public void GrantLogonAsService(WindowsUser windowsUser)
{
/*LsaManaged lsa = new LsaManaged();
* lsa.AddPrivileges(windowsUser.Username, "SeServiceLogonRight");*/
LsaUtility.SetRight(windowsUser.Username, "SeServiceLogonRight");
}
/// <summary>
/// Creates user based on object fields and properties, as well
/// as adding the user to specified groups.
/// </summary>
/// <param name="user">Windows user to create.</param>
public SecurityIdentifier Create(WindowsUser windowsUser)
{
if (windowsUser.Username.Length > 20)
{
throw new Exception(
"The username '" + windowsUser.Username + "' is longer than " +
"20 characters, which is not allowed in Windows.");
}
DirectoryEntry theServer = new DirectoryEntry(AdsiPath);
DirectoryEntry newUser = theServer.Children.Add(windowsUser.Username, "user");
newUser.Properties["userFlags"].Value = (int)windowsUser.Flags;
newUser.Properties["description"].Value = windowsUser.Description;
newUser.Properties["fullName"].Value = windowsUser.FullName;
setPassword(newUser, windowsUser.Password);
try
{
// Create the user.
newUser.CommitChanges();
}
catch (Exception ex)
{
throw new Exception("An error occured while trying to " +
"create the Windows user account. Please verify " +
"that it doesn't already exist.", ex);
}
// Retrieve SID bytes from ADSI for remote DACL modification.
byte[] sidBytes = (byte[])newUser.Properties["objectSid"].Value;
windowsUser.Sid = new SecurityIdentifier(sidBytes, 0);
// Now add the user to it's user groups.
DirectoryEntry adsiGroup;
foreach (WindowsUserGroup group in windowsUser.Groups)
{
try
{
adsiGroup = theServer.Children.Find(group.Name, "group");
Object[] users = new Object[] { newUser.Path.ToString() };
adsiGroup.Invoke("Add", users);
}
catch (Exception ex)
{
throw new Exception("An error occured while " +
"trying to add the Windows user account to " +
"the '" + group.Name + "' group.", ex);
}
}
return(windowsUser.Sid);
}
public WindowsUser Get(SecurityIdentifier sid)
{
WindowsUser windowsUser = Find(sid);
if (windowsUser == null)
{
throw new OperationCanceledException(
"Could not find a user with the SID '" + sid.ToString() + "'.");
}
return(windowsUser);
}
public WindowsUser Get(string username)
{
WindowsUser windowsUser = Find(username);
if (windowsUser == null)
{
throw new OperationCanceledException(
"Could not find a user with the username '" + username + "'.");
}
return(windowsUser);
}
public static WindowsUser Parse(DirectoryEntry entry)
{
WindowsUser wu = new WindowsUser(
(string)entry.Properties["name"].Value,
string.Empty,
(string)entry.Properties["fullName"].Value,
(string)entry.Properties["description"].Value,
(WindowsUserFlag)entry.Properties["userFlags"].Value);
wu.Sid = new SecurityIdentifier((byte[])entry.Properties["objectSid"].Value, 0);
return(wu);
}
/// <summary>
/// Changes the information for a Windows user. This does not
/// yet support groups, but may do at some point in the future.
/// </summary>
/// <param name="oldUser">Used to locate existing user.</param>
/// <param name="newUser">All information will be applied.</param>
/// <returns>The previous username.</returns>
public string Update(WindowsUser windowsUser)
{
if (windowsUser.Sid == null)
{
throw new NullReferenceException(
"Windows user SID for '" + windowsUser.Username +
"' cannot be null as it is needed for searching.");
}
// Lookup the username string from the SID.
WindowsUser current = Get(windowsUser.Sid);
DirectoryEntry server = getServerEntry();
DirectoryEntry user = getUserEntry(server, current.Username);
if (user.Name != windowsUser.Username)
{
user.Rename(windowsUser.Username);
}
user.Properties["userFlags"].Value = (int)windowsUser.Flags;
user.Properties["description"].Value = windowsUser.Description;
user.Properties["fullName"].Value = windowsUser.FullName;
setPassword(user, windowsUser.Password);
try
{
user.CommitChanges();
}
catch (Exception ex)
{
throw new Exception("An error occured while trying to update " +
"the client's Windows user account. Please verify that it " +
"exists and that the new information is valid.", ex);
}
// Reutrn previous username.
return(current.Username);
}
public void GrantLogonAsService(WindowsUser windowsUser)
{
LsaManaged lsa = new LsaManaged();
lsa.AddPrivileges(windowsUser.Username, "SeServiceLogonRight");
}
public IEnumerable <WindowsUser> GetAll()
{
DirectoryEntry server = new DirectoryEntry(AdsiPath);
return(server.Children.OfType("User").Select(e => WindowsUser.Parse(e)));
}