When I try to update the Name field (corresponding to CN) to UserPrincipal (really, really), I get the error "The server does not want to process the request" when calling UserPrincipal.Save ().
I checked that there was no other object in the same OU with the same name (CN).
The PrincipalContext I'm working on is the root of the domain (not exactly at the OU level where the user account exists).
What could be the reason for this error? Could this be due to a security policy (although I can update all other fields)?
using (var context = new PrincipalContext(ContextType.Domain, ConfigurationManager.AppSettings["domain"], ConfigurationManager.AppSettings["rootDN"], ContextOptions.Negotiate, ConfigurationManager.AppSettings["username"], ConfigurationManager.AppSettings["password"])) { var user = UserPrincipal.FindByIdentity(context, IdentityType.Sid, "...");
The user I use to create the PrincipalContext has security rights to modify AD objects. If I update any other of the other fields (e.g. last name, data_name), everything works fine.
EDIT:
I was able to accomplish what I needed to do (using ADSI), but I needed to run the following code under impersonation. The impersonation code is ugly and the code below breaks away from another way to update AD data (using DirectoryServices.AccountManagement), so I would like to get a better solution.
using (var companyOU = new DirectoryEntry("LDAP://" + company.UserAccountOU)) { companyOU.Invoke("MoveHere", "LDAP://" + user.DistinguishedName, "cn=Name\, Test"); }
source share