Here’s a list of some findings about Active Directory (From a .NET perspective: Is the only reason it’s not backed by SQL server to legitimize the DirectoryServices namespace?):
- When clearing a value, setting it to an empty string doesn’t work. When you want to clear a value (using DirectoryServices), set it to null rather than empty string or you’ll get a DirectoryServiceCOMException (with the dreaded HRESULT: 0x8007200B) for your troubles. If you’re doing it in script, here’s a better explanation. I believe this is because Active Directory does not store empty values. It’s a big ol’ property bag.
- Documentation on Active Directory seems difficult to find. Here’s a collection of a few links I have found helpful:
- Active Directory Schema
- Active Directory Explorer. GET THIS!
- Active Directory Users and Computers. Pretty essential
- Remember, you’re working with COM under the hood (DirectoryServices is just an interop layer on top of the COM interfaces). DirectoryEntry and DirectorySearcher implement IDisposable. Employing the using statement to ensure proper disposal is just good form.
- User Attributes. good list though pay attention as the schema may have changed slightly for the version of AD you are working with.
- Some properties are not single-valued (they’re an array). Use PropertyCollection.IDictionary.Add to add values to the property and set the value at the index to null if you want to clear one of them (see finding #1 above).