Home > Net >  C#: Creating a computer object in AD fails
C#: Creating a computer object in AD fails

Time:12-28

I have created a toolbox to create computers in various management systems (including Active Directory). This toolbox has worked flawlessly for years. Since this month the creation of the computer object in Active Directory does not work anymore. I am still looking for the cause, but seems to be related to a patch on the Domain Controllers. Nothing has been changed on the user that creates the object. When I manually create a client with the user credentials using the following command, it works fine.

New-ADComputer -Name NB89991 -Path "ou=nb,ou=w10,ou=clt,ou=tier2,ou=central,dc=xy-dom,dc=xy,dc=ch" -SAMAccountName NB89991

Do you know what could be wrong with my code?

 public Boolean createComputerAccount(Client computer){
        Boolean returnValue = true;
        try {
            if (!existComputer(computer))
            {

                PrincipalContext oPrincipalContext = GetPrincipalContext(computer.ou);
                ComputerPrincipal computerPrincipal = new ComputerPrincipal(oPrincipalContext);
                computerPrincipal.SamAccountName = computer.name;
                computerPrincipal.Name = computer.name;
                if (!(computer.adDescription == "")) {
                    computerPrincipal.Description = computer.adDescription;
                }

                
                MessageBox.Show(computerPrincipal.SamAccountName, "Error!", MessageBoxButtons.OK, MessageBoxIcon.Error);
                MessageBox.Show(computerPrincipal.Name, "Error!", MessageBoxButtons.OK, MessageBoxIcon.Error);

                computerPrincipal.Enabled = true;
                computerPrincipal.Save();
                returnValue = true;
            }
            else {
                returnValue = false;
            }
        }catch (Exception e){
            errorMessage = "Creating a computer in Active Directory failed!\r\nPlease contact the ITCM TEAM or check the Logfile:\r\n (c:\\temp\\ClientToolbox.log).";
            createErrorMessage(errorMessage, e);
            returnValue = false;
        }
     return returnValue;
    }

    public PrincipalContext GetPrincipalContext(string sOU) {
        PrincipalContext oPrincipalContext = new PrincipalContext(ContextType.Domain, domain, sOU, ContextOptions.SimpleBind, ntUser, ntUserPWD);
        return oPrincipalContext;
    }

Error Message:

27.12.2021 16:19:46 System.UnauthorizedAccessException: Access is denied.

at System.DirectoryServices.AccountManagement.ADStoreCtx.Insert(Principal p) at System.DirectoryServices.AccountManagement.Principal.Save() at ClientToolbox.ActiveDirectory.createComputerAccount(Client computer) in C:\Temp\Win10Toolbox\Source\AZToolboxClient\MyClasses\ActiveDirectory.cs:line 71

Thanks a lot! Best regards ynick

CodePudding user response:

Update: 27.12.2021: I think the issue occurs because of the following Microsoft article. I have not get yet how i have to change my code that it works again. Does everyone know?

Microsoft KB5008102

CodePudding user response:

KB5008102 says this:

The sAMAccountName of a computer account whose UserAccountControl attribute contains the UF_WORKSTATION_TRUST_ACCOUNT flag must end with a single dollar sign ($).

So you need to add that $ to the SamAccountName:

computerPrincipal.SamAccountName = computer.name   "$";

Page link:https//www.codepudding.com/net/242793.html

Prev:C# - How to find the average from the numbers given by the textbox
Next:CRUD or managing user role in AspNetUserRoles MVC
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding