Is there any way to add a user to a group for an exact time and then delete the user from the group automatically?
e.g.:
CN=testuser1 and CN=testgroup1
Now I want to add the CN=testuser1 to the CN=testgroup1 for 1 day.
After that 1 day the user should leave(shouldn't be a member of the group anymore) CN=testgroup1 automatically.
Is this possible with System.DirectoryServices.AccountManagement;, System.DirectoryServices; or is there another solution except a Powershell script?
Hint: I don't want a solution with a powershell script or something like that. It should be done with in my c# program. I have a windows form where I have 3 textboxes:
When I press a button "Add user temporarily to group" the user should be added to that group for a specific time which I can enter in that duration textbox.
Thanks in Advance!
Yes this is possible. It requires that you have a Windows Server 2016 forest and that you have the Privileged Access Management optional feature enabled.
Once you have this, you can specify a TTL for a linked value such as a group membership. This blog https://www.dsinternals.com/en/how-the-active-directory-expiring-links-feature-really-works/ shows you how to do this. I do not know if you can supply the syntax via ADSI (System.DirectoryServices) or if you will need to fall back to a direct LDAP call with System.DirectoryServices.Protocols.