Hi everyone,
I'm attempting to assign security to a Distribution Group with the code shown below but I keep getting a "This access control list is not in canonical form and therefore cannot be modified." exception.
This is the only Distribution Group I have trouble applying security to. I've compared the Active Directory attributes with the other Distribution Groups we have in our organisation and the only difference is hideDLMembership=TRUE. This attribute is not set to TRUE (or even evident) in any of the other Groups. Would this make a difference or is it something totally different? Any nudges in the right direction would be greatly appreciated. Thanks.
DirectoryEntry myEntry = new DirectoryEntry(groupPath, sovLogin, sovPassword, AuthenticationTypes.Secure);
myEntry.Options.SecurityMasks = SecurityMasks.Dacl;
ActiveDirectorySecurity adSecurity = myEntry.ObjectSecurity;
byte[] clientSID = GetGroupSID(login);//gets the sid of the user to implicitly identify the user
SecurityIdentifier sid = new SecurityIdentifier(clientSID, 0);
Guid myGuid = new Guid("bf9679c0-0de6-11d0-a285-00aa003049e2");
ActiveDirectoryAccessRule rule = new ActiveDirectoryAccessRule(sid, ActiveDirectoryRights.WriteProperty, AccessControlType.Allow, myGuid);
adSecurity.AddAccessRule(rule);