System.DirectoryServices.AccountManagement

System.DirectoryServices.AccountManagement Namespace

 

The System.DirectoryServices.AccountManagement namespace provides uniform access and manipulation of user, computer, and group security principals across the multiple principal stores: Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), and Machine SAM (MSAM). System.DirectoryServices.AccountManagement manages directory objects independent of the System.DirectoryServices namespace.

ClassDescription
System_CAPS_pubclassAdvancedFilters

This class provides writable access to certain attributes so that users can modify read-only properties of the "dummy" principal object that is passed to a PrincipalSearcher object when using Query By Example.

System_CAPS_pubclassAuthenticablePrincipal

Encapsulates the account and contact data common to principals that can be authenticated.

System_CAPS_pubclassComputerPrincipal

Encapsulates principals that are computer accounts.

System_CAPS_pubclassDirectoryObjectClassAttribute

Represents the schema object that is used to create an object of this type in the directory. This attribute is required for principal extensions and can only be set on classes.

System_CAPS_pubclassDirectoryPropertyAttribute

Contains the data required by the store to map a principal property to a directory attribute. This attribute is required for principal extensions and can only be set on a property. It must be specified on every property that represents a directory attribute in the extended class.

System_CAPS_pubclassDirectoryRdnPrefixAttribute

The RDN prefix used to construct the RDN for the new object that is inserted into the store. The default RDN prefix of "CN" is used by the Account Management API if this attribute is not set. This attribute is optional and can only be set on principal extension classes.

System_CAPS_pubclassGroupPrincipal

Encapsulates group accounts. Group accounts can be arbitrary collections of principal objects or accounts created for administrative purposes.

System_CAPS_pubclassMultipleMatchesException

This exception is thrown by methods that expect to match a single principal object when there are multiple matches to the search query.

System_CAPS_pubclassNoMatchingPrincipalException

This exception is thrown when no matching principal object could be found with the specified parameters.

System_CAPS_pubclassPasswordException

This exception is thrown when a password does not meet complexity requirements.

System_CAPS_pubclassPrincipal

Encapsulates the account data and operations common to all security principals. This is the abstract base class from which all security principals are derived.

System_CAPS_pubclassPrincipalCollection

A mutable collection of objects derived from the Principal class. This class is designed to be used for multi-valued properties that contain Principals. Manipulating the contents of this collection changes the contents of the corresponding store property, which is made permanent when Save is called on the corresponding principal object.

System_CAPS_pubclassPrincipalContext

Encapsulates the server or domain against which all operations are performed, the container that is used as the base of those operations, and the credentials used to perform the operations.

System_CAPS_pubclassPrincipalException

The base class of exceptions thrown by System.DirectoryServices.AccountManagement objects.

System_CAPS_pubclassPrincipalExistsException

Thrown by T:System.DirectoryServices.AccountManagement.PrincipalCollection.Add when an attempt is made to insert a principal that already exists in the collection, or by N:System.DirectoryServices.AccountManagement.Principal.Save when an attempt is made to save a new principal that already exists in the store.

System_CAPS_pubclassPrincipalOperationException

Thrown when ADSI returns an error during an operation to update the store.

System_CAPS_pubclassPrincipalSearcher

Encapsulates the methods and search patterns used to execute a query against the underlying principal store.

System_CAPS_pubclassPrincipalSearchResult<T>

Returns a collection of Principal objects that are returned by a search.

System_CAPS_pubclassPrincipalServerDownException

This exception is thrown when the API is unable to connect to the server.

System_CAPS_pubclassPrincipalValueCollection<T>

Multi-valued properties, such as PermittedWorkstations, have a value of the type PrincipalValueCollection<T>. This class provides methods to enumerate and manipulate those values.

System_CAPS_pubclassUserPrincipal

Encapsulates principals that are user accounts.

EnumerationDescription
System_CAPS_pubenumContextOptions

Specifies the options that are used for binding to the server. The application can set multiple options that are linked with a bitwise OR operation.

System_CAPS_pubenumContextType

Specifies the type of store to which the principal belongs.

System_CAPS_pubenumGroupScope

Specifies the scope of the group principal.

System_CAPS_pubenumIdentityType

Specifies the format of the identity.

System_CAPS_pubenumMatchType

The MatchType enumeration specifies the type of comparison used in a search.

Managed directory services applications can take advantage of the T:System.DirectoryServices.AccountManagement API to simplify management of user, computer and group principals. Solutions that previously required intricate knowledge of the store or lengthy code, such as finding all groups to which a user belongs, are accomplished in a few lines of code with the T:System.DirectoryServices.AccountManagement API.

The following features are available on the T:System.DirectoryServices.AccountManagement API:

  • Basic directory operations such as creating and updating security principals is simplified. The application requires less knowledge of the underlying stores to perform these operations.

  • Applications can extend the object model to include new types of directory objects.

  • Account management tasks, such as enabling and disabling a user account, are simplified.

  • Cross-store support allows group objects in the Active Directory Domain Services (AD DS), Active Directory Lightweight Directory Services (AD LDS), and Machine SAM (MSAM) databases to contain members from different types of stores.

  • Query by example searching, available on the T:System.DirectoryServices.AccountManagement.PrincipalaSearcher class, enables applications to set properties on a principal object and search the selected store for other objects that contain matching property values.

  • Enhanced search on computer, user and group principal objects enables applications to search the selected store for matching principal objects.

  • Recursive search, available on the group principal object, enables applications to search a group recursively and return only principal objects that are leaf nodes.

  • Credential validation against the Machine SAM, AD DS, and AD LS stores is simplified.

  • Connections speeds are increased by using the Fast Concurrent Bind (FSB) feature when available. Connection caching decreases the number of ports used.

System.DirectoryServices
System.DirectoryServices.AccountManagement Namespace Overview

Return to top
Show:
© 2016 Microsoft