Error While enumerating group membership on local machine

1
votes

I am trying to check if a user is a member of a group like:

if (conditionalGroup != null)
            {
                if (!currentUser.IsMemberOf(conditionalGroup))
                {
                    _logger.Debug("Adding user to Specific group.");
                    conditionalGroup.Members.Add(currentUser);
                    conditionalGroup.Save();
                }

                conditionalGroup.Dispose();
            }

However it fails with this: An error (1789) occurred while enumerating the group membership. The member's SID could not be resolved.

This group is the Users group on the local machine. I also do the same thing with the IIS_IUSRS group and that one is fine. This just started today on my build machine and has always worked before. Is this a bug or am I doing something wrong?

Here is how I create the User:

pc = new PrincipalContext(ContextType.Machine); currentUser = UserPrincipal.FindByIdentity(pc, u.UserName);

            if (currentUser == null)
            {
                currentUser = new UserPrincipal(pc)
                    {
                        Name = u.UserName,
                        Description = u.UserDescription,
                        UserCannotChangePassword = false,
                        PasswordNeverExpires = true
                    };

                currentUser.SetPassword(u.UserPassword);
                currentUser.Save();
            }
1
c#

1 Answers

2
votes

On Windows, you usually see all users and groups with their names. But. sometimes occassionally you find a user or group that is displayed not by name, but by it's SID. This happens when the System find an entry that claims to refer to such ID, but the ID is not registered or not found in the System's name table/database.

The easiest way to see that is to borrow someone's pendrive with NTFS partition on it and some user-files created on remote machine that has different accounts. Browse, rightclick, see Permissions, voila lots of SIDs.

Start with inspecting your group that 'fails', ie. in SystemTools there's an applet ComputerManagement where you can browse most of the User and Groups registrations. View that Group, see its members and check if all of them are seen by-name, and none by "S-1-5..." number. If you find numeric one, try checking the classification support.microsoft.com/kb/243330 - maybe you will guess how that user got added there and why he is unnamed.

Anyways, which line of that code fails actually? IsMemberOf or Members.Add or Save?