/// <summary>
/// Verifies that the Azure Active Directory user or group exists, and will get the object id if it is not set.
/// </summary>
/// <param name="displayName">Azure Active Directory user or group display name</param>
/// <param name="objectId">Azure Active Directory user or group object id</param>
/// <returns></returns>
protected ServerAdministratorCreateOrUpdateProperties GetActiveDirectoryInformation(string displayName, Guid objectId)
{
// Gets the default Tenant id for the subscriptions
Guid tenantId = GetTenantId();
// Check for a Azure Active Directory group. Recommended to always use group.
IEnumerable <PSADGroup> groupList = null;
var filter = new ADObjectFilterOptions()
{
Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,
SearchString = displayName,
Paging = true,
};
// Get a list of groups from Azure Active Directory
groupList = ActiveDirectoryClient.FilterGroups(filter).Where(gr => string.Equals(gr.DisplayName, displayName, StringComparison.OrdinalIgnoreCase));
if (groupList.Count() > 1)
{
// More than one group was found with that display name.
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.ADGroupMoreThanOneFound, displayName));
}
else if (groupList.Count() == 1)
{
// Only one group was found. Get the group display name and object id
var group = groupList.First();
// Only support Security Groups
if (group.SecurityEnabled.HasValue && !group.SecurityEnabled.Value)
{
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.InvalidADGroupNotSecurity, displayName));
}
return(new ServerAdministratorCreateOrUpdateProperties()
{
Login = group.DisplayName,
Sid = group.Id,
TenantId = tenantId,
});
}
// No group was found. Check for a user
filter = new ADObjectFilterOptions()
{
Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,
SearchString = displayName,
Paging = true,
};
// Get a list of user from Azure Active Directory
var userList = ActiveDirectoryClient.FilterUsers(filter).Where(gr => string.Equals(gr.DisplayName, displayName, StringComparison.OrdinalIgnoreCase));
// No user was found. Check if the display name is a UPN
if (userList == null || userList.Count() == 0)
{
// Check if the display name is the UPN
filter = new ADObjectFilterOptions()
{
Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,
UPN = displayName,
Paging = true,
};
userList = ActiveDirectoryClient.FilterUsers(filter).Where(gr => string.Equals(gr.UserPrincipalName, displayName, StringComparison.OrdinalIgnoreCase));
}
// No user was found
if (userList == null || userList.Count() == 0)
{
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.ADObjectNotFound, displayName));
}
else if (userList.Count() > 1)
{
// More than one user was found.
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.ADUserMoreThanOneFound, displayName));
}
else
{
// Only one user was found. Get the user display name and object id
var obj = userList.First();
return(new ServerAdministratorCreateOrUpdateProperties()
{
Login = displayName,
Sid = obj.Id,
TenantId = tenantId,
});
}
}
/// <summary>
/// Verifies that the Azure Active Directory user or group exists, and will get the object id if it is not set.
/// </summary>
/// <param name="displayName">Azure Active Directory user or group display name</param>
/// <param name="objectId">Azure Active Directory user or group object id</param>
/// <returns></returns>
protected ManagedInstanceExternalAdministrator GetActiveDirectoryInformation(ManagedInstanceExternalAdministrator input)
{
if (input == null || string.IsNullOrEmpty(input.Login))
{
return(null);
}
Guid? objectId = input.Sid;
string displayName = input.Login;
bool? adOnlyAuth = input.AzureADOnlyAuthentication;
// Gets the default Tenant id for the subscriptions
Guid tenantId = GetTenantId();
// Check for a Azure Active Directory group. Recommended to always use group.
IEnumerable <PSADGroup> groupList = null;
PSADGroup group = null;
var filter = new ADObjectFilterOptions()
{
Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,
SearchString = displayName,
Paging = true,
};
// Get a list of groups from Azure Active Directory
groupList = ActiveDirectoryClient.FilterGroups(filter).Where(gr => string.Equals(gr.DisplayName, displayName, StringComparison.OrdinalIgnoreCase));
if (groupList != null && groupList.Count() > 1)
{
// More than one group was found with that display name.
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.ADGroupMoreThanOneFound, displayName));
}
else if (groupList != null && groupList.Count() == 1)
{
// Only one group was found. Get the group display name and object id
group = groupList.First();
// Only support Security Groups
if (group.SecurityEnabled.HasValue && !group.SecurityEnabled.Value)
{
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.InvalidADGroupNotSecurity, displayName));
}
}
// Lookup for serviceprincipals
ODataQuery <ServicePrincipal> odataQueryFilter;
if ((objectId != null && objectId != Guid.Empty))
{
var applicationIdString = objectId.ToString();
odataQueryFilter = new Rest.Azure.OData.ODataQuery <ServicePrincipal>(a => a.AppId == applicationIdString);
}
else
{
odataQueryFilter = new Rest.Azure.OData.ODataQuery <ServicePrincipal>(a => a.DisplayName == displayName);
}
var servicePrincipalList = ActiveDirectoryClient.FilterServicePrincipals(odataQueryFilter);
if (servicePrincipalList != null && servicePrincipalList.Count() > 1)
{
// More than one service principal was found.
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.ADApplicationMoreThanOneFound, displayName));
}
else if (servicePrincipalList != null && servicePrincipalList.Count() == 1)
{
// Only one user was found. Get the user display name and object id
PSADServicePrincipal app = servicePrincipalList.First();
if (displayName != null && string.CompareOrdinal(displayName, app.DisplayName) != 0)
{
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.ADApplicationDisplayNameMismatch, displayName, app.DisplayName));
}
if (group != null)
{
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.ADDuplicateGroupAndApplicationFound, displayName));
}
return(new ManagedInstanceExternalAdministrator()
{
Login = displayName,
Sid = app.ApplicationId,
TenantId = tenantId,
PrincipalType = "Application",
AzureADOnlyAuthentication = adOnlyAuth
});
}
if (group != null)
{
return(new ManagedInstanceExternalAdministrator()
{
Login = group.DisplayName,
Sid = group.Id,
TenantId = tenantId,
PrincipalType = "Group",
AzureADOnlyAuthentication = adOnlyAuth
});
}
// No group or service principal was found. Check for a user
filter = new ADObjectFilterOptions()
{
Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,
SearchString = displayName,
Paging = true,
};
// Get a list of user from Azure Active Directory
var userList = ActiveDirectoryClient.FilterUsers(filter).Where(gr => string.Equals(gr.DisplayName, displayName, StringComparison.OrdinalIgnoreCase));
// No user was found. Check if the display name is a UPN
if (userList == null || userList.Count() == 0)
{
// Check if the display name is the UPN
filter = new ADObjectFilterOptions()
{
Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,
UPN = displayName,
Paging = true,
};
userList = ActiveDirectoryClient.FilterUsers(filter).Where(gr => string.Equals(gr.UserPrincipalName, displayName, StringComparison.OrdinalIgnoreCase));
}
// No user was found. Check if the display name is a guest user.
if (userList == null || userList.Count() == 0)
{
// Check if the display name is the UPN
filter = new ADObjectFilterOptions()
{
Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,
Mail = displayName,
Paging = true,
};
userList = ActiveDirectoryClient.FilterUsers(filter);
}
// No user was found
if (userList == null || userList.Count() == 0)
{
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.ADObjectNotFound, displayName));
}
else if (userList.Count() > 1)
{
// More than one user was found.
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.ADUserMoreThanOneFound, displayName));
}
else
{
// Only one user was found. Get the user display name and object id
var obj = userList.First();
return(new ManagedInstanceExternalAdministrator()
{
Login = displayName,
Sid = obj.Id,
TenantId = tenantId,
PrincipalType = "User",
AzureADOnlyAuthentication = adOnlyAuth
});
}
}
/// <summary>
/// Verifies that the Azure Active Directory user or group exists, and will get the object id if it is not set.
/// </summary>
/// <param name="displayName">Azure Active Directory user or group display name</param>
/// <param name="objectId">Azure Active Directory user or group object id</param>
/// <returns></returns>
protected ServerAdministratorCreateOrUpdateProperties GetActiveDirectoryInformation(string displayName, Guid objectId)
{
// Gets the default Tenant id for the subscriptions
Guid tenantId = GetTenantId();
// Check for a Azure Active Directory group. Recommended to always use group.
IEnumerable<PSADGroup> groupList = null;
var filter = new ADObjectFilterOptions()
{
Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,
SearchString = displayName,
Paging = true,
};
// Get a list of groups from Azure Active Directory
groupList = ActiveDirectoryClient.FilterGroups(filter).Where(gr => string.Equals(gr.DisplayName, displayName, StringComparison.OrdinalIgnoreCase));
if (groupList.Count() > 1)
{
// More than one group was found with that display name.
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.ADGroupMoreThanOneFound, displayName));
}
else if (groupList.Count() == 1)
{
// Only one group was found. Get the group display name and object id
var group = groupList.First();
// Only support Security Groups
if (group.SecurityEnabled.HasValue && !group.SecurityEnabled.Value)
{
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.InvalidADGroupNotSecurity, displayName));
}
return new ServerAdministratorCreateOrUpdateProperties()
{
Login = group.DisplayName,
Sid = group.Id,
TenantId = tenantId,
};
}
// No group was found. Check for a user
filter = new ADObjectFilterOptions()
{
Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,
SearchString = displayName,
Paging = true,
};
// Get a list of user from Azure Active Directory
var userList = ActiveDirectoryClient.FilterUsers(filter).Where(gr => string.Equals(gr.DisplayName, displayName, StringComparison.OrdinalIgnoreCase));
// No user was found. Check if the display name is a UPN
if (userList == null || userList.Count() == 0)
{
// Check if the display name is the UPN
filter = new ADObjectFilterOptions()
{
Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,
UPN = displayName,
Paging = true,
};
userList = ActiveDirectoryClient.FilterUsers(filter).Where(gr => string.Equals(gr.UserPrincipalName, displayName, StringComparison.OrdinalIgnoreCase));
}
// No user was found
if (userList == null || userList.Count() == 0)
{
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.ADObjectNotFound, displayName));
}
else if (userList.Count() > 1)
{
// More than one user was found.
throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.ADUserMoreThanOneFound, displayName));
}
else
{
// Only one user was found. Get the user display name and object id
var obj = userList.First();
return new ServerAdministratorCreateOrUpdateProperties()
{
Login = displayName,
Sid = obj.Id,
TenantId = tenantId,
};
}
}
