private void GetObject(ActiveDirectoryObjectResult result, AdObject obj, bool returnObject = true, bool returnStatus = true)
{
ActiveDirectoryStatus status = new ActiveDirectoryStatus()
{
Action = config.Action,
Status = AdStatusType.Success,
Message = "Success",
};
try
{
object adObject = GetActiveDirectoryObject(obj);
if (returnObject)
{
result.Object = adObject;
}
if (returnStatus)
{
result.Statuses.Add(status);
}
}
catch (AdException ex)
{
ProcessActiveDirectoryException(result, ex, status.Action);
}
catch (Exception e)
{
OnLogMessage("GetObject", e.Message);
OnLogMessage("GetObject", e.StackTrace);
AdException le = new AdException(e);
ProcessActiveDirectoryException(result, le, status.Action);
}
}
void AdmobSystem_AdFailed(object sender, AdException exception)
{
Debug.WriteLine("AdProvider: " + _name + " -> Event Error");
Debug.WriteLine("AdProvider error: " + exception);
RaiseError();
}
private void ProcessDelete(AdObject obj, bool returnObject = false)
{
ActiveDirectoryObjectResult result = new ActiveDirectoryObjectResult()
{
Type = obj.Type,
Identity = obj.Identity
};
ActiveDirectoryStatus status = new ActiveDirectoryStatus()
{
Action = config.Action,
Status = AdStatusType.Success,
Message = "Success",
};
try
{
roleManager.CanPerformActionOrException(requestUser, ActionType.Delete, obj.Identity);
switch (obj.Type)
{
case AdObjectType.User:
AdUser user = (AdUser)obj;
DirectoryServices.DeleteUser(user.Identity);
result.Statuses.Add(status);
break;
case AdObjectType.Group:
AdGroup group = (AdGroup)obj;
DirectoryServices.DeleteGroup(group.Identity, isDryRun);
result.Statuses.Add(status);
break;
case AdObjectType.OrganizationalUnit:
AdOrganizationalUnit ou = (AdOrganizationalUnit)obj;
DirectoryServices.DeleteOrganizationUnit(ou.Identity);
result.Statuses.Add(status);
break;
default:
throw new AdException("Action [" + config.Action + "] Not Implemented For Type [" + obj.Type + "]", AdStatusType.NotSupported);
}
String message = $"{obj.Type} [{obj.Identity}] Deleted.";
OnLogMessage("ProcessDelete", message);
}
catch (AdException ex)
{
ProcessActiveDirectoryException(result, ex, status.Action);
}
catch (Exception e)
{
OnLogMessage("ProcessDelete", e.Message);
OnLogMessage("ProcessDelete", e.StackTrace);
AdException le = new AdException(e);
ProcessActiveDirectoryException(result, le, status.Action);
}
results.Add(result);
}
public void Core_SearchTestBadSearchBase()
{
string[] properties = new string[] { "name", "objectGUID", "objectSid" };
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.Search($"ou=BadOuName,{workspaceName}", @"(objectClass=User)", properties));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("no such object on the server"));
}
public void Core_SearchTestBadFilter()
{
string[] properties = new string[] { "name", "objectGUID", "objectSid" };
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.Search(workspaceName, @"((objectClass=GuyWaguespack)", properties));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("search filter is invalid"));
}
public void Core_RemoveGroupFromGroupWhenNotMember()
{
GroupPrincipal gp = Utility.CreateGroup(workspaceName);
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.RemoveGroupFromGroup(gp.DistinguishedName, group.DistinguishedName));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("does not exist in the parent group"));
Utility.DeleteGroup(gp.DistinguishedName);
}
public void Core_CreateOrgUnitBadDistName()
{
// Get OrgUnit That Does Not Exist
String ouName = $"testou_{Utility.GenerateToken( 8 )}";
String ouDistinguishedName = $"GW={ouName},{workspaceName}";
Console.WriteLine($"Create OrgUnit [{ouDistinguishedName}] With Bad DistinguishedName");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.CreateOrganizationUnit(ouDistinguishedName, null));
}
public void Core_ModifyUserBadData()
{
UserPrincipal badUser = Utility.CreateUser(workspaceName);
badUser.SamAccountName = $"{badUser.Name}abcdefghij1234567890"; // SamAccountName Is Limited To 20 Characters
Console.WriteLine($"Modify User [{badUser.DistinguishedName}] With Bad SamAccountName [{badUser.SamAccountName}]");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.SaveUser(badUser));
Utility.DeleteUser(badUser.DistinguishedName);
}
public void Core_CreateUserBadDistName()
{
// Get User That Does Not Exist
String userName = $"testuser_{Utility.GenerateToken( 8 )}";
String userDistinguishedName = $"GW={userName},{workspaceName}";
Console.WriteLine($"Create User [{userDistinguishedName}] With Bad DistinguishedName");
UserPrincipal user = null;
AdException ex = Assert.Throws <AdException>(() => user = DirectoryServices.CreateUserPrincipal(userDistinguishedName));
}
public void Core_CreateGroupBadDistName()
{
// Get User That Does Not Exist
String groupName = $"testgroup_{Utility.GenerateToken( 8 )}";
String groupDistinguishedName = $"GW={groupName},{workspaceName}";
Console.WriteLine($"Create Group [{groupDistinguishedName}] With Bad DistinguishedName");
GroupPrincipal group = null;
AdException ex = Assert.Throws <AdException>(() => group = DirectoryServices.CreateGroupPrincipal(groupDistinguishedName));
}
public void Core_ModifyGroupBadData()
{
GroupPrincipal badGroup = Utility.CreateGroup(workspaceName);
badGroup.GroupScope = 0; // Set To Invalid Group Scope
Console.WriteLine($"Modify Group [{badGroup.DistinguishedName}] With Bad GroupScope [{badGroup.GroupScope}]");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.SaveGroup(badGroup));
Utility.DeleteGroup(badGroup.Name);
}
public void Core_DeleteRuleBadTarget()
{
// Get Group That Does Not Exist
String groupName = $"testgroup_{Utility.GenerateToken( 8 )}";
String groupDistinguishedName = $"CN={groupName},{workspaceName}";
Console.WriteLine($"Deleting AccessRule For Group [{group.Name}] From Group [{groupName}] Which Should Not Exist.");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.DeleteAccessRule(groupName, group.Name, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("Can Not Be Found"));
}
public void Core_DeleteUserDoesNotExist()
{
// Get User That Does Not Exist
String userName = $"testuser_{Utility.GenerateToken( 8 )}";
String userDistinguishedName = $"CN={userName},{workspaceName}";
Console.WriteLine($"Deleting User [{userDistinguishedName}] Which Should Not Exist.");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.DeleteUser(userName));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("cannot be found"));
}
public void Core_SetRuleBadUser()
{
// Get User That Does Not Exist
String userName = $"testuser_{Utility.GenerateToken( 8 )}";
String userDistinguishedName = $"CN={userName},{workspaceName}";
Console.WriteLine($"Setting AccessRule For User [{userName}] Which Should Not Exist On User [{user.Name}].");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.SetAccessRule(user.Name, userName, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("Can Not Be Found"));
}
public void Core_AddNonExistantUserToGroup()
{
// Get User That Does Not Exist
String userName = $"testuser_{Utility.GenerateToken( 8 )}";
String userDistinguishedName = $"OU={userName},{workspaceName}";
Console.WriteLine($"Adding User [{userDistinguishedName}] Which Should Not Exist To Group [{group.DistinguishedName}].");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.AddGroupToGroup(userDistinguishedName, group.DistinguishedName));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("cannot be found"));
}
public void Core_PurgeRuleBadTarget()
{
// Get Group That Does Not Exist
String groupName = $"testgroup_{Utility.GenerateToken( 8 )}";
String groupDistinguishedName = $"CN={groupName},{workspaceName}";
Console.WriteLine($"Purging AccessRule For Group [{group.Name}] From Group [{groupName}] Which Should Not Exist.");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.PurgeAccessRules(groupName, group.Name));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("Can Not Be Found"));
}
public void Core_RemoveNonExistantGroupFromGroup()
{
// Get Group That Does Not Exist
String groupName = $"testgroup_{Utility.GenerateToken( 8 )}";
String groupDistinguishedName = $"OU={groupName},{workspaceName}";
Console.WriteLine($"Removing Group [{groupDistinguishedName}] Which Should Not Exist From Group [{group.DistinguishedName}].");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.RemoveGroupFromGroup(groupDistinguishedName, group.DistinguishedName));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("cannot be found"));
}
public void Core_DeleteOrgUnitDoesNotExist()
{
// Get OrgUnit That Does Not Exist
String ouName = $"testou_{Utility.GenerateToken( 8 )}";
String ouDistinguishedName = $"GW={ouName},{workspaceName}";
Console.WriteLine($"Deleting OrgUnuit [{ouDistinguishedName}] Which Should Not Exist.");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.DeleteOrganizationUnit(ouDistinguishedName));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("cannot be found"));
}
private void ProcessActiveDirectoryException(ActiveDirectoryObjectResult result, AdException ex, ActionType action)
{
ActiveDirectoryStatus status = new ActiveDirectoryStatus()
{
Action = action,
Status = ex.Type,
Message = ex.Message,
};
OnLogMessage("Exception", ex.Message);
result.Statuses.Add(status);
}
public void Core_PurgeRuleBadUser()
{
// Get User That Does Not Exist
String userName = $"testuser_{Utility.GenerateToken( 8 )}";
String userDistinguishedName = $"CN={userName},{workspaceName}";
Console.WriteLine($"Setting AccessRule For User [{userName}] Which Should Not Exist On User [{user.Name}].");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.PurgeAccessRules(user.Name, userName));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("Can Not Be Found"));
}
public void Core_PurgeRuleBadTarget()
{
// Get OrgUnit That Does Not Exist
String ouName = $"testou_{Utility.GenerateToken( 8 )}";
String ouDistinguishedName = $"GW={ouName},{workspaceName}";
GroupPrincipal group = Utility.CreateGroup(workspaceName);
Console.WriteLine($"Purging AccessRule For Group [{group.Name}] From OrgUnit [{ouName}] Which Should Not Exist.");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.PurgeAccessRules(ouName, group.Name));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("Can Not Be Found"));
}
public void Core_SetRuleBadTarget()
{
// Get OrgUnit That Does Not Exist
String ouName = $"testou_{Utility.GenerateToken( 8 )}";
String ouDistinguishedName = $"GW={ouName},{workspaceName}";
GroupPrincipal group = Utility.CreateGroup(workspaceName);
Console.WriteLine($"Setting AccessRule For Group [{group.Name}] On OrgUnit [{ouName}] Which Should Not Exist.");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.SetAccessRule(ouName, group.Name, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("Can Not Be Found"));
}
public void Core_ModifyOrgUnitBadData()
{
String badOuName = $"ou=BadOrgUnit,{workspaceName}";
DirectoryServices.CreateOrganizationUnit(badOuName, null);
DirectoryEntryObject badOrgUnit = DirectoryServices.GetOrganizationalUnit(badOuName, false, true, false);
Dictionary <string, List <string> > properties = new Dictionary <string, List <string> >();
DirectoryServices.AddProperty(properties, "managedBy", "BadManager");
Console.WriteLine($"Modify OrgUnit [{badOrgUnit.Name}] With Bad Property [ManagedBy]");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.ModifyOrganizationUnit(badOrgUnit.Properties["distinguishedName"][0].ToString(), properties));
DirectoryServices.DeleteOrganizationUnit(badOrgUnit.DistinguishedName);
}
public void Core_AddUserToNonExistantGroup()
{
// Get Group That Does Not Exist
String groupName = $"testgroup_{Utility.GenerateToken( 8 )}";
String groupDistinguishedName = $"OU={groupName},{workspaceName}";
UserPrincipal up = Utility.CreateUser(workspaceName);
Console.WriteLine($"Adding User [{up.DistinguishedName}] To Group [{groupDistinguishedName}] Which Should Not Exist.");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.AddUserToGroup(up.DistinguishedName, groupDistinguishedName));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("cannot be found"));
Utility.DeleteUser(up.DistinguishedName);
}
public void Core_PurgeRuleBadUser()
{
// Get Group That Does Not Exist
String groupName = $"testgroup_{Utility.GenerateToken( 8 )}";
String groupDistinguishedName = $"CN={groupName},{workspaceName}";
String testOuName = $"ou=TestOrgUnit001,{workspaceName}";
DirectoryServices.CreateOrganizationUnit(testOuName, null);
DirectoryEntryObject ouo = DirectoryServices.GetOrganizationalUnit(testOuName, false, true, false);
Console.WriteLine($"Purging AccessRule For Group [{groupName}] Which Should Not Exist From OrgUnit [{ouo.Name}].");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.PurgeAccessRules(ouo.DistinguishedName, groupName));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("Can Not Be Found"));
DirectoryServices.DeleteOrganizationUnit(ouo.DistinguishedName);
}
public void Core_SetRuleBadUser()
{
// Get Group That Does Not Exist
String groupName = $"testgroup_{Utility.GenerateToken( 8 )}";
String groupDistinguishedName = $"CN={groupName},{workspaceName}";
String testOuName = $"ou=TestOrgUnit001,{workspaceName}";
DirectoryServices.CreateOrganizationUnit(testOuName, null);
DirectoryEntryObject ouo = DirectoryServices.GetOrganizationalUnit(testOuName, false, true, false);
Console.WriteLine($"Setting AccessRule For Group [{groupName}] Which Should Not Exist On OrgUnit [{ouo.Name}].");
AdException ex = Assert.Throws <AdException>(() => DirectoryServices.SetAccessRule(ouo.DistinguishedName, groupName, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None));
Console.WriteLine($"Exception Message : {ex.Message}");
Assert.That(ex.Message, Contains.Substring("Can Not Be Found"));
DirectoryServices.DeleteOrganizationUnit(ouo.DistinguishedName);
}
private void ProcessModify(AdObject obj, bool returnObject = true)
{
ActiveDirectoryObjectResult result = new ActiveDirectoryObjectResult()
{
Type = obj.Type,
Identity = obj.Identity
};
ActiveDirectoryStatus status = new ActiveDirectoryStatus()
{
Action = config.Action,
Status = AdStatusType.Success,
Message = "Success",
};
try
{
string statusAction = "Modified";
switch (obj.Type)
{
case AdObjectType.User:
AdUser user = (AdUser)obj;
UserPrincipal up = null;
if (config.UseUpsert && !DirectoryServices.IsExistingUser(obj.Identity))
{
if (DirectoryServices.IsDistinguishedName(obj.Identity))
{
String path = DirectoryServices.GetParentPath(obj.Identity);
roleManager.CanPerformActionOrException(requestUser, ActionType.Create, path);
up = user.CreateUserPrincipal();
statusAction = "Created";
}
else
{
throw new AdException($"Identity [{obj.Identity}] Must Be A Distinguished Name For User Creation.", AdStatusType.MissingInput);
}
}
else
{
roleManager.CanPerformActionOrException(requestUser, ActionType.Modify, obj.Identity);
up = DirectoryServices.GetUserPrincipal(obj.Identity);
if (up == null)
{
throw new AdException($"User [{obj.Identity}] Not Found.", AdStatusType.DoesNotExist);
}
user.UpdateUserPrincipal(up);
}
DirectoryServices.SaveUser(up, isDryRun);
OnLogMessage("ProcessModify", obj.Type + " [" + obj.Identity + "] " + statusAction + ".");
if (user.Groups != null)
{
ProcessGroupAdd(user, false);
}
result.Statuses.Add(status);
break;
case AdObjectType.Group:
AdGroup group = (AdGroup)obj;
GroupPrincipal gp = null;
if (config.UseUpsert && !DirectoryServices.IsExistingGroup(obj.Identity))
{
if (DirectoryServices.IsDistinguishedName(obj.Identity))
{
String path = DirectoryServices.GetParentPath(obj.Identity);
roleManager.CanPerformActionOrException(requestUser, ActionType.Create, path);
gp = group.CreateGroupPrincipal();
statusAction = "Created";
}
else
{
throw new AdException($"Identity [{obj.Identity}] Must Be A Distinguished Name For Group Creation.", AdStatusType.MissingInput);
}
}
else
{
roleManager.CanPerformActionOrException(requestUser, ActionType.Modify, obj.Identity);
gp = DirectoryServices.GetGroupPrincipal(obj.Identity);
if (gp == null)
{
throw new AdException($"Group [{obj.Identity}] Not Found.", AdStatusType.DoesNotExist);
}
group.UpdateGroupPrincipal(gp);
}
DirectoryServices.SaveGroup(gp, isDryRun);
OnLogMessage("ProcessModify", obj.Type + " [" + obj.Identity + "] " + statusAction + ".");
if (group.Groups != null)
{
ProcessGroupAdd(group, false);
}
result.Statuses.Add(status);
break;
case AdObjectType.OrganizationalUnit:
AdOrganizationalUnit ou = (AdOrganizationalUnit)obj;
// Get DistinguishedName from User or Group Identity for ManagedBy Property
if (!String.IsNullOrWhiteSpace(ou.ManagedBy))
{
if (ou.Properties == null)
{
ou.Properties = new Dictionary <string, List <string> >();
}
if (!ou.Properties.ContainsKey("managedBy"))
{
String distinguishedName = DirectoryServices.GetDistinguishedName(ou.ManagedBy);
if (distinguishedName == null)
{
distinguishedName = ou.ManagedBy;
}
List <String> values = new List <string>()
{
distinguishedName
};
ou.Properties.Add("managedBy", values);
}
}
if (config.UseUpsert && !DirectoryServices.IsExistingDirectoryEntry(obj.Identity))
{
if (DirectoryServices.IsDistinguishedName(obj.Identity))
{
String path = DirectoryServices.GetParentPath(obj.Identity);
roleManager.CanPerformActionOrException(requestUser, ActionType.Create, path);
if (!String.IsNullOrWhiteSpace(ou.Description))
{
DirectoryServices.AddProperty(ou.Properties, "description", ou.Description);
}
DirectoryServices.CreateOrganizationUnit(obj.Identity, ou.Properties, isDryRun);
statusAction = "Created";
}
else
{
throw new AdException($"Identity [{obj.Identity}] Must Be A Distinguished Name For Organizational Unit Creation.", AdStatusType.MissingInput);
}
}
else
{
roleManager.CanPerformActionOrException(requestUser, ActionType.Modify, obj.Identity);
if (!String.IsNullOrWhiteSpace(ou.Description))
{
DirectoryServices.AddProperty(ou.Properties, "description", ou.Description);
}
DirectoryServices.ModifyOrganizationUnit(ou.Identity, ou.Properties, isDryRun);
}
OnLogMessage("ProcessModify", obj.Type + " [" + obj.Identity + "] " + statusAction + ".");
result.Statuses.Add(status);
break;
default:
throw new AdException("Action [" + config.Action + "] Not Implemented For Type [" + obj.Type + "]", AdStatusType.NotSupported);
}
if (returnObject)
{
result.Object = GetActiveDirectoryObject(obj);
}
}
catch (AdException ex)
{
ProcessActiveDirectoryException(result, ex, status.Action);
}
catch (Exception e)
{
OnLogMessage("ProcessCreate", e.Message);
OnLogMessage("ProcessCreate", e.StackTrace);
AdException le = new AdException(e);
ProcessActiveDirectoryException(result, le, status.Action);
}
results.Add(result);
}
private void ProcessAccessRules(AdObject obj, bool returnObject = false)
{
ActiveDirectoryObjectResult result = new ActiveDirectoryObjectResult()
{
Type = obj.Type,
Identity = obj.Identity
};
ActiveDirectoryStatus status = new ActiveDirectoryStatus()
{
Action = config.Action,
Status = AdStatusType.Success,
Message = "Success",
};
try
{
roleManager.CanPerformActionOrException(requestUser, config.Action, obj.Identity);
// Get Target DirectoryEntry For Rules
DirectoryEntry de = null;
if (obj.Type == AdObjectType.User || obj.Type == AdObjectType.Group)
{
Principal principal = DirectoryServices.GetPrincipal(obj.Identity);
if (principal == null)
{
throw new AdException($"Principal [{obj.Identity}] Can Not Be Found.", AdStatusType.DoesNotExist);
}
else if (principal.GetUnderlyingObjectType() == typeof(DirectoryEntry))
{
de = (DirectoryEntry)principal.GetUnderlyingObject();
}
else
{
throw new AdException($"AddAccessRule Not Available For Object Type [{principal.GetUnderlyingObjectType()}]", AdStatusType.NotSupported);
}
}
else
{
de = DirectoryServices.GetDirectoryEntry(obj.Identity);
if (de == null)
{
throw new AdException($"DirectoryEntry [{obj.Identity}] Can Not Be Found.", AdStatusType.DoesNotExist);
}
}
// Add Rules To Target DirectoryEntry
foreach (AdAccessRule rule in obj.AccessRules)
{
String message = String.Empty;
switch (config.Action)
{
case ActionType.AddAccessRule:
DirectoryServices.AddAccessRule(de, rule.Identity, rule.Rights, rule.Type);
message = $"{rule.Type} [{rule.Rights}] Rule Added To {obj.Type} [{obj.Identity}] For Identity [{rule.Identity}].";
break;
case ActionType.RemoveAccessRule:
DirectoryServices.DeleteAccessRule(de, rule.Identity, rule.Rights, rule.Type);
message = $"{rule.Type} [{rule.Rights}] Rule Deleted From {obj.Type} [{obj.Identity}] For Identity [{rule.Identity}].";
break;
case ActionType.SetAccessRule:
DirectoryServices.SetAccessRule(de, rule.Identity, rule.Rights, rule.Type);
message = $"{rule.Type} [{rule.Rights}] Rule Set On {obj.Type} [{obj.Identity}] For Identity [{rule.Identity}].";
break;
case ActionType.PurgeAccessRules:
DirectoryServices.PurgeAccessRules(de, rule.Identity);
message = $"All Rules Purged On {obj.Type} [{obj.Identity}] For Identity [{rule.Identity}].";
break;
default:
throw new AdException("Action [" + config.Action + "] Not Implemented For Type [" + obj.Type + "]", AdStatusType.NotSupported);
}
result.Statuses.Add(status);
OnLogMessage("ProcessAccessRules", message);
}
if (returnObject)
{
result.Object = GetActiveDirectoryObject(obj);
}
}
catch (AdException ex)
{
ProcessActiveDirectoryException(result, ex, status.Action);
}
catch (Exception e)
{
OnLogMessage("ProcessDelete", e.Message);
OnLogMessage("ProcessDelete", e.StackTrace);
AdException le = new AdException(e);
ProcessActiveDirectoryException(result, le, status.Action);
}
results.Add(result);
}
private void AddToGroup(ActiveDirectoryObjectResult result, AdObject obj, bool returnObject = true)
{
ActiveDirectoryStatus status = new ActiveDirectoryStatus()
{
Action = ActionType.AddToGroup,
Status = AdStatusType.Success,
Message = "Success",
};
try
{
switch (obj.Type)
{
case AdObjectType.User:
AdUser user = (AdUser)obj;
if (user.Groups != null)
{
foreach (string userGroup in user.Groups)
{
try
{
roleManager.CanPerformActionOrException(requestUser, ActionType.AddToGroup, userGroup);
DirectoryServices.AddUserToGroup(user.Identity, userGroup, isDryRun);
String userMessage = $"{obj.Type} [{user.Identity}] Added To Group [{userGroup}].";
OnLogMessage("ProcessGroupAdd", userMessage);
status.Message = userMessage;
result.Statuses.Add(new ActiveDirectoryStatus(status));
}
catch (AdException ldeUserEx)
{
ProcessActiveDirectoryException(result, ldeUserEx, status.Action);
}
}
}
break;
case AdObjectType.Group:
AdGroup group = (AdGroup)obj;
if (group.Groups != null)
{
foreach (string groupGroup in group.Groups)
{
try
{
roleManager.CanPerformActionOrException(requestUser, ActionType.AddToGroup, groupGroup);
DirectoryServices.AddGroupToGroup(group.Identity, groupGroup, isDryRun);
String groupMessage = $"{obj.Type} [{group.Identity}] Added To Group [{groupGroup}].";
OnLogMessage("ProcessGroupAdd", groupMessage);
status.Message = groupMessage;
result.Statuses.Add(new ActiveDirectoryStatus(status));
}
catch (AdException ldeGroupEx)
{
ProcessActiveDirectoryException(result, ldeGroupEx, status.Action);
}
}
}
break;
default:
throw new AdException("Action [" + config.Action + "] Not Implemented For Type [" + obj.Type + "]", AdStatusType.NotSupported);
}
if (returnObject)
{
GetObject(result, obj, true, false);
}
}
catch (AdException ex)
{
ProcessActiveDirectoryException(result, ex, status.Action);
}
catch (Exception e)
{
OnLogMessage("ProcessGroupAdd", e.Message);
OnLogMessage("ProcessGroupAdd", e.StackTrace);
AdException le = new AdException(e);
ProcessActiveDirectoryException(result, le, status.Action);
}
}
