VB.Net program to disable AD accounts

Question

_{Tuesday, October 24, 2017 6:25 PM}

So I am attempt to create a VB.net program.  Part of the program will need to connect into AD and disable AD accounts.  However I seem to be getting an error when I attempt commit the changes I get error. 

System.DirectoryServices.DirectoryServicesCOMException (0x80072014): The requested operation did not satisfy one or more constraints associated with the class of the object.

The same program is able to search AD based on a couple of attributes and pull back info on those accounts, so the AD connection is working.  The account that I am running the program as full rights to the Test AD accounts that I am attempting to disable.  Below is the code that I am attempting to use to disable the accounts.

Imports System
Imports System.IO
Imports System.Collections
Imports System.DirectoryServices
Public Class Form1

    Public strUserList() As String
    Public strDomainVerifiedList() As String
    Public strVerifiedUserList() As String
    Public objADConnection As Object
    Public ADEntry As New DirectoryEntry("LDAP://DC=domain,DC=com")
    Public ADSearch As New DirectorySearcher(ADEntry)




    Private Sub Select_File_Button_Click(sender As Object, e As EventArgs) Handles Select_File_Button.Click
        Dim myStream As Stream = Nothing
        Dim openFileDialog1 As New OpenFileDialog()

        openFileDialog1.InitialDirectory = "c:\"
        openFileDialog1.Filter = "txt files (*.txt)|*.txt|All files (*.*)|*.*"
        openFileDialog1.FilterIndex = 2
        openFileDialog1.RestoreDirectory = True

        If openFileDialog1.ShowDialog() = System.Windows.Forms.DialogResult.OK Then
            strUserList = IO.File.ReadAllLines(openFileDialog1.FileName)
            For Each strUser In strUserList
                Users_import_lb.Items.Add(strUser)
                DisableUsers_LB.Items.Add(strUser)
            Next
        End If
    End Sub

    Private Sub VerifyUsers_button_Click(sender As Object, e As EventArgs) Handles VerifyUsers_button.Click
        ADSearch.CacheResults = False
        ADSearch.PropertiesToLoad.Add("sAMAccountName")
        ADSearch.PropertiesToLoad.Add("mail")
        ADSearch.PropertiesToLoad.Add("employeeID")

        For Each strUser As String In strUserList
            If Username_RB.Checked Then
                ADSearch.Filter = "(&(objectCategory=Person)(objectCategory=user)(sAMAccountName=" & strUser & "))"
            ElseIf Email_RB.Checked Then
                ADSearch.Filter = "(&(objectCategory=Person)(objectCategory=user)(mail=" & strUser & "))"
            ElseIf EmployeeID_RB.Checked Then
                ADSearch.Filter = "(&(objectCategory=Person)(objectCategory=user)(employeeID=" & strUser & "))"
            End If

            Dim results As SearchResultCollection = ADSearch.FindAll()
            Dim result As SearchResult
            If results.Count = 1 Then 'Was > 0
                'InitPanel2()
                For Each result In results
                    If result.Properties.Contains("sAMAccountName") Then Users_verify_lb.Items.Add(result.Properties("sAMAccountName")(0))
                    If result.Properties.Contains("employeeID") Then Users_verify_lb.Items.Add(result.Properties("employeeID")(0))
                    If result.Properties.Contains("mail") Then Users_verify_lb.Items.Add(result.Properties("mail")(0))
                Next
            End If

        Next

    End Sub

    Private Sub DisableUsers_button_Click(sender As Object, e As EventArgs) Handles DisableUsers_button.Click

        For Each strUser As String In strUserList
            If Username_Disable_RB.Checked Then
                ADSearch.Filter = "(&(objectCategory=Person)(objectCategory=user)(sAMAccountName=" & strUser & "))"
            ElseIf Email_Disable_RB.Checked Then
                ADSearch.Filter = "(&(objectCategory=Person)(objectCategory=user)(mail=" & strUser & "))"
            ElseIf EmpID_Disable_RB.Checked Then
                ADSearch.Filter = "(&(objectCategory=Person)(objectCategory=user)(employeeID=" & strUser & "))"
            End If

            ADSearch.SearchScope = SearchScope.Subtree
            Dim results As SearchResult = ADSearch.FindOne()
            If Not results Is Nothing Then
                Dim iVal As Integer = ADEntry.Properties("userAccountControl").Value
                ADEntry.Properties("userAccountControl").Value = iVal Or &H2
                ADEntry.CommitChanges()
                ADEntry.Close()
            End If
        Next
    End Sub

End Class

It is failing on the part in bold.  Any suggestions on what I am doing wrong?

Thank You

Mark Evers

All replies (3)

_{Tuesday, October 24, 2017 8:48 PM ✅Answered}

 It doesn't look like you are using the results instance, which is returned when you execute FindOne. Try the following instead:

            If Not results Is Nothing Then
               Dim ADUser As DirectoryEntry = results.GetDirectoryEntry()
               ADUser.NativeObject.AccountDisabled = True
               ADUser.CommitChanges()
            End If 

Paul ~~~~ Microsoft MVP (Visual Basic)

---

_{Tuesday, October 24, 2017 8:56 PM}

Modified, and that worked perfectly.

Thank you.

---

_{Friday, December 28, 2018 6:48 PM}

 It doesn't look like you are using the results instance, which is returned when you execute FindOne. Try the following instead:

            If Not results Is Nothing Then
               Dim ADUser As DirectoryEntry = results.GetDirectoryEntry()
               ADUser.NativeObject.AccountDisabled = True
               ADUser.CommitChanges()
            End If 

Paul ~~~~ Microsoft MVP (Visual Basic)

How would you get this to pass Option Strict On?

Live as if you were going to die today, learn as if you were going to live forever -Mahatma Gandhi