Home/ Questions/Q 8589179
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T22:59:19+00:00

I’ve been trying to write a quick and dirty C# .exe that I can

  • 0

I’ve been trying to write a quick and dirty C# .exe that I can distribute to some student workers in our IT office. The .exe should be able to detect the name of the machine on which it’s being run, search for that name in Active Directory, and disable the computer entry. So far I haven’t had a problem with the name detection or search, but the bit of removal code is giving me a false positive when I can go directly into Active Directory to see that the computer entry has not been disabled.

    private void confirmRemoveButton_Click(object sender, EventArgs e)
    {
        string computerName = Environment.MachineName;
        using (PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, null, "useraccount", "password"))
        {
            ComputerPrincipal computer = ComputerPrincipal.FindByIdentity(domainContext, computerName);

            if (computer != null)
            {
                try
                {
                    computer.Enabled = false;
                    label3.Visible = true;
                    label3.Text = "Computer was disabled in Active Directory.";
                    button1.Visible = true;
                }

                catch (Exception x)
                {
                    label3.Visible = true;
                    label3.Text = "Unable to disable computer with exception " + x;
                    button1.Visible = true;
                }
            }

            else if (computer == null)
            {
                label3.Visible = true;
                label3.Text = "Computer was not found in Active Directory.";
                button1.Visible = true;
            }

            else
            {
                label3.Visible = true;
                label3.Text = "Unexpected error in computer search.";
                button1.Visible = true;
            }
        }
    }

This is the code I have right now; the preceding code is about having the user check the computer name against the detected computer name and confirm that they actually want to disable the computer account. Once they click to confirm this (misleadingly currently labeled as confirm removal button), it should run this code to report success or failure. However, in testing, it reports success though I can see the computer object is not disabled.

This link (http://stackoverflow.com/questions/591681/using-c-how-do-you-check-if-a-computer-account-is-disabled-in-active-directory) is a topic relating to disabling a computer account in the title, but the comments and code all seem to suggest that this applies to disabling a user account.

Any insight would be appreciated 🙂

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You have to save the PrincipalComputer object. Otherwise your code is fine. Here’s a simple console app version which will return nothing if the computer doesn’t exist.

        static void Main(string[] args)
    {
        Console.WriteLine("Enter the name of the computer you wish to disable");
        string ComputerName = Console.ReadLine();
        if (ComputerName != "" && ComputerName != null)
        {
            using (PrincipalContext TargetDomain = new PrincipalContext(ContextType.Domain, null, "admin", "password"))
            {
                ComputerPrincipal TargetComputer = ComputerPrincipal.FindByIdentity(TargetDomain, ComputerName);

                if (TargetComputer != null)
                {
                    if ((bool)TargetComputer.Enabled)
                    {
                        Console.WriteLine("Computer is currently enabled, it will now be disabled");
                        TargetComputer.Enabled = false;
                        Console.WriteLine("Is computer now enabled? " + TargetComputer.Enabled);
                        TargetComputer.Save();
                    }
                    else
                    {
                        Console.WriteLine("Computer is currently disabled, it will now be enabled");
                        TargetComputer.Enabled = true;
                        Console.WriteLine("Is computer now enabled? " + TargetComputer.Enabled);
                        TargetComputer.Save();
                    }
                    Console.Read();
                }
            }
        }
    }

    dang, Kieren beat me to it!

    Note, sometimes it can take awhile before AD recognizes what has happened.

    • 0