Exception Unknown error (0x80005000) while creating Active Directory User programmatically

Vivek Agrawal 21 Reputation points
2021-09-27T05:34:59.83+00:00

I have C# windows service to create/update AD User properties. I am using PrincipalContext class for doing AD operation. Getting exception while creating Active Directory User.

Same code is working fine to update properties of existing users. Also service account has sufficient permission to create users in AD manually. Issue is only coming when we try to create user programmatically.

System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.DirectoryServices.AccountManagement.PrincipalOperationException: Unknown error (0x80005000) ---> System.Runtime.InteropServices.COMException: Unknown error (0x80005000)

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,914 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,294 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,386 Reputation points
    2021-09-28T10:13:52.62+00:00

    Hello @Vivek Agrawal

    The 0x80005000 means that "The specified directory service attribute or value does not exist". This may happen eventually under high workload of the authentication server, failure to connect (or timeout) to a Global Catalog when using Kerberos Auth.

    You can use the next guide to check the GC readiness and health: https://social.technet.microsoft.com/wiki/contents/articles/11620.windows-server-2008-how-to-verify-global-catalog-server-readiness.aspx

    I would also recommend to set some Performance counters for network load (TCP Max Connections) on your Authentication server.

    Last, I would check if there is any special characters in your AD groups or users, as this could also produce the error as the String may not be recognized in the same way is launched.

    Hope this helps with your query,

    -------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments
  2. Gary Reynolds 9,391 Reputation points
    2021-10-01T01:33:40.83+00:00

    Hi @Vivek Agrawal

    When creating a new user object, there are a number of attributes that are 'must have' attributes that must be specified when creating the user object. These attributes are specified in User and subclass objects and definition in attribute called SystemMustContain.

    For a standard AD Schema, these are normally ones that must be set:
    cn
    instanceType
    nTsecurityDescriptor
    ObjectCategory
    ObjectClass
    objectSid
    Samaccountname
    Some of these attrtibutes are automatically populated by AD when not specified, but some are not. It might require a bit of trial and error to find out which attributes are required.

    Also 0x80005000 could also mean that the DN path provided for the object creation may not be valid, check that you are providing a valid DN and is matches the attributes that are being set.

    Gary.

    0 comments