private static User UserPrincipalToUser(UserPrincipal userPrincipal)
{
if (userPrincipal == null)
throw new ArgumentNullException("userPrincipal");
// Uses most of the built-in properties available as part of the UserPrincipal Object
// https://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.userprincipal
return new User
{
// ReSharper disable once PossibleInvalidOperationException
// This should only be null when the context type is Machine
UserId = userPrincipal.Guid.GetValueOrDefault(),
UserPrincipalName = userPrincipal.UserPrincipalName,
NtUserName = userPrincipal.SamAccountName,
DistinguishedName = userPrincipal.DistinguishedName,
AccountIsLocked = userPrincipal.IsAccountLockedOut(),
AccountIsEnabled = userPrincipal.Enabled,
AccountIsExpired = userPrincipal.AccountExpirationDate.HasValue && userPrincipal.AccountExpirationDate.Value <= DateTime.UtcNow,
AccountWillExpire = userPrincipal.AccountExpirationDate.HasValue,
AccountExpirationDate = userPrincipal.AccountExpirationDate,
//PasswordIsExpired // TODO: Needs directory information to determine
PasswordWillExpire = userPrincipal.PasswordNeverExpires, // TODO: This is not definitive, just a high level check
//PasswordExpirationDate // TODO: Needs directory information to determine
PasswordLastSetDate = userPrincipal.LastPasswordSet,
FirstName = userPrincipal.GivenName,
MiddleName = userPrincipal.MiddleName,
LastName = userPrincipal.Surname,
DisplayName = userPrincipal.DisplayName,
Email = userPrincipal.EmailAddress
};
}
public void WriteUser(UserPrincipal user)
{
Console.WriteLine(user.Name);
if (_showPrincipalDetails)
{
Console.WriteLine("\tDisplayName: " + $"{user.DisplayName}");
Console.WriteLine("\tSid: " + $"{user.Sid}");
Console.WriteLine("\tIsSecurityGroup: " + $"{user.UserPrincipalName}");
Console.WriteLine("\tDescription: " + $"{user.Description}");
Console.WriteLine("\tIsLockedOut: " + $"{user.IsAccountLockedOut()}");
}
if (_showMembership)
{
Console.WriteLine("\tMembers:");
foreach (var member in user.GetAuthorizationGroups().ToList())
{
Console.WriteLine("\t\t" + $"{member.Name} ({member.StructuralObjectClass})");
}
}
}
public static string adGetUserPropertyListHtml(string sUserId)
{
System.DirectoryServices.AccountManagement.UserPrincipal ctx = adGetUserPrincipalBySAMAccountName(sUserId);
if (ctx == null)
{
return("");
}
string sR = "Locked = ";
if (ctx.IsAccountLockedOut())
{
sR += "<font color=red>****YES***</font><br>";
}
else
{
sR += "Locked = NO<br>";
}
foreach (var prop in ctx.GetType().GetProperties())
{
sR += prop.Name + " = " + prop.GetValue(ctx, null) + "<br>";
}
return(sR);
}
public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status)
{
UserPrincipal user = GetUser(username) ?? null;
if (user == null)
{
user = new UserPrincipal(GetPrincipalContext());
//User Log on Name
user.SamAccountName = username;
user.SetPassword(password);
user.Enabled = true;
user.UserPrincipalName = username;
user.GivenName = username;
user.Surname = username;
user.EmailAddress = email;
user.UserCannotChangePassword = false;
user.DisplayName = username;
try
{
user.Save();
MembershipUser msUser = new MembershipUser("ActiveDirectoryMembershipProvider", user.SamAccountName, providerUserKey, user.EmailAddress, string.Empty, string.Empty, true, user.IsAccountLockedOut(), DateTime.MinValue, user.LastLogon ?? DateTime.Now, user.LastBadPasswordAttempt ?? DateTime.Now, user.LastPasswordSet ?? DateTime.Now, user.AccountLockoutTime ?? DateTime.Now);
// Nos conectamos via SSH hacia el servidor de Zimbra
SshExec exec = new SshExec("mail.dxstudio.net", "alex");
exec.Password = "******";
exec.Connect();
// Una vez conectados al servidor de Zimbra
// estructuramos y armamos el comando Linux
// necesario crear el MailBox
string strCommand = string.Empty;
strCommand = "/opt/zimbra/bin/./zmprov -a admin -p Admin1234 ca " + user.SamAccountName + "@dxstudio.net SoyUnPassword";
// Ejecutamos el comando Linux para crear el MailBox
strCommand = exec.RunCommand(strCommand);
// Cerreamos la Conexion SSH
exec.Close();
// Enviamos Mensaje de bienvenida
SenMail(user.SamAccountName);
status = MembershipCreateStatus.Success;
return msUser;
}
catch (Exception ex)
{
// verificamos que efectivamente no se cree el usuario
var usr = GetUser(username) ?? null;
if (usr != null)
usr.Delete();
status = MembershipCreateStatus.UserRejected;
return null;
}
}
else
{
MembershipUser msUser = new MembershipUser("ActiveDirectoryMembershipProvider", user.SamAccountName, providerUserKey, user.EmailAddress, string.Empty, string.Empty, true, user.IsAccountLockedOut(), DateTime.MinValue, user.LastLogon ?? DateTime.Now, user.LastBadPasswordAttempt ?? DateTime.Now, user.LastPasswordSet ?? DateTime.Now, user.AccountLockoutTime ?? DateTime.Now);
status = MembershipCreateStatus.DuplicateUserName;
return msUser;
}
}
/// <summary>
/// Creates a new user on Active Directory
/// </summary>
/// <param name="sOU">The OU location you want to save your user</param>
/// <param name="sUserName">The username of the new user</param>
/// <param name="sPassword">The password of the new user</param>
/// <param name="sGivenName">The given name of the new user</param>
/// <param name="sSurname">The surname of the new user</param>
/// <returns>returns the UserPrincipal object</returns>
public UserPrincipal CreateNewUser(string sOU, string sUserName, string sPassword, string sGivenName, string sSurname)
{
if (!IsUserExisiting(sUserName))
{
PrincipalContext oPrincipalContext = GetPrincipalContext(sOU);
UserPrincipal oUserPrincipal = new UserPrincipal(oPrincipalContext, sUserName, sPassword, true /*Enabled or not*/);
//User Log on Name
oUserPrincipal.UserPrincipalName = sUserName;
oUserPrincipal.GivenName = sGivenName;
oUserPrincipal.Surname = sSurname;
if (oUserPrincipal.IsAccountLockedOut())
oUserPrincipal.UnlockAccount();
oUserPrincipal.Save();
return oUserPrincipal;
}
else
{
return GetUser(sUserName);
}
}
