public static bool DeleteLocalWindowsAccount(string username)
{
try
{
if (MachineUtils.IsThisMachineADomainController())
{
throw new Exception($"This computer reports to be a domain controller. User cannot be deleted.");
}
var context = new PrincipalContext(ContextType.Machine, Environment.MachineName);
if (context == null)
{
context = new PrincipalContext(ContextType.Machine);
}
if (context == null)
{
throw new Exception($"Could not create instance of the PrincipalContext ({Environment.MachineName}).");
}
// create the user if it does not exist
var user = UserPrincipal.FindByIdentity(context, IdentityType.Name, username);
if (user == null)
{
throw new Exception($"Could not find instance of the UserPrincipal ({username}).");
}
// now remove user from "Users" group
var usersGroupSID = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
if (usersGroupSID != null)
{
GroupPrincipal group = GroupPrincipal.FindByIdentity(context, IdentityType.Sid, usersGroupSID.Value);
if (group != null && group.Members.Contains(user))
{
group.Members.Remove(user);
}
}
user.Delete();
return(true);
}
catch (Exception ex)
{
_logger.Error($"{nameof(DeleteLocalWindowsAccount)}. {ex.Message}\r\n{ex.StackTrace}");
return(false);
}
}
public static bool DoesLocalWindowsAccountExist(string username)
{
try
{
if (MachineUtils.IsThisMachineADomainController())
{
throw new Exception($"This computer reports to be a domain controller.");
}
var context = new PrincipalContext(ContextType.Machine, Environment.MachineName);
if (context == null)
{
context = new PrincipalContext(ContextType.Machine);
}
if (context == null)
{
throw new Exception($"Could not create instance of the PrincipalContext ({Environment.MachineName}).");
}
var user = UserPrincipal.FindByIdentity(context, IdentityType.Name, username);
if (user == null || !(user.Enabled.HasValue && user.Enabled.Value) || user.IsAccountLockedOut())
{
return(false);
}
var usersGroupSID = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
GroupPrincipal group = GroupPrincipal.FindByIdentity(context, IdentityType.Sid, usersGroupSID.Value);
if (group == null || !group.Members.Contains(user))
{
return(false);
}
return(true);
}
catch (Exception ex)
{
_logger.Error($"{nameof(DoesLocalWindowsAccountExist)}. {ex.Message}\r\n{ex.StackTrace}");
return(false);
}
}
public static bool ChangeWindowsAccountPassword(string username, string password)
{
try
{
if (MachineUtils.IsThisMachineADomainController())
{
throw new Exception($"This computer reports to be a domain controller. User password cannot be changed.");
}
var context = new PrincipalContext(ContextType.Machine, Environment.MachineName);
if (context == null)
{
context = new PrincipalContext(ContextType.Machine);
}
if (context == null)
{
throw new Exception($"Could not create instance of the PrincipalContext ({Environment.MachineName}).");
}
// create the user if it does not exist
var user = UserPrincipal.FindByIdentity(context, IdentityType.Name, username);
if (user == null)
{
throw new Exception($"Could not find instance of the UserPrincipal ({username}).");
}
user.SetPassword(password);
user.Save();
return(true);
}
catch (Exception ex)
{
_logger.Error($"{nameof(ChangeWindowsAccountPassword)}. {ex.Message}\r\n{ex.StackTrace}");
return(false);
}
}
public static bool CreateLocalWindowsAccount(string username, string password, string displayName, string description, bool userCannotChangePassword, bool passwordNeverExpires)
{
try
{
if (MachineUtils.IsThisMachineADomainController())
{
throw new Exception($"This computer reports to be a domain controller. User cannot be created.");
}
var context = new PrincipalContext(ContextType.Machine, Environment.MachineName);
if (context == null)
{
context = new PrincipalContext(ContextType.Machine);
}
if (context == null)
{
throw new Exception($"Could not create instance of the PrincipalContext ({Environment.MachineName}).");
}
// create the user if it does not exist
var user = UserPrincipal.FindByIdentity(context, IdentityType.Name, username);
if (user == null)
{
user = new UserPrincipal(context)
{
Name = username,
DisplayName = displayName,
Description = description,
};
if (user == null)
{
throw new Exception($"Could not create new instance of the UserPrincipal ({username}).");
}
}
user.Enabled = true;
user.PasswordNeverExpires = passwordNeverExpires;
user.UserCannotChangePassword = userCannotChangePassword;
user.SetPassword(password);
if (user.IsAccountLockedOut())
{
user.UnlockAccount();
}
user.Save();
// now add user to "Users" group
var usersGroupSID = new SecurityIdentifier(WellKnownSidType.BuiltinUsersSid, null);
if (usersGroupSID == null)
{
throw new Exception($"Could not find instance of the SecurityIdentifier (WellKnownSidType.BuiltinUsersSid).");
}
GroupPrincipal group = GroupPrincipal.FindByIdentity(context, IdentityType.Sid, usersGroupSID.Value);
if (group == null)
{
throw new Exception($"Could not find instance of the GroupPrincipal (USERS).");
}
if (!group.Members.Contains(user))
{
group.Members.Add(user);
group.Save();
}
return(true);
}
catch (Exception ex)
{
_logger.Error($"{nameof(CreateLocalWindowsAccount)}. {ex.Message}\r\n{ex.StackTrace}");
return(false);
}
}
