Udostępnij za pośrednictwem


Creating a new UserPrincipal or GroupPrincipal for existing object when saved causes object to be deleted

We have been encountered a number of issues regarding the System.DirectoryService.Accountmanagement namespace over the past few weeks. One of these issues is the following:

 

PROBLEM:

=========

Suppose you want to create a new principal, pick one: userprincipal or groupprincipal, and that principal already exists in your specified context.

 

If you use the new operator with the principal, then call the Save method, you will receive the following exception:

 

"System.DirectoryServices.AccountManagement.PrincipalExistsException: The object already 

exists."

 

As a bonus, the namespace will delete the existing object from the Active directory.

 

RESOLUTION:

=========== 

This is a known issue with the System.DirctoryServices.AccountManagment namespace and will be addressed in a future update/release to the .Net framework.

 

WORK AROUND:

============

The simple work around is to test to see if the object exists in the Active Directory before calling the New operator to attempt to create a UserPrincipal or GroupPrincipal associated with it.

 

Or just use the System.DirectoryServices namespace to create either the user or the group.

 

 

Steps To Reproduce:

====================

The example is using the GroupPrincipal class. The same issue can be reproduced with using the UserPrincipal class.

 

1. Create a simple VB.Net console application and add the following code to the main function:

 

 

 Dim newGroupPrincipal As GroupPrincipal

 Using ouPrincipalContext As PrincipalContext = New PrincipalContext(ContextType.Domain,

                                  "MyDomain.Com", "OU=My Group,DC=MyDomain,DC=Com")

 

            Try

           newGroupPrincipal = New GroupPrincipal(ouPrincipalContext)

                With newGroupPrincipal

                    .Name = "test group that will be deleted"

                    .IsSecurityGroup = True

                    .GroupScope = GroupScope.Global

                    .SamAccountName = "test group that will be deleted"

                    .Save()

                End With

            Catch ex As Exception

                Debug.WriteLine(ex.ToString)

            End Try

 End Using

 

 

2. Run this code twice. The second time around you will receive the

 

"System.DirectoryServices.AccountManagement.PrincipalExistsException" and you will notice that the principal has been deleted.

 

3. Run it a third time and the principal will be created anew.

 

Stack Trace:

 

System.DirectoryServices.AccountManagement.PrincipalExistsException: The object already exists. (Exception from

 

HRESULT: 0x80071392) ---> System.DirectoryServices.DirectoryServicesCOMException (0x80071392): The object already exists. (Exception from HRESULT: 0x80071392)

   at System.DirectoryServices.DirectoryEntry.CommitChanges()

....

Comments

  • Anonymous
    September 12, 2008
    PingBack from http://hoursfunnywallpaper.cn/?p=5945

  • Anonymous
    September 12, 2008
    I've been helping out my old colleagues on the identity team these past few weeks (so that people could

  • Anonymous
    September 28, 2010
    Just ran into this one. Artical posted in 2008; Its now 2010 and it still happens.

  • Anonymous
    May 27, 2011
    How is it possible that this isn't fixed?  

  • Anonymous
    June 06, 2013
    The comment has been removed

  • Anonymous
    May 16, 2014
    The comment has been removed