Loading ...
Sorry, an error occurred while loading the content.

Re: [ADSI-DirSrv] Error "A constraint violation occurred" when adding group members

Expand Messages
  • mneale1
    Joe What if the user is not a domain user but you are adding off-domain users into a store for combined on and off domain users. There is no SID in for the
    Message 1 of 4 , Aug 13, 2007
    • 0 Attachment
      Joe

      What if the user is not a domain user but you are adding off-domain
      users into a store for combined on and off domain users. There is no
      SID in for the external? What do you use then?
      TIA

      --- In ADSIANDDirectoryServices@yahoogroups.com, "Joe Kaplan"
      <joe@...> wrote:
      >
      > You can't do it that way. You need to add it as a foreign security
      > principal using the SID of the domain users group:
      >
      > entry.Properties["member"].Add("<SID=S-1-5-20-xxxxxxxxx>");
      >
      > Where your domain users group SID in the string above. That will
      work, as
      > it will for any other SID that the ADAM machine can trust.
      >
      > Joe K.
      >
      > ----- Original Message -----
      > From: "gaoming_fu" <gaoming_fu@...>
      > To: <ADSIANDDirectoryServices@yahoogroups.com>
      > Sent: Tuesday, March 13, 2007 10:53 AM
      > Subject: [ADSI-DirSrv] Error "A constraint violation occurred" when
      adding
      > group members
      >
      >
      > Hi All,
      >
      > I created one ADAM isntance, it uses port number 50014 and its
      > partition is 'DC=Test,DC=COM'. Now I want to add the 'Domain Users'
      > as a member of the Readers role of this ADAM instance using the
      > following code:
      >
      > string groupPath
      > = "LDAP://localhost:50014/CN=Readers,CN=Roles,DC=Test,DC=COM";
      > DirectoryEntry entry = new DirectoryEntry(groupPath);
      > entry.RefreshCache();
      > entry.Properties["member"].Add("CN=Domain
      > Users,CN=Users,DC=MyDomain,DC=COM");
      > entry.CommitChanges();
      >
      > But the line "entry.CommitChanges()" gives me the following error:
      >
      > A constraint violation occurred. (Exception from HRESULT:
      0x8007202F)
      >
      > Any help will be highly appreciated. Thanks.
      >
      > Gaoming Fu
      >
    • Joe Kaplan
      As far as I know, there has to be some sort of trust relationship for the SID, so it has to be a SID from the domain the ADAM machine is in, a trusted domain
      Message 2 of 4 , Aug 13, 2007
      • 0 Attachment
        As far as I know, there has to be some sort of trust relationship for the
        SID, so it has to be a SID from the domain the ADAM machine is in, a trusted
        domain or the local machine.

        Joe K.

        ----- Original Message -----
        From: "mneale1" <mneale1@...>
        To: <ADSIANDDirectoryServices@yahoogroups.com>
        Sent: Monday, August 13, 2007 4:58 PM
        Subject: Re: [ADSI-DirSrv] Error "A constraint violation occurred" when
        adding group members


        Joe

        What if the user is not a domain user but you are adding off-domain
        users into a store for combined on and off domain users. There is no
        SID in for the external? What do you use then?
        TIA

        --- In ADSIANDDirectoryServices@yahoogroups.com, "Joe Kaplan"
        <joe@...> wrote:
        >
        > You can't do it that way. You need to add it as a foreign security
        > principal using the SID of the domain users group:
        >
        > entry.Properties["member"].Add("<SID=S-1-5-20-xxxxxxxxx>");
        >
        > Where your domain users group SID in the string above. That will
        work, as
        > it will for any other SID that the ADAM machine can trust.
        >
        > Joe K.
        >
        > ----- Original Message -----
        > From: "gaoming_fu" <gaoming_fu@...>
        > To: <ADSIANDDirectoryServices@yahoogroups.com>
        > Sent: Tuesday, March 13, 2007 10:53 AM
        > Subject: [ADSI-DirSrv] Error "A constraint violation occurred" when
        adding
        > group members
        >
        >
        > Hi All,
        >
        > I created one ADAM isntance, it uses port number 50014 and its
        > partition is 'DC=Test,DC=COM'. Now I want to add the 'Domain Users'
        > as a member of the Readers role of this ADAM instance using the
        > following code:
        >
        > string groupPath
        > = "LDAP://localhost:50014/CN=Readers,CN=Roles,DC=Test,DC=COM";
        > DirectoryEntry entry = new DirectoryEntry(groupPath);
        > entry.RefreshCache();
        > entry.Properties["member"].Add("CN=Domain
        > Users,CN=Users,DC=MyDomain,DC=COM");
        > entry.CommitChanges();
        >
        > But the line "entry.CommitChanges()" gives me the following error:
        >
        > A constraint violation occurred. (Exception from HRESULT:
        0x8007202F)
        >
        > Any help will be highly appreciated. Thanks.
        >
        > Gaoming Fu
        >
      Your message has been successfully submitted and would be delivered to recipients shortly.