Assigns a trustee to a role at the zone or computer level.


IRoleAssignment Assign(DirectoryEntry trusteeDE, IComputer computer)
IRoleAssignment Assign(DirectoryEntry trusteeDE, IZone zone)
IRoleAssignment Assign(SearchResult trusteeSR, Icomputer computer)
IRoleAssignment Assign(SearchResult trusteeSR, IZone zone)
IRoleAssignment Assign(string trusteeDN, IComputer computer)
IRoleAssignment Assign(string trusteeDN, IZone zone)


Use the following parameters with this method.

Parameter Description


The directory entry for the trustee (user or group) you want to add.


The directory entry for a trustee specified as a search result.


The trustee specified as a distinguished name.


The computer to which you want to add the role.


The zone to which you want to add the role.

Return value

The role assignment that includes the specified trustee. This role assignment is not stored in Active Directory until you call the RoleAssignment:Commitmethod.


The Assign(DirectoryEntry trusteeDE, IComputer computer), Assign(SearchResult trusteeSr, IComputer computer), Assign(DirectoryEntry trusteeDE, IZone zone) and Assign(SearchResult trusteeSr, IZone zone)methods are available only for .NET‑based programs.


Assign may throw one of the following exceptions:

  • ApplicationException if the trustee is not a user or a group, you attempt to assign a role to a zone other than the containing or child zone, the method fails to create a role assignment (see the message returned by the exception for the reason), the method cannot find the trustee object or distinguished name in the specified search result, or the method cannot find the trustee.
  • ArgumentException if any parameter is null or empty.