public override object GetParametersInstance()
{
ActiveDirectoryHandlerParameters parms = new ActiveDirectoryHandlerParameters();
parms.Users = new List <AdUser>();
AdUser user = new AdUser();
user.Identity = "cn=mfox,ou=FamousActors,dc=sandbox,dc=local";
parms.Users.Add(user);
parms.Groups = new List <AdGroup>();
AdGroup group = new AdGroup();
group.Identity = "cn=BackToTheFuture,ou=Movies,dc=sandbox,dc=local";
parms.Groups.Add(group);
parms.OrganizationalUnits = new List <AdOrganizationalUnit>();
AdOrganizationalUnit ou = new AdOrganizationalUnit();
ou.Identity = "ou=Movies,dc=sandbox,dc=local";
parms.OrganizationalUnits.Add(ou);
parms.SearchRequests = new List <AdSearchRequest>();
AdSearchRequest search = new AdSearchRequest();
search.SearchBase = "ou=Synapse,dc=sandbox,dc=local";
search.Filter = "(objectClass=User)";
search.ReturnAttributes = new List <string>();
search.ReturnAttributes.Add("Name");
search.ReturnAttributes.Add("objectGUID");
parms.SearchRequests.Add(search);
return(parms);
}
public ActiveDirectoryHandlerResults ModifyOrgUnit(string identity, AdOrganizationalUnit ou, string domain = null)
{
string planName = config.Plans.OrganizationalUnit.Modify;
StartPlanEnvelope pe = GetPlanEnvelope(BuildIdentity(domain, identity), ou);
return(CallPlan(planName, pe));
}
public ActiveDirectoryHandlerResults CreateOrgUnit(string identity, AdOrganizationalUnit ou)
{
string planName = config.Plans.OrganizationalUnit.Create;
StartPlanEnvelope pe = GetPlanEnvelope(identity, ou);
return(CallPlan(planName, pe));
}
private void ProcessDelete(AdObject obj, bool returnObject = false)
{
ActiveDirectoryObjectResult result = new ActiveDirectoryObjectResult()
{
Type = obj.Type,
Identity = obj.Identity
};
ActiveDirectoryStatus status = new ActiveDirectoryStatus()
{
Action = config.Action,
Status = AdStatusType.Success,
Message = "Success",
};
try
{
roleManager.CanPerformActionOrException(requestUser, ActionType.Delete, obj.Identity);
switch (obj.Type)
{
case AdObjectType.User:
AdUser user = (AdUser)obj;
DirectoryServices.DeleteUser(user.Identity);
result.Statuses.Add(status);
break;
case AdObjectType.Group:
AdGroup group = (AdGroup)obj;
DirectoryServices.DeleteGroup(group.Identity, isDryRun);
result.Statuses.Add(status);
break;
case AdObjectType.OrganizationalUnit:
AdOrganizationalUnit ou = (AdOrganizationalUnit)obj;
DirectoryServices.DeleteOrganizationUnit(ou.Identity);
result.Statuses.Add(status);
break;
default:
throw new AdException("Action [" + config.Action + "] Not Implemented For Type [" + obj.Type + "]", AdStatusType.NotSupported);
}
String message = $"{obj.Type} [{obj.Identity}] Deleted.";
OnLogMessage("ProcessDelete", message);
}
catch (AdException ex)
{
ProcessActiveDirectoryException(result, ex, status.Action);
}
catch (Exception e)
{
OnLogMessage("ProcessDelete", e.Message);
OnLogMessage("ProcessDelete", e.StackTrace);
AdException le = new AdException(e);
ProcessActiveDirectoryException(result, le, status.Action);
}
results.Add(result);
}
// Create and Modify Organizational Unit By DistinguishedName
private StartPlanEnvelope GetPlanEnvelope(string identity, AdOrganizationalUnit ou)
{
StartPlanEnvelope pe = GetPlanEnvelope(identity);
if (ou != null)
{
if (!string.IsNullOrWhiteSpace(ou.Description))
{
pe.DynamicParameters.Add(@"description", ou.Description);
}
if (ou.ManagedBy != null)
{
pe.DynamicParameters.Add(@"managedby", ou.ManagedBy);
}
AddPropertiesToPlan(pe, ou.Properties);
}
return(pe);
}
private object GetActiveDirectoryObject(AdObject obj)
{
switch (obj.Type)
{
case AdObjectType.User:
AdUser user = (AdUser)obj;
UserPrincipalObject upo = null;
upo = DirectoryServices.GetUser(user.Identity, config.ReturnGroupMembership, config.ReturnAccessRules, config.ReturnObjectProperties);
if (upo == null)
{
throw new AdException($"User [{user.Identity}] Was Not Found.", AdStatusType.DoesNotExist);
}
return(upo);
case AdObjectType.Group:
AdGroup group = (AdGroup)obj;
GroupPrincipalObject gpo = null;
gpo = DirectoryServices.GetGroup(group.Identity, config.ReturnGroupMembership, config.ReturnAccessRules, config.ReturnObjectProperties);
if (gpo == null)
{
throw new AdException($"Group [{group.Identity}] Was Not Found.", AdStatusType.DoesNotExist);
}
return(gpo);
case AdObjectType.OrganizationalUnit:
AdOrganizationalUnit ou = (AdOrganizationalUnit)obj;
OrganizationalUnitObject ouo = null;
ouo = DirectoryServices.GetOrganizationalUnit(ou.Identity, config.ReturnAccessRules, config.ReturnObjectProperties);
if (ouo == null)
{
throw new AdException($"Organizational Unit [{ou.Identity}] Was Not Found.", AdStatusType.DoesNotExist);
}
return(ouo);
default:
throw new AdException("Action [" + config.Action + "] Not Implemented For Type [" + obj.Type + "]", AdStatusType.NotSupported);
}
}
private void ProcessModify(AdObject obj, bool returnObject = true)
{
ActiveDirectoryObjectResult result = new ActiveDirectoryObjectResult()
{
Type = obj.Type,
Identity = obj.Identity
};
ActiveDirectoryStatus status = new ActiveDirectoryStatus()
{
Action = config.Action,
Status = AdStatusType.Success,
Message = "Success",
};
try
{
string statusAction = "Modified";
switch (obj.Type)
{
case AdObjectType.User:
AdUser user = (AdUser)obj;
UserPrincipal up = null;
if (config.UseUpsert && !DirectoryServices.IsExistingUser(obj.Identity))
{
if (DirectoryServices.IsDistinguishedName(obj.Identity))
{
String path = DirectoryServices.GetParentPath(obj.Identity);
roleManager.CanPerformActionOrException(requestUser, ActionType.Create, path);
up = user.CreateUserPrincipal();
statusAction = "Created";
}
else
{
throw new AdException($"Identity [{obj.Identity}] Must Be A Distinguished Name For User Creation.", AdStatusType.MissingInput);
}
}
else
{
roleManager.CanPerformActionOrException(requestUser, ActionType.Modify, obj.Identity);
up = DirectoryServices.GetUserPrincipal(obj.Identity);
if (up == null)
{
throw new AdException($"User [{obj.Identity}] Not Found.", AdStatusType.DoesNotExist);
}
user.UpdateUserPrincipal(up);
}
DirectoryServices.SaveUser(up, isDryRun);
OnLogMessage("ProcessModify", obj.Type + " [" + obj.Identity + "] " + statusAction + ".");
if (user.Groups != null)
{
ProcessGroupAdd(user, false);
}
result.Statuses.Add(status);
break;
case AdObjectType.Group:
AdGroup group = (AdGroup)obj;
GroupPrincipal gp = null;
if (config.UseUpsert && !DirectoryServices.IsExistingGroup(obj.Identity))
{
if (DirectoryServices.IsDistinguishedName(obj.Identity))
{
String path = DirectoryServices.GetParentPath(obj.Identity);
roleManager.CanPerformActionOrException(requestUser, ActionType.Create, path);
gp = group.CreateGroupPrincipal();
statusAction = "Created";
}
else
{
throw new AdException($"Identity [{obj.Identity}] Must Be A Distinguished Name For Group Creation.", AdStatusType.MissingInput);
}
}
else
{
roleManager.CanPerformActionOrException(requestUser, ActionType.Modify, obj.Identity);
gp = DirectoryServices.GetGroupPrincipal(obj.Identity);
if (gp == null)
{
throw new AdException($"Group [{obj.Identity}] Not Found.", AdStatusType.DoesNotExist);
}
group.UpdateGroupPrincipal(gp);
}
DirectoryServices.SaveGroup(gp, isDryRun);
OnLogMessage("ProcessModify", obj.Type + " [" + obj.Identity + "] " + statusAction + ".");
if (group.Groups != null)
{
ProcessGroupAdd(group, false);
}
result.Statuses.Add(status);
break;
case AdObjectType.OrganizationalUnit:
AdOrganizationalUnit ou = (AdOrganizationalUnit)obj;
// Get DistinguishedName from User or Group Identity for ManagedBy Property
if (!String.IsNullOrWhiteSpace(ou.ManagedBy))
{
if (ou.Properties == null)
{
ou.Properties = new Dictionary <string, List <string> >();
}
if (!ou.Properties.ContainsKey("managedBy"))
{
String distinguishedName = DirectoryServices.GetDistinguishedName(ou.ManagedBy);
if (distinguishedName == null)
{
distinguishedName = ou.ManagedBy;
}
List <String> values = new List <string>()
{
distinguishedName
};
ou.Properties.Add("managedBy", values);
}
}
if (config.UseUpsert && !DirectoryServices.IsExistingDirectoryEntry(obj.Identity))
{
if (DirectoryServices.IsDistinguishedName(obj.Identity))
{
String path = DirectoryServices.GetParentPath(obj.Identity);
roleManager.CanPerformActionOrException(requestUser, ActionType.Create, path);
if (!String.IsNullOrWhiteSpace(ou.Description))
{
DirectoryServices.AddProperty(ou.Properties, "description", ou.Description);
}
DirectoryServices.CreateOrganizationUnit(obj.Identity, ou.Properties, isDryRun);
statusAction = "Created";
}
else
{
throw new AdException($"Identity [{obj.Identity}] Must Be A Distinguished Name For Organizational Unit Creation.", AdStatusType.MissingInput);
}
}
else
{
roleManager.CanPerformActionOrException(requestUser, ActionType.Modify, obj.Identity);
if (!String.IsNullOrWhiteSpace(ou.Description))
{
DirectoryServices.AddProperty(ou.Properties, "description", ou.Description);
}
DirectoryServices.ModifyOrganizationUnit(ou.Identity, ou.Properties, isDryRun);
}
OnLogMessage("ProcessModify", obj.Type + " [" + obj.Identity + "] " + statusAction + ".");
result.Statuses.Add(status);
break;
default:
throw new AdException("Action [" + config.Action + "] Not Implemented For Type [" + obj.Type + "]", AdStatusType.NotSupported);
}
if (returnObject)
{
result.Object = GetActiveDirectoryObject(obj);
}
}
catch (AdException ex)
{
ProcessActiveDirectoryException(result, ex, status.Action);
}
catch (Exception e)
{
OnLogMessage("ProcessCreate", e.Message);
OnLogMessage("ProcessCreate", e.StackTrace);
AdException le = new AdException(e);
ProcessActiveDirectoryException(result, le, status.Action);
}
results.Add(result);
}
