0 Replies - 1262 Views - Last Post: 11 October 2012 - 07:43 AM Rate Topic: -----

#1 mgrimes  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 1
  • Joined: 11-October 12

Problems Moving Computer in Active Directory with Distinguished Name

Posted 11 October 2012 - 07:43 AM

Hi alL!
I was able to get the computer-account-disabling part of my code to work, but to keep our AD tree even more clean, we have a specifically created !Disabled OU. I'd like my code to be able to both disable the computer account and move it into the !Disabled OU.

Here's what I have so far:
string computerName = Environment.MachineName;
using (PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, null, "username", "password"))
{
    ComputerPrincipal computer = ComputerPrincipal.FindByIdentity(domainContext, computerName);

    if (computer != null)
    {
       try
       {
          computer.Enabled = false;
          label3.Visible = true;
          computer.Save();
          label3.Text = "Computer was disabled in Active Directory." + "\n";

          try
          {
             string LdapDomain = "prefix.domain.suffix";
             string distinguishedName = string.Empty;
             string connectionPrefix = "LDAP://" + LdapDomain;
             DirectoryEntry entry = new DirectoryEntry(connectionPrefix);

             DirectorySearcher mySearcher = new DirectorySearcher(entry);
             mySearcher.Filter = "(&(objectClass=computer)(|(cn=" + computerName + ")(dn=" + computerName + ")))";

             SearchResult result = mySearcher.FindOne();

             if (result == null)
             {
                label3.Text += ("Unable to locate the distinguishedName for the object " + computerName + " in the " + LdapDomain + " domain." + "\n");                           
             }
             else if (result != null)
             {
                 DirectoryEntry directoryObject = result.GetDirectoryEntry();
                 distinguishedName = "LDAP://" + directoryObject.Properties["distinguishedName"].Value;
                 label3.Text += ("Distinguished name is " + distinguishedName + "\n");

                 string newLocation = "OU=!Disabled,DC=prefix,DC=domain,DC=suffix";
                 DirectoryEntry nLocation = new DirectoryEntry("LDAP://" + newLocation);
                 string newName = directoryObject.Name;

                 //directoryObject.MoveTo(nLocation, newName);

                 DirectoryEntry moveParent = new DirectoryEntry(newLocation);

                 directoryObject.MoveTo(moveParent); //Comes from Microsoft example, as prior may have been possible cause of errors.

                 label3.Text += ("Successfully moved computer to the !Disabled OU");

                 nLocation.Close();
                 directoryObject.Close();

                 entry.Close();
                 entry.Dispose();
                 mySearcher.Dispose();
             }
             else
             {
                 label3.Text += ("Unexpected error in moving computer.");
             }

             button1.Visible = true;
          }
          catch (Exception p)
          {
              label3.Text += ("Failed to move computer with exception " + p);
              button1.Visible = true;
          }

          /*
          public void Move(string objectLocation, string newLocation)
          {
              //For brevity, removed existence checks
              DirectoryEntry eLocation = new DirectoryEntry("LDAP://" + objectLocation);
              DirectoryEntry nLocation = new DirectoryEntry("LDAP://" + newLocation);
              string newName = eLocation.Name;
              eLocation.MoveTo(nLocation, newName);
              nLocation.Close();
              eLocation.Close();
          }
          */
       }
       catch (Exception x)
       {
          label3.Visible = true;
          label3.Text = "Unable to disable computer with exception " + x;
          button1.Visible = true;
       }
    }
    else if (computer == null)
    {
        label3.Visible = true;
        label3.Text = "Computer was not found in Active Directory.";
        button1.Visible = true;
    }
    else
    {
        label3.Visible = true;
        label3.Text = "Unexpected error in computer search.";
        button1.Visible = true;
    }
}


The display aspects are pretty sloppy, but it's a quick and dirty Windows Form that displays all the things that are going on. The problem I'm having is that even though I have the distinguished name and can get a DirectoryEntry object from the search, when I call the MoveTo() method I get an error about the object not existing or not being found. Could someone point me in the right direction here?

I've considered binding to the two different OU's and using the DirectoryEntry.Children.Add() and DirectoryEntry.Children.Remove() methods as a workaround, but that doesn't fix the problem I'm having traversing AD.

Is This A Good Question/Topic? 0
  • +

Page 1 of 1