Home/ Questions/Q 8921247
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T06:29:28+00:00

I am trying to create a domain user and then add them to local

  • 0

I am trying to create a domain user and then add them to local groups on the current machine. Every time I do this when I call add on the domain I get this {"A member could not be added to or removed from the local group because the member does not exist.\r\n"}. However I know the user exists as my tester was watching the directory and as soon as my create code ran the user showed up.

I will say that I noticed when I translate the SID to an NTUser account I end up with domain\$DDDDD-FAF234AFS as the name instead of a domain\test.user. Why is that hapening and is that my problem maybe?

Here is my code to create a user:

private UserPrincipal CreateNewUser(Section.User.User user, PrincipalContext principal)
    {
        _logger.Debug("User did not exist creating now.");
        UserPrincipal newUser = new UserPrincipal(principal)
            {
                Name = user.UserName.Contains('\\') ? user.UserName.Split('\\')[1] : user.UserName,
                Description = string.IsNullOrEmpty(user.UserDescription) ? "IIS {0} user.".FormatWith(user.UserType) : user.UserDescription,
                UserCannotChangePassword = false,
                PasswordNeverExpires = true,
                PasswordNotRequired = false,
                Enabled = true
            };
        _logger.Debug("User created.");

        _logger.Debug("Setting user password and applying to the system.");
        newUser.SetPassword(user.UserPassword);
        newUser.Save();

        return newUser;
    }

The user is just a custom class with username, password, and description. The principalcontext is a valid context for the domain.

Here is the code I use to add the user to local domains:

private void AddDomainUserToGroup(Principal groupPrincipal, Principal user, string group)
    {
        using (DirectoryEntry groupEntry = groupPrincipal.GetUnderlyingObject() as DirectoryEntry)
        using (DirectoryEntry userEntry = user.GetUnderlyingObject() as DirectoryEntry)
        {
            NTAccount ntUser = user.Sid.Translate(typeof (NTAccount)) as NTAccount;
            string domain = ntUser.ToString().Split('\\')[0];
            string userPath = string.Format("WinNT://{0}/{1},user", domain, user);

            groupEntry.Invoke("Add", new object[] {userPath});
        }
    }

Also I have never added the user to the local machine I just add them to the domain. Is that my problem maybe?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I figured this out and in case anyone else has similar problems here is my solution. Basically it was failing because I never set the samAccountname oonce I set that to my username everything worked perfectly.

    • 0