DirectorySearcher(root);
> > > > >
> > > > >
> > > > > }
> > > > >
> > > > > //Below is the method wich casts exeption...
> > > > >
> > > > > public bool addUserToGroup(AdUser user)
> > > > >
> > > > > {
> > > > >
> > > > > try
> > > > >
> > > > > {
> > > > >
> > > > > adSearcher.Filter = "(sAMAccountName=" + user.Username + ")";
> > > > >
> > > > > SearchResult res = adSearcher.FindOne();
> > > > >
> > > > > if(res == null)
> > > > >
> > > > > {
> > > > >
> > > > > throw new Exception("Error no such user!\n");
> > > > >
> > > > > }
> > > > >
> > > > > DirectoryEntry deUser = new DirectoryEntry(res.Path);
> > > > >
> > > > > foreach(string st in user.Groups)
> > > > >
> > > > > {
> > > > >
> > > > > adSearcher.Filter = "(CN=" + st + ")";
> > > > >
> > > > > res = adSearcher.FindOne();
> > > > >
> > > > > if(res != null)
> > > > >
> > > > > {
> > > > >
> > > > > DirectoryEntry group = new DirectoryEntry(res.Path);
> > > > >
> > > > >
> > > >
> > >

> >

>

group.Properties["member"].Add(deUser.Properties["distinguishedName"].Value)

> > > > > ;
> > > > >
> > > > > group.CommitChanges();//on executing this row I get an exeption...
> > > > >
> > > > > }
> > > > >
> > > > > }
> > > > >
> > > > > }
> > > > >
> > > > > catch(Exception ex)
> > > > >
> > > > > {
> > > > >
> > > > > throw new Exception("Error adding user to group.\n" + ex.Message);
> > > > >
> > > > > }
> > > > >
> > > > > return true;
> > > > >
> > > > >
> > > > > }
> > > > >
> > > > > }
> > > > >
> > > > > //Bellow is the classhead for the AdUser object this is just a
> > > > >
> > > > > //object wich carries data about a specific user..
> > > > >
> > > > > //this object is used in addUserToGroup(AdUser user)
> > > > >
> > > > > public class AdUser
> > > > >
> > > > > {
> > > > >
> > > > >
> > > > > //Common user variables, more could be used..
> > > > >
> > > > > private string username;
> > > > >
> > > > > private string password;
> > > > >
> > > > > private string givenname;
> > > > >
> > > > > private string initials;
> > > > >
> > > > > private string surname;
> > > > >
> > > > > private string displayname;
> > > > >
> > > > > private string discription;
> > > > >
> > > > > private string telephoneNumber;
> > > > >
> > > > > private string mail;
> > > > >
> > > > > private string url;
> > > > >
> > > > > private StringCollection groups = new StringCollection();
> > > > >
> > > > > }
> > > > >
> > > > >
> > > > >
> > > > > Have anyone got an similar exeption?
> > > > >
> > > > > Or might anyone se what Im doing wrong in my code..
> > > > >
> > > > > Thank you...
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >

> >
> >

>
>