How do I add permissions to an OU using C#?

Question

I can get the OU object like....

        DirectoryEntry de = new DirectoryEntry(
            "LDAP://domain.com",
            "DOMAIN\\Administrator",
            "Password");
        DirectoryEntry ouEntry = de.Children.Find("OU=my-users,DC=domain,DC=com");

But I can't seem to find any classes or libraries to add permissions. I want to give "MyGroup" permission to create and delete objects in this OU. I can do this manually in ADSIEdit by selecting the OU and using the Security tab but can't find the equivalent code.

Answer 1

Try this one

DirectoryEntry rootEntry = new DirectoryEntry("LDAP://OU=Test OU,DC=test,DC=com");
DirectorySearcher dsFindOUs = new DirectorySearcher(rootEntry);

dsFindOUs.Filter = "(objectClass=organizationalUnit)";
dsFindOUs.SearchScope = SearchScope.Subtree;
SearchResult oResults = dsFindOUs.FindOne();
DirectoryEntry myOU = oResults.GetDirectoryEntry();

System.Security.Principal.IdentityReference newOwner = new System.Security.Principal.NTAccount("YourDomain", "YourUserName").Translate(typeof(System.Security.Principal.SecurityIdentifier));
ActiveDirectoryAccessRule newRule = new ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Allow);
myOU.ObjectSecurity.SetAccessRule(newRule);

Let me know if this works for you.

Raymund http://anyrest.wordpress.com