I try to add the Network Service as a member of the Administrator group of my AD LDS instance but "constraint violation occurred" error always prompts me; but then if i add the Network Service manually from ADSI and then i delete it the strange thing happens, my code starts to work fine
My question, is there any constraint that you have to follow the first time you add a new user to your group?
My code:
Using lEntry As New DirectoryEntry(mLDAPAddress &"CN=Administrators,CN=Roles" & "," & mLDAPInstance)
Try
Dim lMembers = lEntry.Properties("member")
lMembers.Add("CN=SccAdmin,CN=SccAdmins" & "," & mLDAPInstance)
'The above works fine, the below not so
lMembers.Add("CN=S-1-5-20,CN=ForeignSecurityPrincipals" & "," & mLDAPInstance)
lEntry.CommitChanges()
Return True
Catch ex As System.Runtime.InteropServices.COMException
aError = ex.Message
End Try
End Using
The foreign security principal is getting created when you add it with ADSI Edit in the background. Try adding "NT AUTHORITY\NETWORK SERVICE" in your code in lieu of the DN of the FSP as you're doing now.