Creating Active Directory Contacts using

I need to create an application syncing 2 Active Directories: For each User in Actice Directory A, a Contact-Document should be created in Active Directory B. .net Framework already provides System.DirectoryServices for this purpose. Doing some tests I got the following  System.DirectoryServices.DirectoryServicesCOMException: “The server is unwilling to process the request.” OK, maybe I should wait some minutes until the server is willing to process my request? Or maybe after weekend? That was not an option 😉 Searching around I found several solutions, e.g. properties were not written case-sensitive or typing errors.

The server is unwilling to process the request.

For me it was in the creation: On ADRoot.Children.Add it’s important to specify the common name with a leading ‘CN=’, e.g. ADRoot.Children.Add(“CN=Testuser”, “contact”). Take care: The name (“CN=Testuser”) is the unique key for contacts. You could not create 2 contacts with the same name. For type ‘user’ the emailaddress is the key, but for ‘contact’ it’s the name. In fact you could have several contacts with the same email address. So while testing remember to add a counter to the name, e.g. “CN=Testuser1”, “CN=Testuser2” etc.

The attribute syntax specified to the directory service is invalid.

So on to the next System.DirectoryServices.DirectoryServicesCOMException: “The attribute syntax specified to the directory service is invalid.” Unfortunately it does not say which attribute. So I added only ‘mail’, that worked fine. But after adding ‘mobile’ I got this exception. Strange, because ‘mobile’ is a correct attribute. The reason: The source user does not have a mobile number, so it’s empty string. But it’s not possible to set an empty string as value to an attribute. So before adding a property it’s necessary to check whether the value is not null or empty!Next error message:

An invalid dn syntax has been specified.

“System.DirectoryServices.DirectoryServicesCOMException: An invalid dn syntax has been specified.” Some ADs have a cn structure like ‘Lastname, Firstname’ but commas are not allowed in ‘cn’ when you create a contact. Checking existing AD entries shows that commas are escaped by a leading backslash, so in case of a comma (and probably some other characters) you have to use ‘Lastname\, Firstname’ as ‘cn’. If you use the cn also as displayname take care to NOT add a backslash there because displayname could take ‘Lastname, Firstname’ without problems.

Another interesting part: If you are using a dedicated User, it’s necessary to use ‘New DirectoryEntry(LDAP, username, password)’ instead of ‘New DirectoryEntry(LDAP)’ when you are accessing an existing AD Account. It does not matter whether you accessed the AD already with the dedicated user, you still need to provide the username and password on every access.If you need to do futher AD Tasks check out as it contains lots of samples. There is a version also available at but e.g. in Sample 4 the ‘End Sub’ is missing and you should also add ‘If not String.IsNullOrWhitespace(PropertyValue)’. I did not check the other examples.

Leave a Comment