I can get the OU object like....
DirectoryEntry de = new DirectoryEntry(
"LDAP://domain.com",
"DOMAIN\\Administrator",
"Password");
DirectoryEntry ouEntry = de.Children.Find("OU=my-users,DC=domain,DC=com");
But I can't seem to find any classes or libraries to add permissions. I want to give "MyGroup" permission to create and delete objects in this OU. I can do this manually in ADSIEdit by selecting the OU and using the Security tab but can't find the equivalent code.
Try this one
DirectoryEntry rootEntry = new DirectoryEntry("LDAP://OU=Test OU,DC=test,DC=com");
DirectorySearcher dsFindOUs = new DirectorySearcher(rootEntry);
dsFindOUs.Filter = "(objectClass=organizationalUnit)";
dsFindOUs.SearchScope = SearchScope.Subtree;
SearchResult oResults = dsFindOUs.FindOne();
DirectoryEntry myOU = oResults.GetDirectoryEntry();
System.Security.Principal.IdentityReference newOwner = new System.Security.Principal.NTAccount("YourDomain", "YourUserName").Translate(typeof(System.Security.Principal.SecurityIdentifier));
ActiveDirectoryAccessRule newRule = new ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Allow);
myOU.ObjectSecurity.SetAccessRule(newRule);
Let me know if this works for you.
Raymund http://anyrest.wordpress.com
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.