Chia sẻ qua

Creating a new UserPrincipal or GroupPrincipal for existing object when saved causes object to be deleted

  • Bài viết

We have been encountered a number of issues regarding the System.DirectoryService.Accountmanagement namespace over the past few weeks. One of these issues is the following:

 

PROBLEM:

=========

Suppose you want to create a new principal, pick one: userprincipal or groupprincipal, and that principal already exists in your specified context.

 

If you use the new operator with the principal, then call the Save method, you will receive the following exception:

 

"System.DirectoryServices.AccountManagement.PrincipalExistsException: The object already 

exists."

 

As a bonus, the namespace will delete the existing object from the Active directory.

 

RESOLUTION:

=========== 

This is a known issue with the System.DirctoryServices.AccountManagment namespace and will be addressed in a future update/release to the .Net framework.

 

WORK AROUND:

============

The simple work around is to test to see if the object exists in the Active Directory before calling the New operator to attempt to create a UserPrincipal or GroupPrincipal associated with it.

 

Or just use the System.DirectoryServices namespace to create either the user or the group.

 

 

Steps To Reproduce:

====================

The example is using the GroupPrincipal class. The same issue can be reproduced with using the UserPrincipal class.

 

1. Create a simple VB.Net console application and add the following code to the main function:

 

 

 Dim newGroupPrincipal As GroupPrincipal

 Using ouPrincipalContext As PrincipalContext = New PrincipalContext(ContextType.Domain,

                                  "MyDomain.Com", "OU=My Group,DC=MyDomain,DC=Com")

 

            Try

           newGroupPrincipal = New GroupPrincipal(ouPrincipalContext)

                With newGroupPrincipal

                    .Name = "test group that will be deleted"

                    .IsSecurityGroup = True

                    .GroupScope = GroupScope.Global

                    .SamAccountName = "test group that will be deleted"

                    .Save()

                End With

            Catch ex As Exception

                Debug.WriteLine(ex.ToString)

            End Try

 End Using

 

 

2. Run this code twice. The second time around you will receive the

 

"System.DirectoryServices.AccountManagement.PrincipalExistsException" and you will notice that the principal has been deleted.

 

3. Run it a third time and the principal will be created anew.

 

Stack Trace:

 

System.DirectoryServices.AccountManagement.PrincipalExistsException: The object already exists. (Exception from

 

HRESULT: 0x80071392) ---> System.DirectoryServices.DirectoryServicesCOMException (0x80071392): The object already exists. (Exception from HRESULT: 0x80071392)

   at System.DirectoryServices.DirectoryEntry.CommitChanges()

....