Folder permissions. Some or all of the identifier references may not be translated

Question

Folder permissions. Some or all of the identifier references may not be translated

I would like to set the ACL of a folder on a remote server for a domain user, but always receive the following error:

Some or all of the identifier references may not be translated

What am I doing wrong?

This is my code:

string folderPath = @"\\remoteServer\testDirectory"     
string accountName = "domainUser"
string domainName = "mydomain";
accountName = domainName + "\\" + accountName;
//What rights are we setting?

//set on dir itself
FileSystemAccessRule accessRule = new FileSystemAccessRule(accountName, FileSystemRights.FullControl, AccessControlType.Allow);

DirectoryInfo dInfo = new DirectoryInfo(folderPath);
DirectorySecurity dSecurity = dInfo.GetAccessControl();
//dInfo.SetAccessControl(dSecurity);

dSecurity.AddAccessRule(accessRule);`

If I enter only userName

instead domainname\username

, permission will be set, but with "unknown account"

Did anyone help ...

Thanks in advance.

+2

c #

Blen Blentoza Dec 31. '15 at 9:29

source to share

3 answers

Blen Blentoza · Answer 1 · 2014-12-31T15:17:46+0000

I found a solution to this problem. A SecurityIdentifier object created with the SID of the user you want to allow should be created. See my solution code.

https://social.msdn.microsoft.com/Forums/de-DE/682e88c0-e044-46f9-8b5d-55f185e85a1a/directory-acl-berechtigung?forum=visualcsharpde&prof=required

HeonAle · Answer 2 · 2018-06-27T18:02:36+0000

From Blaine's link:

// Get User from AD with System.DirectoryServices.AccountManagement; 
UserPrincipal user = GetPrinicpalBySamAccountName ( "userSamAccount" ); 
string usersid = user.Sid.ToString ();

SecurityIdentifier secIdentifierSid = new SecurityIdentifier ( usersid );  
FileSystemAccessRule AccessRule = new FileSystemAccessRule ( secIdentifierSid , FileSystemRights.FullControl, AccessControlType.Allow );

I changed it to use the SecurityIdentifier we created instead of just sending the SID. It seems to work.

amr ras · Answer 3 · 2019-05-15T20:38:34+0000

Improving HeonAle's answer:

The GetPrincipalBySamAccountName () method is undefined in .NET.

So, we need a way to get the principal that has the SID.

For the user:

                // set up domain context
                PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

                // find a user
                UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "UserName");
                string sid = user.Sid.ToString();

For the group:

                PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
                GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "GroupName");
                string sid = group.Sid.ToString();

Then the rest is the same:

SecurityIdentifier secIdentifierSid = new SecurityIdentifier ( sid );  
FileSystemAccessRule AccessRule = new FileSystemAccessRule ( secIdentifierSid , FileSystemRights.FullControl, AccessControlType.Allow );

Folder permissions. Some or all of the identifier references may not be translated

More articles: