Beispiel #1
0
        /// <summary>
        /// DoImportGroup method implementation
        /// </summary>
        private void DoImportGroup(DirectoryEntry DirEntry, MFAUniqueUserList users, UsersADDSRecord Parameters, bool disableall)
        {
            string distinguishedName = string.Empty;
            string sidstr            = string.Empty;

            try
            {
                distinguishedName = DirEntry.Properties["distinguishedName"].Value.ToString();
                byte[] SD  = (byte[])DirEntry.Properties["objectSID"].Value;
                string sid = new SecurityIdentifier(SD, 0).ToString();
                sidstr = sid.Substring(sid.LastIndexOf("-") + 1);
                using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password)) // Binding Root
                {
                    string qryldap = string.Empty;
                    string subldap = string.Empty;
                    bool   hasval1 = false;
                    bool   hasval2 = false;
                    qryldap = "(| (&(objectCategory=group)(objectClass=group)(memberof=" + distinguishedName + ")) (&(objectCategory=user)(objectClass=user)(|(memberof=" + distinguishedName + ")(primaryGroupID=" + sidstr + "))";
                    if (Parameters.CreatedSince.HasValue)
                    {
                        subldap += "(whenCreated>=" + Parameters.CreatedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
                        hasval1  = true;
                    }
                    if (Parameters.ModifiedSince.HasValue)
                    {
                        subldap += "(whenChanged>=" + Parameters.ModifiedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
                        hasval2  = true;
                    }
                    if (hasval1 && hasval2)
                    {
                        qryldap += "(|" + subldap + ")";
                    }
                    else if (hasval1 || hasval2)
                    {
                        qryldap += subldap;
                    }
                    qryldap += "))";

                    using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
                    {
                        AddPropertiesToLoadForSearcher(dsusr, Parameters.MailAttribute, Parameters.PhoneAttribute);
                        dsusr.SizeLimit = 100000; // Set maxrows
                        dsusr.PageSize  = 5000;

                        SearchResultCollection src = dsusr.FindAll();
                        if (src != null)
                        {
                            foreach (SearchResult sr in src)
                            {
                                using (DirectoryEntry SubDirEntry = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, sr))
                                {
                                    int k = IsImportUser(SubDirEntry.Properties["objectClass"].Value);
                                    switch (k)
                                    {
                                    case 1:
                                        DoImportUser(SubDirEntry, users, Parameters, disableall);
                                        break;

                                    case 2:
                                        if (!Parameters.NoRecurse)
                                        {
                                            DoImportGroup(SubDirEntry, users, Parameters, disableall);
                                        }
                                        break;

                                    default:
                                        break;
                                    }
                                }
                            }
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                DataLog.WriteEntry("DN : " + distinguishedName + "     SID : " + sidstr + "     Error : " + ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100);
                // throw new Exception(ex.Message);
            }
        }
Beispiel #2
0
        /// <summary>
        /// CleanMFAUsers method implementation
        /// </summary>
        public virtual List <string> CleanMFAUsers(UsersADDSRecord Parameters)
        {
            MFAUniqueDeletedUserList registrations = new MFAUniqueDeletedUserList();

            try
            {
                using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password))
                {
                    string qryldap = string.Empty;
                    qryldap = "(&(objectClass=user)(isDeleted=TRUE))";

                    using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
                    {
                        AddPropertiesToLoadForDeleted(dsusr);
                        dsusr.SizeLimit  = 10000; // Set maxrows
                        dsusr.PageSize   = 5000;
                        dsusr.ExtendedDN = ExtendedDN.Standard;
                        dsusr.Tombstone  = true;

                        SearchResultCollection src = dsusr.FindAll();
                        if (src != null)
                        {
                            foreach (SearchResult sr in src)
                            {
                                string upn = string.Empty;
                                string sam = string.Empty;
                                if (sr.Properties.Contains("userPrincipalName"))
                                {
                                    upn = sr.Properties["userPrincipalName"][0].ToString();
                                }
                                if (sr.Properties.Contains("sAMAccountName"))
                                {
                                    sam = sr.Properties["sAMAccountName"][0].ToString();
                                }

                                if (!string.IsNullOrEmpty(upn) && !string.IsNullOrEmpty(sam))
                                {
                                    string identity = string.Empty;
                                    if (ADDSClaimsUtilities.GetADDSSearchAttribute().Equals("userPrincipalName"))
                                    {
                                        identity = upn;
                                    }
                                    else
                                    {
                                        identity = sam;
                                    }

                                    if (!CheckMFAUser(Parameters, identity))
                                    {
                                        registrations.AddOrUpdate(identity);
                                    }
                                }
                            }
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100);
                throw new Exception(ex.Message);
            }
            return(registrations);
        }
Beispiel #3
0
        /// <summary>
        /// ImportMFAUsers method implementation
        /// </summary>
        public virtual MFAUserList ImportMFAUsers(UsersADDSRecord Parameters, bool disableall = false)
        {
            if (!string.IsNullOrEmpty(Parameters.LDAPPath))
            {
                Parameters.LDAPPath = Parameters.LDAPPath.Replace("ldap://", "");
                Parameters.LDAPPath = Parameters.LDAPPath.Replace("ldaps://", "");
                Parameters.LDAPPath = Parameters.LDAPPath.Replace("LDAP://", "");
                Parameters.LDAPPath = Parameters.LDAPPath.Replace("LDAPS://", "");
            }
            MFAUniqueUserList registrations = new MFAUniqueUserList();

            try
            {
                using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, Parameters.LDAPPath))
                {
                    string qryldap = string.Empty;
                    string subldap = string.Empty;
                    bool   hasval1 = false;
                    bool   hasval2 = false;
                    qryldap = "(|(&(objectCategory=group)(objectClass=group))(&(objectCategory=user)(objectClass=user)";
                    if (Parameters.CreatedSince.HasValue)
                    {
                        subldap += "(whenCreated>=" + Parameters.CreatedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
                        hasval1  = true;
                    }
                    if (Parameters.ModifiedSince.HasValue)
                    {
                        subldap += "(whenChanged>=" + Parameters.ModifiedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
                        hasval2  = true;
                    }
                    if (hasval1 && hasval2)
                    {
                        qryldap += "(|" + subldap + ")";
                    }
                    else if (hasval1 || hasval2)
                    {
                        qryldap += subldap;
                    }
                    qryldap += "))";

                    using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
                    {
                        AddPropertiesToLoadForSearcher(dsusr, Parameters.MailAttribute, Parameters.PhoneAttribute);
                        dsusr.SizeLimit = 100000; // Set maxrows
                        dsusr.PageSize  = 5000;

                        SearchResultCollection src = dsusr.FindAll();
                        if (src != null)
                        {
                            foreach (SearchResult sr in src)
                            {
                                using (DirectoryEntry DirEntry = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, sr))
                                {
                                    int k = IsImportUser(DirEntry.Properties["objectClass"].Value);
                                    switch (k)
                                    {
                                    case 1:
                                        DoImportUser(DirEntry, registrations, Parameters, disableall);
                                        break;

                                    case 2:
                                        if (!Parameters.NoRecurse)
                                        {
                                            DoImportGroup(DirEntry, registrations, Parameters, disableall);
                                        }
                                        break;

                                    default:
                                        break;
                                    }
                                }
                            }
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                DataLog.WriteEntry("Root : " + ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100);
                // throw new Exception(ex.Message);
            }
            return(registrations);
        }
Beispiel #4
0
        /// <summary>
        /// ImportMFAUsers method implementation
        /// </summary>
        public virtual MFAUserList ImportMFAUsers(string domain, string username, string password, string ldappath, DateTime?created, DateTime?modified, string mailattribute, string phoneattribute, PreferredMethod meth, bool usessl, bool disableall = false)
        {
            if (!string.IsNullOrEmpty(ldappath))
            {
                ldappath = ldappath.Replace("ldap://", "");
                ldappath = ldappath.Replace("ldaps://", "");
                ldappath = ldappath.Replace("LDAP://", "");
                ldappath = ldappath.Replace("LDAPS://", "");
            }
            MFAUserList registrations = new MFAUserList();

            try
            {
                using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(domain, username, password, ldappath, usessl))
                {
                    string qryldap = string.Empty;
                    qryldap  = "(&";
                    qryldap += "(objectCategory=user)(objectClass=user)" + ClaimsUtilities.BuildADDSUserFilter("*");
                    if (created.HasValue)
                    {
                        qryldap += "(whenCreated>=" + created.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
                    }
                    if (modified.HasValue)
                    {
                        qryldap += "(whenChanged>=" + modified.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
                    }
                    qryldap += ")";

                    using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
                    {
                        dsusr.PropertiesToLoad.Clear();
                        dsusr.PropertiesToLoad.Add("objectGUID");
                        dsusr.PropertiesToLoad.Add("userPrincipalName");
                        dsusr.PropertiesToLoad.Add("sAMAccountName");
                        dsusr.PropertiesToLoad.Add("msDS-PrincipalName");
                        dsusr.PropertiesToLoad.Add("userAccountControl");

                        if (!string.IsNullOrEmpty(mailattribute))
                        {
                            dsusr.PropertiesToLoad.Add(mailattribute);
                        }
                        else
                        {
                            dsusr.PropertiesToLoad.Add("mail");
                            dsusr.PropertiesToLoad.Add("otherMailbox");
                        }
                        if (!string.IsNullOrEmpty(phoneattribute))
                        {
                            dsusr.PropertiesToLoad.Add(phoneattribute);
                        }
                        else
                        {
                            dsusr.PropertiesToLoad.Add("mobile");
                            dsusr.PropertiesToLoad.Add("otherMobile");
                            dsusr.PropertiesToLoad.Add("telephoneNumber");
                        }
                        dsusr.SizeLimit = 0; // _host.MaxRows;

                        SearchResultCollection src = dsusr.FindAll();
                        if (src != null)
                        {
                            foreach (SearchResult sr in src)
                            {
                                MFAUser reg = new MFAUser();
                                using (DirectoryEntry DirEntry = ADDSUtils.GetDirectoryEntry(domain, username, password, sr, usessl))
                                {
                                    if (DirEntry.Properties["objectGUID"].Value != null)
                                    {
                                        reg.ID = new Guid((byte[])DirEntry.Properties["objectGUID"].Value).ToString();
                                        if (sr.Properties[ClaimsUtilities.GetADDSUserAttribute()][0] != null)
                                        {
                                            reg.UPN = sr.Properties[ClaimsUtilities.GetADDSUserAttribute()][0].ToString();

                                            if (!string.IsNullOrEmpty(mailattribute))
                                            {
                                                if (DirEntry.Properties[mailattribute].Value != null)
                                                {
                                                    reg.MailAddress = DirEntry.Properties[mailattribute].Value.ToString();
                                                }
                                            }
                                            else
                                            {
                                                if (DirEntry.Properties["otherMailbox"].Value != null)
                                                {
                                                    reg.MailAddress = DirEntry.Properties["otherMailbox"].Value.ToString();
                                                }
                                                else if (DirEntry.Properties["mail"].Value != null)
                                                {
                                                    reg.MailAddress = DirEntry.Properties["mail"].Value.ToString();
                                                }
                                            }

                                            if (!string.IsNullOrEmpty(phoneattribute))
                                            {
                                                if (DirEntry.Properties[phoneattribute].Value != null)
                                                {
                                                    reg.PhoneNumber = DirEntry.Properties[phoneattribute].Value.ToString();
                                                }
                                            }
                                            else
                                            {
                                                if (DirEntry.Properties["mobile"].Value != null)
                                                {
                                                    reg.PhoneNumber = DirEntry.Properties["mobile"].Value.ToString();
                                                }
                                                else if (DirEntry.Properties["otherMobile"].Value != null)
                                                {
                                                    reg.PhoneNumber = DirEntry.Properties["otherMobile"].Value.ToString();
                                                }
                                                else if (DirEntry.Properties["telephoneNumber"].Value != null)
                                                {
                                                    reg.PhoneNumber = DirEntry.Properties["telephoneNumber"].Value.ToString();
                                                }
                                            }
                                            reg.PreferredMethod = meth;
                                            reg.OverrideMethod  = string.Empty;
                                            if (disableall)
                                            {
                                                reg.Enabled = false;
                                            }
                                            else if (DirEntry.Properties["userAccountControl"] != null)
                                            {
                                                int v = Convert.ToInt32(DirEntry.Properties["userAccountControl"].Value);
                                                reg.Enabled = ((v & 2) == 0);
                                            }
                                            else
                                            {
                                                reg.Enabled = true;
                                            }
                                            registrations.Add(reg);
                                        }
                                    }
                                };
                            }
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100);
                throw new Exception(ex.Message);
            }
            return(registrations);
        }