System.Directoryservices getting TxIsolationLevel exeption?

[Robert Wallström]

Hi
I am trying to add a user to a group in Active Directory using
System.Directory
Services

But when I CommitChanges() I get the following exeption:

(In swedish, I use a swedish version of XP-pro)
"Egenskapen TxIsolationLevel för den COM+-komponent som skapas är starkare
är TxIsolationLevel för transaktionens rotkomponent. Objektet kunde inte
skapas."

Freely interpreted to English:
"The property TxIsolationLevel for the COM+-component that is being created
is stronger than
TxIsolationLevel for the transaktions rootcomponent. The object could not be
created."

My code:
public class AdManipulator

{

private DirectoryEntry root;

private DirectorySearcher adSearcher;

private string topDomain;

private string domain;

private string manipulatorName;

private string manipulatorPass;

private string path;



public AdManipulator(string newManipulatorName, string
newManipulatorPass,string newAdDomain)

{

topDomain = newAdDomain.Substring(newAdDomain.IndexOf(".") + 1);

domain = newAdDomain.Substring(0,newAdDomain.IndexOf("."));

path = "LDAP://DC=" + domain + ",DC=" + topDomain;

manipulatorName = newManipulatorName;

manipulatorPass = newManipulatorPass;

root = new DirectoryEntry();

root.Username = newManipulatorName;

root.Password = newManipulatorPass;

root.Path = path;

root.AuthenticationType = AuthenticationTypes.Secure;

adSearcher = new DirectorySearcher(root);


}

//Below is the method wich casts exeption...

public bool addUserToGroup(AdUser user)

{

try

{

adSearcher.Filter = "(sAMAccountName=" + user.Username + ")";

SearchResult res = adSearcher.FindOne();

if(res == null)

{

throw new Exception("Error no such user!\n");

}

DirectoryEntry deUser = new DirectoryEntry(res.Path);

foreach(string st in user.Groups)

{

adSearcher.Filter = "(CN=" + st + ")";

res = adSearcher.FindOne();

if(res != null)

{

DirectoryEntry group = new DirectoryEntry(res.Path);

group.Properties["member"].Add(deUser.Properties["distinguishedName"].Value)
;

group.CommitChanges();//on executing this row I get an exeption...

}

}

}

catch(Exception ex)

{

throw new Exception("Error adding user to group.\n" + ex.Message);

}

return true;


}

}

//Bellow is the classhead for the AdUser object this is just a

//object wich carries data about a specific user..

//this object is used in addUserToGroup(AdUser user)

public class AdUser

{


//Common user variables, more could be used..

private string username;

private string password;

private string givenname;

private string initials;

private string surname;

private string displayname;

private string discription;

private string telephoneNumber;

private string mail;

private string url;

private StringCollection groups = new StringCollection();

}



Have anyone got an similar exeption?

Or might anyone se what Im doing wrong in my code..

Thank you...

 

[Joe Kaplan \(MVP - ADSI\)]

It sounds like the error is related to COM+. Can you get the code to work
outside of COM+ (in a console app for example)?

Joe K.

Hi
I am trying to add a user to a group in Active Directory using
System.Directory
Services

But when I CommitChanges() I get the following exeption:

(In swedish, I use a swedish version of XP-pro)
"Egenskapen TxIsolationLevel för den COM+-komponent som skapas är starkare
är TxIsolationLevel för transaktionens rotkomponent. Objektet kunde inte
skapas."

Freely interpreted to English:
"The property TxIsolationLevel for the COM+-component that is being created
is stronger than
TxIsolationLevel for the transaktions rootcomponent. The object could not be
created."

My code:
public class AdManipulator

{

private DirectoryEntry root;

private DirectorySearcher adSearcher;

private string topDomain;

private string domain;

private string manipulatorName;

private string manipulatorPass;

private string path;



public AdManipulator(string newManipulatorName, string
newManipulatorPass,string newAdDomain)

{

topDomain = newAdDomain.Substring(newAdDomain.IndexOf(".") + 1);

domain = newAdDomain.Substring(0,newAdDomain.IndexOf("."));

path = "LDAP://DC=" + domain + ",DC=" + topDomain;

manipulatorName = newManipulatorName;

manipulatorPass = newManipulatorPass;

root = new DirectoryEntry();

root.Username = newManipulatorName;

root.Password = newManipulatorPass;

root.Path = path;

root.AuthenticationType = AuthenticationTypes.Secure;

adSearcher = new DirectorySearcher(root);


}

//Below is the method wich casts exeption...

public bool addUserToGroup(AdUser user)

{

try

{

adSearcher.Filter = "(sAMAccountName=" + user.Username + ")";

SearchResult res = adSearcher.FindOne();

if(res == null)

{

throw new Exception("Error no such user!\n");

}

DirectoryEntry deUser = new DirectoryEntry(res.Path);

foreach(string st in user.Groups)

{

adSearcher.Filter = "(CN=" + st + ")";

res = adSearcher.FindOne();

if(res != null)

{

DirectoryEntry group = new DirectoryEntry(res.Path);

group.Properties["member"].Add(deUser.Properties["distinguishedName"].Value)
;

group.CommitChanges();//on executing this row I get an exeption...

}

}

}

catch(Exception ex)

{

throw new Exception("Error adding user to group.\n" + ex.Message);

}

return true;


}

}

//Bellow is the classhead for the AdUser object this is just a

//object wich carries data about a specific user..

//this object is used in addUserToGroup(AdUser user)

public class AdUser

{


//Common user variables, more could be used..

private string username;

private string password;

private string givenname;

private string initials;

private string surname;

private string displayname;

private string discription;

private string telephoneNumber;

private string mail;

private string url;

private StringCollection groups = new StringCollection();

}



Have anyone got an similar exeption?

Or might anyone se what Im doing wrong in my code..

Thank you...

 

[Robert Wallström]

Hi Joe.. and thank you for your reply.

In your answer you wondered if I could get my code to work outside of COM+,
I must admit that I dont really know what COM+ is/means and there for cant
answer that question.

Allthough when I test my code I test it in a consoleapplication project,
with a an easy "static void main(string args[]) method. (code at the of this
message).

I dont know if this makes any different but I am trying to add a user
previously just created..(maybe there is some kind of restriction on doing
so, if so is there a way around it?)

I dont know if this led you closer to my problem, but any answer is
appreciated..

Thank you once again..

//Below is another method from my AdManipulator class
//supplymented as description to my consoleapplication test class
public bool createUser(AdUser newUser)

{

try

{

/*the call below is executed whitout any execption and the user is added

to the Active directory..no problem here (I hope;-))

*/

DirectoryEntry user = addUserAccount(newUser);

/*the call below is executed whitout any execption and the user's password
is set

...no problem here (I hope;-))

*/

setUserPassword(user, newUser.Password);

/*the call below is executed whitout any execption and the user is enabled

...no problem here (I hope;-))

*/

enableUser(user);

if(newUser.Groups.Count > 0)

{

//the call below is the one that throws an exeption(look in previous post
for method code)

addUserToGroup(newUser);

}

}

catch(Exception ex)

{

throw new Exception("Error creating user.\n" + ex.Message);

}

return true;

}



//Bellow is my Consoleapplication test class..
class Class1

{

/// <summary>

/// The main entry point for the application.

/// </summary>

[STAThread]

static void Main(string[] args)

{

AdManipulator adm = new AdManipulator("adminuser","password","domain.com");

Console.Write("New user\nSupply new username:");

AdUser user = new AdUser(Console.ReadLine());

Console.Write("Supply password:");

user.Password = Console.ReadLine();

Console.Write("Supply group:");

user.addGroup(Console.ReadLine());

if(adm.createUser(user))

{

Console.WriteLine("Sucess!");

}

Console.ReadLine();

}

}

It sounds like the error is related to COM+. Can you get the code to work
outside of COM+ (in a console app for example)?

Joe K.

Hi
I am trying to add a user to a group in Active Directory using
System.Directory
Services

But when I CommitChanges() I get the following exeption:

(In swedish, I use a swedish version of XP-pro)
"Egenskapen TxIsolationLevel för den COM+-komponent som skapas är starkare
är TxIsolationLevel för transaktionens rotkomponent. Objektet kunde inte
skapas."

Freely interpreted to English:
"The property TxIsolationLevel for the COM+-component that is being created
is stronger than
TxIsolationLevel for the transaktions rootcomponent. The object could

not

be
created."

My code:
public class AdManipulator

{

private DirectoryEntry root;

private DirectorySearcher adSearcher;

private string topDomain;

private string domain;

private string manipulatorName;

private string manipulatorPass;

private string path;



public AdManipulator(string newManipulatorName, string
newManipulatorPass,string newAdDomain)

{

topDomain = newAdDomain.Substring(newAdDomain.IndexOf(".") + 1);

domain = newAdDomain.Substring(0,newAdDomain.IndexOf("."));

path = "LDAP://DC=" + domain + ",DC=" + topDomain;

manipulatorName = newManipulatorName;

manipulatorPass = newManipulatorPass;

root = new DirectoryEntry();

root.Username = newManipulatorName;

root.Password = newManipulatorPass;

root.Path = path;

root.AuthenticationType = AuthenticationTypes.Secure;

adSearcher = new DirectorySearcher(root);


}

//Below is the method wich casts exeption...

public bool addUserToGroup(AdUser user)

{

try

{

adSearcher.Filter = "(sAMAccountName=" + user.Username + ")";

SearchResult res = adSearcher.FindOne();

if(res == null)

{

throw new Exception("Error no such user!\n");

}

DirectoryEntry deUser = new DirectoryEntry(res.Path);

foreach(string st in user.Groups)

{

adSearcher.Filter = "(CN=" + st + ")";

res = adSearcher.FindOne();

if(res != null)

{

DirectoryEntry group = new DirectoryEntry(res.Path);

group.Properties["member"].Add(deUser.Properties["distinguishedName"].Value)

;

group.CommitChanges();//on executing this row I get an exeption...

}

}

}

catch(Exception ex)

{

throw new Exception("Error adding user to group.\n" + ex.Message);

}

return true;


}

}

//Bellow is the classhead for the AdUser object this is just a

//object wich carries data about a specific user..

//this object is used in addUserToGroup(AdUser user)

public class AdUser

{


//Common user variables, more could be used..

private string username;

private string password;

private string givenname;

private string initials;

private string surname;

private string displayname;

private string discription;

private string telephoneNumber;

private string mail;

private string url;

private StringCollection groups = new StringCollection();

}



Have anyone got an similar exeption?

Or might anyone se what Im doing wrong in my code..

Thank you...

 

[Joe Kaplan \(MVP - ADSI\)]

Well, your error mentioned COM+ and transaction levels, so it looked like
you might be running this code inside of COM+/Enterprise Services. It seems
very unlikely that you would have done that on accident though as it
requires significant effort.

One general problem I see with your code is that you are catching the
exception that was thrown and rethrowing it with a more generic exception.
As a general rule, class library developers should never do this.
Essentially, you lose the context of the original exception including the
stack trace and add no value. If you ever do catch and rethrow, you should
just call throw without any arguments. This is covered in more detail in
the .NET Design Guidelines in MSDN. The only real reason to catch and
rethrow would be to add some debug or tracing information about the error
though.

The reason I bring this up is that it would be helpful to know what the type
is on the exception that gets thrown and what the stack trace is (you can
call ToString to print this out). Normally, adding a user to a group fails
because there are permissions issues, the user is already in the group, or
there is something about the object you are adding to the group that makes
it not valid to be a member of the group (this happens when you try to nest
the wrong types of groups for example).

Joe K.

Hi Joe.. and thank you for your reply.

In your answer you wondered if I could get my code to work outside of COM+,
I must admit that I dont really know what COM+ is/means and there for cant
answer that question.

Allthough when I test my code I test it in a consoleapplication project,
with a an easy "static void main(string args[]) method. (code at the of this
message).

I dont know if this makes any different but I am trying to add a user
previously just created..(maybe there is some kind of restriction on doing
so, if so is there a way around it?)

I dont know if this led you closer to my problem, but any answer is
appreciated..

Thank you once again..

//Below is another method from my AdManipulator class
//supplymented as description to my consoleapplication test class
public bool createUser(AdUser newUser)

{

try

{

/*the call below is executed whitout any execption and the user is added

to the Active directory..no problem here (I hope;-))

*/

DirectoryEntry user = addUserAccount(newUser);

/*the call below is executed whitout any execption and the user's password
is set

..no problem here (I hope;-))

*/

setUserPassword(user, newUser.Password);

/*the call below is executed whitout any execption and the user is enabled

..no problem here (I hope;-))

*/

enableUser(user);

if(newUser.Groups.Count > 0)

{

//the call below is the one that throws an exeption(look in previous post
for method code)

addUserToGroup(newUser);

}

}

catch(Exception ex)

{

throw new Exception("Error creating user.\n" + ex.Message);

}

return true;

}



//Bellow is my Consoleapplication test class..
class Class1

{

/// <summary>

/// The main entry point for the application.

/// </summary>

[STAThread]

static void Main(string[] args)

{

AdManipulator adm = new AdManipulator("adminuser","password","domain.com");

Console.Write("New user\nSupply new username:");

AdUser user = new AdUser(Console.ReadLine());

Console.Write("Supply password:");

user.Password = Console.ReadLine();

Console.Write("Supply group:");

user.addGroup(Console.ReadLine());

if(adm.createUser(user))

{

Console.WriteLine("Sucess!");

}

Console.ReadLine();

}

}



"Joe Kaplan (MVP - ADSI)" <[email protected]> skrev i
meddelandet news:[email protected]...

It sounds like the error is related to COM+. Can you get the code to work
outside of COM+ (in a console app for example)?

Joe K.

not

group.Properties["member"].Add(deUser.Properties["distinguishedName"].Value)

 

[Robert Wallström]

Hi again Joe..

I followed your recomendation regarding the exceptionhandeling.
This eventually resolved my issue..

It tourned out that the exception thrown had to do with accessrights.
(I could read that out of the exception after I had changed my handeling
like you recommended)

I might mention for anyone else reading this post that;
You (apperently) must bind and set appropriate authentication cridentials to
the object you currently are
manipulating..

This did work:
DirectoryEntry root = new DirectoryEntry();

root.Path = someLDAPpath

root.Username = someusername;//the first time I set username and password

root.Password = somepassword;

root.AuthenticationType = AuthenticationTypes.Secure;

DirectorySearcher searcher = new DirectorySearcher(root);

searcher.Filter = "(sAMAccountName=" + someUsernametosearchfor + ")";

SearchResult res = searcher.FindOne();

root.Close();

root.Dispose();

if(res == null)

{

return false;

}

DirectoryEntry deUser = new DirectoryEntry();

deUser.Username = someusername;//NOTE!! here I set the username and password
again but on a different object

deUser.Password = somepassword;

deUser.Path = res.Path;//here I set the paht pointing to the user that I
earlier searched for

deUser.AuthenticationType = AuthenticationTypes.Secure;

deUser.Invoke("SetPassword", new object[] {"somenewpassword"});

deUser.CommitChanges();

deUser.Close();

deUser.Dispose();



This did not work:

DirectoryEntry root = new DirectoryEntry();

root.Path = someLDAPpath;

root.Username = someusername;

root.Password = somepassword;

root.AuthenticationType = AuthenticationTypes.Secure;

DirectorySearcher searcher = new DirectorySearcher(root);

searcher.Filter = "(sAMAccountName=" + someusernametosearchfor + ")";

SearchResult res = searcher.FindOne();

if(res == null)

{

return false;

}

DirectoryEntry deUser = new DirectoryEntry(res.path);

deUser.Invoke("SetPassword", new object[] {user.Password});

deUser.CommitChanges();



Maybe someone knows if my assuption is correct, eg you MUST bind (with
cridentials)to the object you currenly are

manipulatin??

Anyhow thank you once again Joe..

Robert Wallström

Well, your error mentioned COM+ and transaction levels, so it looked like
you might be running this code inside of COM+/Enterprise Services. It seems
very unlikely that you would have done that on accident though as it
requires significant effort.

One general problem I see with your code is that you are catching the
exception that was thrown and rethrowing it with a more generic exception.
As a general rule, class library developers should never do this.
Essentially, you lose the context of the original exception including the
stack trace and add no value. If you ever do catch and rethrow, you should
just call throw without any arguments. This is covered in more detail in
the .NET Design Guidelines in MSDN. The only real reason to catch and
rethrow would be to add some debug or tracing information about the error
though.

The reason I bring this up is that it would be helpful to know what the type
is on the exception that gets thrown and what the stack trace is (you can
call ToString to print this out). Normally, adding a user to a group fails
because there are permissions issues, the user is already in the group, or
there is something about the object you are adding to the group that makes
it not valid to be a member of the group (this happens when you try to nest
the wrong types of groups for example).

Joe K.

Hi Joe.. and thank you for your reply.

In your answer you wondered if I could get my code to work outside of COM+,
I must admit that I dont really know what COM+ is/means and there for cant
answer that question.

Allthough when I test my code I test it in a consoleapplication project,
with a an easy "static void main(string args[]) method. (code at the of this
message).

I dont know if this makes any different but I am trying to add a user
previously just created..(maybe there is some kind of restriction on doing
so, if so is there a way around it?)

I dont know if this led you closer to my problem, but any answer is
appreciated..

Thank you once again..

//Below is another method from my AdManipulator class
//supplymented as description to my consoleapplication test class
public bool createUser(AdUser newUser)

{

try

{

/*the call below is executed whitout any execption and the user is added

to the Active directory..no problem here (I hope;-))

*/

DirectoryEntry user = addUserAccount(newUser);

/*the call below is executed whitout any execption and the user's password
is set

..no problem here (I hope;-))

*/

setUserPassword(user, newUser.Password);

/*the call below is executed whitout any execption and the user is enabled

..no problem here (I hope;-))

*/

enableUser(user);

if(newUser.Groups.Count > 0)

{

//the call below is the one that throws an exeption(look in previous post
for method code)

addUserToGroup(newUser);

}

}

catch(Exception ex)

{

throw new Exception("Error creating user.\n" + ex.Message);

}

return true;

}



//Bellow is my Consoleapplication test class..
class Class1

{

/// <summary>

/// The main entry point for the application.

/// </summary>

[STAThread]

static void Main(string[] args)

{

AdManipulator adm = new AdManipulator("adminuser","password","domain.com");

Console.Write("New user\nSupply new username:");

AdUser user = new AdUser(Console.ReadLine());

Console.Write("Supply password:");

user.Password = Console.ReadLine();

Console.Write("Supply group:");

user.addGroup(Console.ReadLine());

if(adm.createUser(user))

{

Console.WriteLine("Sucess!");

}

Console.ReadLine();

}

}



"Joe Kaplan (MVP - ADSI)" <[email protected]>

skrev

i
meddelandet news:[email protected]... could
not

group.Properties["member"].Add(deUser.Properties["distinguishedName"].Value)

 

[Joe Kaplan \(MVP - ADSI\)]

Yes, if you are supplying credentials, you must do so with each new bind.

When you use the DirectorySearcher, it will search the directory using the
rights of the account that was used to create its SearchRoot object. If you
use the SearchResult::GetDirectoryEntry method, it inherits the security
context from the SearchRoot too (unless you are using .NET 1.0 in which case
there is a bug and it will default to the current thread security context
regardless of credentials).

Glad that fixed it.

Joe K.

Hi again Joe..

I followed your recomendation regarding the exceptionhandeling.
This eventually resolved my issue..

It tourned out that the exception thrown had to do with accessrights.
(I could read that out of the exception after I had changed my handeling
like you recommended)

I might mention for anyone else reading this post that;
You (apperently) must bind and set appropriate authentication cridentials to
the object you currently are
manipulating..

This did work:
DirectoryEntry root = new DirectoryEntry();

root.Path = someLDAPpath

root.Username = someusername;//the first time I set username and password

root.Password = somepassword;

root.AuthenticationType = AuthenticationTypes.Secure;

DirectorySearcher searcher = new DirectorySearcher(root);

searcher.Filter = "(sAMAccountName=" + someUsernametosearchfor + ")";

SearchResult res = searcher.FindOne();

root.Close();

root.Dispose();

if(res == null)

{

return false;

}

DirectoryEntry deUser = new DirectoryEntry();

deUser.Username = someusername;//NOTE!! here I set the username and password
again but on a different object

deUser.Password = somepassword;

deUser.Path = res.Path;//here I set the paht pointing to the user that I
earlier searched for

deUser.AuthenticationType = AuthenticationTypes.Secure;

deUser.Invoke("SetPassword", new object[] {"somenewpassword"});

deUser.CommitChanges();

deUser.Close();

deUser.Dispose();



This did not work:

DirectoryEntry root = new DirectoryEntry();

root.Path = someLDAPpath;

root.Username = someusername;

root.Password = somepassword;

root.AuthenticationType = AuthenticationTypes.Secure;

DirectorySearcher searcher = new DirectorySearcher(root);

searcher.Filter = "(sAMAccountName=" + someusernametosearchfor + ")";

SearchResult res = searcher.FindOne();

if(res == null)

{

return false;

}

DirectoryEntry deUser = new DirectoryEntry(res.path);

deUser.Invoke("SetPassword", new object[] {user.Password});

deUser.CommitChanges();



Maybe someone knows if my assuption is correct, eg you MUST bind (with
cridentials)to the object you currenly are

manipulatin??

Anyhow thank you once again Joe..

Robert Wallström

"Joe Kaplan (MVP - ADSI)" <[email protected]> skrev i
meddelandet news:[email protected]...

Well, your error mentioned COM+ and transaction levels, so it looked like
you might be running this code inside of COM+/Enterprise Services. It seems
very unlikely that you would have done that on accident though as it
requires significant effort.

One general problem I see with your code is that you are catching the
exception that was thrown and rethrowing it with a more generic exception.
As a general rule, class library developers should never do this.
Essentially, you lose the context of the original exception including the
stack trace and add no value. If you ever do catch and rethrow, you should
just call throw without any arguments. This is covered in more detail in
the .NET Design Guidelines in MSDN. The only real reason to catch and
rethrow would be to add some debug or tracing information about the error
though.

The reason I bring this up is that it would be helpful to know what the type
is on the exception that gets thrown and what the stack trace is (you can
call ToString to print this out). Normally, adding a user to a group fails
because there are permissions issues, the user is already in the group, or
there is something about the object you are adding to the group that makes
it not valid to be a member of the group (this happens when you try to nest
the wrong types of groups for example).

Joe K.

Hi Joe.. and thank you for your reply.

In your answer you wondered if I could get my code to work outside of COM+,
I must admit that I dont really know what COM+ is/means and there for cant
answer that question.

Allthough when I test my code I test it in a consoleapplication project,
with a an easy "static void main(string args[]) method. (code at the

of
this

message).

I dont know if this makes any different but I am trying to add a user
previously just created..(maybe there is some kind of restriction on doing
so, if so is there a way around it?)

I dont know if this led you closer to my problem, but any answer is
appreciated..

Thank you once again..

//Below is another method from my AdManipulator class
//supplymented as description to my consoleapplication test class
public bool createUser(AdUser newUser)

{

try

{

/*the call below is executed whitout any execption and the user is added

to the Active directory..no problem here (I hope;-))

*/

DirectoryEntry user = addUserAccount(newUser);

/*the call below is executed whitout any execption and the user's password
is set

..no problem here (I hope;-))

*/

setUserPassword(user, newUser.Password);

/*the call below is executed whitout any execption and the user is enabled

..no problem here (I hope;-))

*/

enableUser(user);

if(newUser.Groups.Count > 0)

{

//the call below is the one that throws an exeption(look in previous post
for method code)

addUserToGroup(newUser);

}

}

catch(Exception ex)

{

throw new Exception("Error creating user.\n" + ex.Message);

}

return true;

}



//Bellow is my Consoleapplication test class..
class Class1

{

/// <summary>

/// The main entry point for the application.

/// </summary>

[STAThread]

static void Main(string[] args)

{

AdManipulator adm = new AdManipulator("adminuser","password","domain.com");

Console.Write("New user\nSupply new username:");

AdUser user = new AdUser(Console.ReadLine());

Console.Write("Supply password:");

user.Password = Console.ReadLine();

Console.Write("Supply group:");

user.addGroup(Console.ReadLine());

if(adm.createUser(user))

{

Console.WriteLine("Sucess!");

}

Console.ReadLine();

}

}



"Joe Kaplan (MVP - ADSI)" <[email protected]>

skrev

i
meddelandet It sounds like the error is related to COM+. Can you get the code

to
work

outside of COM+ (in a console app for example)?

Joe K.

Hi
I am trying to add a user to a group in Active Directory using
System.Directory
Services

But when I CommitChanges() I get the following exeption:

(In swedish, I use a swedish version of XP-pro)
"Egenskapen TxIsolationLevel för den COM+-komponent som skapas är
starkare
är TxIsolationLevel för transaktionens rotkomponent. Objektet

kunde
inte

skapas."

Freely interpreted to English:
"The property TxIsolationLevel for the COM+-component that is being
created
is stronger than
TxIsolationLevel for the transaktions rootcomponent. The object could
not
be
created."

My code:
public class AdManipulator

{

private DirectoryEntry root;

private DirectorySearcher adSearcher;

private string topDomain;

private string domain;

private string manipulatorName;

private string manipulatorPass;

private string path;



public AdManipulator(string newManipulatorName, string
newManipulatorPass,string newAdDomain)

{

topDomain = newAdDomain.Substring(newAdDomain.IndexOf(".") + 1);

domain = newAdDomain.Substring(0,newAdDomain.IndexOf("."));

path = "LDAP://DC=" + domain + ",DC=" + topDomain;

manipulatorName = newManipulatorName;

manipulatorPass = newManipulatorPass;

root = new DirectoryEntry();

root.Username = newManipulatorName;

root.Password = newManipulatorPass;

root.Path = path;

root.AuthenticationType = AuthenticationTypes.Secure;

adSearcher = new DirectorySearcher(root);


}

//Below is the method wich casts exeption...

public bool addUserToGroup(AdUser user)

{

try

{

adSearcher.Filter = "(sAMAccountName=" + user.Username + ")";

SearchResult res = adSearcher.FindOne();

if(res == null)

{

throw new Exception("Error no such user!\n");

}

DirectoryEntry deUser = new DirectoryEntry(res.Path);

foreach(string st in user.Groups)

{

adSearcher.Filter = "(CN=" + st + ")";

res = adSearcher.FindOne();

if(res != null)

{

DirectoryEntry group = new DirectoryEntry(res.Path);

group.Properties["member"].Add(deUser.Properties["distinguishedName"].Value)