/// <summary>
/// CheckMFAUser method implmentation
/// </summary>
private bool CheckMFAUser(UsersADDSRecord Parameters, string identity)
{
try
{
using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password))
{
string qryldap = "(&(objectCategory=person)(objectClass=user)(" + ADDSClaimsUtilities.GetADDSSearchAttribute() + "=" + identity + "))";
using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
{
dsusr.PropertiesToLoad.Clear();
dsusr.PropertiesToLoad.Add("objectGUID");
dsusr.PropertiesToLoad.Add("userPrincipalName");
dsusr.PropertiesToLoad.Add("sAMAccountName");
dsusr.PropertiesToLoad.Add("msDS-PrincipalName");
dsusr.ReferralChasing = ReferralChasingOption.All;
SearchResult sr = dsusr.FindOne();
if (sr != null)
{
return(sr.Properties["objectGUID"][0] != null);
}
}
}
}
catch (Exception ex)
{
DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5000);
// throw new Exception(ex.Message);
}
return(false);
}
/// <summary>
/// DoImportGroup method implementation
/// </summary>
private void DoImportGroup(DirectoryEntry DirEntry, MFAUniqueUserList users, UsersADDSRecord Parameters, bool disableall)
{
string distinguishedName = string.Empty;
string sidstr = string.Empty;
try
{
distinguishedName = DirEntry.Properties["distinguishedName"].Value.ToString();
byte[] SD = (byte[])DirEntry.Properties["objectSID"].Value;
string sid = new SecurityIdentifier(SD, 0).ToString();
sidstr = sid.Substring(sid.LastIndexOf("-") + 1);
using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password)) // Binding Root
{
string qryldap = string.Empty;
string subldap = string.Empty;
bool hasval1 = false;
bool hasval2 = false;
qryldap = "(| (&(objectCategory=group)(objectClass=group)(memberof=" + distinguishedName + ")) (&(objectCategory=user)(objectClass=user)(|(memberof=" + distinguishedName + ")(primaryGroupID=" + sidstr + "))";
if (Parameters.CreatedSince.HasValue)
{
subldap += "(whenCreated>=" + Parameters.CreatedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
hasval1 = true;
}
if (Parameters.ModifiedSince.HasValue)
{
subldap += "(whenChanged>=" + Parameters.ModifiedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
hasval2 = true;
}
if (hasval1 && hasval2)
{
qryldap += "(|" + subldap + ")";
}
else if (hasval1 || hasval2)
{
qryldap += subldap;
}
qryldap += "))";
using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
{
AddPropertiesToLoadForSearcher(dsusr, Parameters.MailAttribute, Parameters.PhoneAttribute);
dsusr.SizeLimit = 100000; // Set maxrows
dsusr.PageSize = 5000;
SearchResultCollection src = dsusr.FindAll();
if (src != null)
{
foreach (SearchResult sr in src)
{
using (DirectoryEntry SubDirEntry = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, sr))
{
int k = IsImportUser(SubDirEntry.Properties["objectClass"].Value);
switch (k)
{
case 1:
DoImportUser(SubDirEntry, users, Parameters, disableall);
break;
case 2:
if (!Parameters.NoRecurse)
{
DoImportGroup(SubDirEntry, users, Parameters, disableall);
}
break;
default:
break;
}
}
}
}
}
}
}
catch (Exception ex)
{
DataLog.WriteEntry("DN : " + distinguishedName + " SID : " + sidstr + " Error : " + ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100);
// throw new Exception(ex.Message);
}
}
/// <summary>
/// CleanMFAUsers method implementation
/// </summary>
public virtual List <string> CleanMFAUsers(UsersADDSRecord Parameters)
{
MFAUniqueDeletedUserList registrations = new MFAUniqueDeletedUserList();
try
{
using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password))
{
string qryldap = string.Empty;
qryldap = "(&(objectClass=user)(isDeleted=TRUE))";
using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
{
AddPropertiesToLoadForDeleted(dsusr);
dsusr.SizeLimit = 10000; // Set maxrows
dsusr.PageSize = 5000;
dsusr.ExtendedDN = ExtendedDN.Standard;
dsusr.Tombstone = true;
SearchResultCollection src = dsusr.FindAll();
if (src != null)
{
foreach (SearchResult sr in src)
{
string upn = string.Empty;
string sam = string.Empty;
if (sr.Properties.Contains("userPrincipalName"))
{
upn = sr.Properties["userPrincipalName"][0].ToString();
}
if (sr.Properties.Contains("sAMAccountName"))
{
sam = sr.Properties["sAMAccountName"][0].ToString();
}
if (!string.IsNullOrEmpty(upn) && !string.IsNullOrEmpty(sam))
{
string identity = string.Empty;
if (ADDSClaimsUtilities.GetADDSSearchAttribute().Equals("userPrincipalName"))
{
identity = upn;
}
else
{
identity = sam;
}
if (!CheckMFAUser(Parameters, identity))
{
registrations.AddOrUpdate(identity);
}
}
}
}
}
}
}
catch (Exception ex)
{
DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100);
throw new Exception(ex.Message);
}
return(registrations);
}
/// <summary>
/// ImportMFAUsers method implementation
/// </summary>
public virtual MFAUserList ImportMFAUsers(UsersADDSRecord Parameters, bool disableall = false)
{
if (!string.IsNullOrEmpty(Parameters.LDAPPath))
{
Parameters.LDAPPath = Parameters.LDAPPath.Replace("ldap://", "");
Parameters.LDAPPath = Parameters.LDAPPath.Replace("ldaps://", "");
Parameters.LDAPPath = Parameters.LDAPPath.Replace("LDAP://", "");
Parameters.LDAPPath = Parameters.LDAPPath.Replace("LDAPS://", "");
}
MFAUniqueUserList registrations = new MFAUniqueUserList();
try
{
using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, Parameters.LDAPPath))
{
string qryldap = string.Empty;
string subldap = string.Empty;
bool hasval1 = false;
bool hasval2 = false;
qryldap = "(|(&(objectCategory=group)(objectClass=group))(&(objectCategory=user)(objectClass=user)";
if (Parameters.CreatedSince.HasValue)
{
subldap += "(whenCreated>=" + Parameters.CreatedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
hasval1 = true;
}
if (Parameters.ModifiedSince.HasValue)
{
subldap += "(whenChanged>=" + Parameters.ModifiedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
hasval2 = true;
}
if (hasval1 && hasval2)
{
qryldap += "(|" + subldap + ")";
}
else if (hasval1 || hasval2)
{
qryldap += subldap;
}
qryldap += "))";
using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
{
AddPropertiesToLoadForSearcher(dsusr, Parameters.MailAttribute, Parameters.PhoneAttribute);
dsusr.SizeLimit = 100000; // Set maxrows
dsusr.PageSize = 5000;
SearchResultCollection src = dsusr.FindAll();
if (src != null)
{
foreach (SearchResult sr in src)
{
using (DirectoryEntry DirEntry = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, sr))
{
int k = IsImportUser(DirEntry.Properties["objectClass"].Value);
switch (k)
{
case 1:
DoImportUser(DirEntry, registrations, Parameters, disableall);
break;
case 2:
if (!Parameters.NoRecurse)
{
DoImportGroup(DirEntry, registrations, Parameters, disableall);
}
break;
default:
break;
}
}
}
}
}
}
}
catch (Exception ex)
{
DataLog.WriteEntry("Root : " + ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100);
// throw new Exception(ex.Message);
}
return(registrations);
}
/// <summary>
/// ImportMFAUsers method implementation
/// </summary>
public virtual MFAUserList ImportMFAUsers(string domain, string username, string password, string ldappath, DateTime?created, DateTime?modified, string mailattribute, string phoneattribute, PreferredMethod meth, bool usessl, bool disableall = false)
{
if (!string.IsNullOrEmpty(ldappath))
{
ldappath = ldappath.Replace("ldap://", "");
ldappath = ldappath.Replace("ldaps://", "");
ldappath = ldappath.Replace("LDAP://", "");
ldappath = ldappath.Replace("LDAPS://", "");
}
MFAUserList registrations = new MFAUserList();
try
{
using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(domain, username, password, ldappath, usessl))
{
string qryldap = string.Empty;
qryldap = "(&";
qryldap += "(objectCategory=user)(objectClass=user)" + ClaimsUtilities.BuildADDSUserFilter("*");
if (created.HasValue)
{
qryldap += "(whenCreated>=" + created.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
}
if (modified.HasValue)
{
qryldap += "(whenChanged>=" + modified.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
}
qryldap += ")";
using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
{
dsusr.PropertiesToLoad.Clear();
dsusr.PropertiesToLoad.Add("objectGUID");
dsusr.PropertiesToLoad.Add("userPrincipalName");
dsusr.PropertiesToLoad.Add("sAMAccountName");
dsusr.PropertiesToLoad.Add("msDS-PrincipalName");
dsusr.PropertiesToLoad.Add("userAccountControl");
if (!string.IsNullOrEmpty(mailattribute))
{
dsusr.PropertiesToLoad.Add(mailattribute);
}
else
{
dsusr.PropertiesToLoad.Add("mail");
dsusr.PropertiesToLoad.Add("otherMailbox");
}
if (!string.IsNullOrEmpty(phoneattribute))
{
dsusr.PropertiesToLoad.Add(phoneattribute);
}
else
{
dsusr.PropertiesToLoad.Add("mobile");
dsusr.PropertiesToLoad.Add("otherMobile");
dsusr.PropertiesToLoad.Add("telephoneNumber");
}
dsusr.SizeLimit = 0; // _host.MaxRows;
SearchResultCollection src = dsusr.FindAll();
if (src != null)
{
foreach (SearchResult sr in src)
{
MFAUser reg = new MFAUser();
using (DirectoryEntry DirEntry = ADDSUtils.GetDirectoryEntry(domain, username, password, sr, usessl))
{
if (DirEntry.Properties["objectGUID"].Value != null)
{
reg.ID = new Guid((byte[])DirEntry.Properties["objectGUID"].Value).ToString();
if (sr.Properties[ClaimsUtilities.GetADDSUserAttribute()][0] != null)
{
reg.UPN = sr.Properties[ClaimsUtilities.GetADDSUserAttribute()][0].ToString();
if (!string.IsNullOrEmpty(mailattribute))
{
if (DirEntry.Properties[mailattribute].Value != null)
{
reg.MailAddress = DirEntry.Properties[mailattribute].Value.ToString();
}
}
else
{
if (DirEntry.Properties["otherMailbox"].Value != null)
{
reg.MailAddress = DirEntry.Properties["otherMailbox"].Value.ToString();
}
else if (DirEntry.Properties["mail"].Value != null)
{
reg.MailAddress = DirEntry.Properties["mail"].Value.ToString();
}
}
if (!string.IsNullOrEmpty(phoneattribute))
{
if (DirEntry.Properties[phoneattribute].Value != null)
{
reg.PhoneNumber = DirEntry.Properties[phoneattribute].Value.ToString();
}
}
else
{
if (DirEntry.Properties["mobile"].Value != null)
{
reg.PhoneNumber = DirEntry.Properties["mobile"].Value.ToString();
}
else if (DirEntry.Properties["otherMobile"].Value != null)
{
reg.PhoneNumber = DirEntry.Properties["otherMobile"].Value.ToString();
}
else if (DirEntry.Properties["telephoneNumber"].Value != null)
{
reg.PhoneNumber = DirEntry.Properties["telephoneNumber"].Value.ToString();
}
}
reg.PreferredMethod = meth;
reg.OverrideMethod = string.Empty;
if (disableall)
{
reg.Enabled = false;
}
else if (DirEntry.Properties["userAccountControl"] != null)
{
int v = Convert.ToInt32(DirEntry.Properties["userAccountControl"].Value);
reg.Enabled = ((v & 2) == 0);
}
else
{
reg.Enabled = true;
}
registrations.Add(reg);
}
}
};
}
}
}
}
}
catch (Exception ex)
{
DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100);
throw new Exception(ex.Message);
}
return(registrations);
}
