public void TestSync( ) { DBHelper.Init(Settings.Default.ConnectionString); DBHelper.ExecuteNonQuery("Test_DeleteAllData"); IList <ADPrincipal> pl = GetPrincipalList( ); ADSyncHelper.SyncAdToSqlServer(pl, Settings.Default.ConnectionString, "TestAD"); IAuthorizationManager manager = Afcas.GetAuthorizationManager( ); using (new ObjectCacheScope( )) { Assert.AreEqual(5, manager.GetPrincipalList( ).Count); //removal from sql side should not matter manager.RemovePrincipal("p1"); ADSyncHelper.SyncAdToSqlServer(pl, Settings.Default.ConnectionString, "TestAD"); Assert.AreEqual(5, manager.GetPrincipalList( ).Count); } using (new ObjectCacheScope( )) { //removal from ad side ADPrincipal p1 = pl[0]; pl.RemoveAt(0); ADSyncHelper.SyncAdToSqlServer(pl, Settings.Default.ConnectionString, "TestAD"); IList <Principal> dbpl = manager.GetPrincipalList( ); Assert.AreEqual(4, dbpl.Count); Assert.That(!IsInList(p1.Name, dbpl)); Assert.That(!manager.IsMemberOf("g1", "p1")); } }
private bool GetADGroupMemberProcessCSRoutine() { this._partitionPath = this._cmdletParameters["Partition"] as string; this._identityADGroup = this._cmdletParameters["Identity"] as ADGroup; this._isRecursive = this._cmdletParameters.GetSwitchParameterBooleanValue("Recursive"); base.SetPipelinedSessionInfo(this._identityADGroup.SessionInfo); CmdletSessionInfo cmdletSessionInfo = base.GetCmdletSessionInfo(); ADGroupFactory <ADGroup> aDGroupFactory = new ADGroupFactory <ADGroup>(); aDGroupFactory.SetCmdletSessionInfo(cmdletSessionInfo); this.ValidateParameters(); ADObject directoryObjectFromIdentity = aDGroupFactory.GetDirectoryObjectFromIdentity(this._identityADGroup, cmdletSessionInfo.DefaultPartitionPath); using (ADAccountManagement aDAccountManagement = new ADAccountManagement(cmdletSessionInfo.ADSessionInfo)) { ADPrincipal[] groupMembers = aDAccountManagement.GetGroupMembers(cmdletSessionInfo.DefaultPartitionPath, directoryObjectFromIdentity.DistinguishedName, this._isRecursive); ADPrincipal[] aDPrincipalArray = groupMembers; for (int i = 0; i < (int)aDPrincipalArray.Length; i++) { ADPrincipal aDPrincipal = aDPrincipalArray[i]; base.WriteObject(aDPrincipal); } } return(true); }
private bool SetADPrincipalGroupMembershipProcessCSRoutine() { if (this._cmdletParameters.Contains("Identity")) { ADPrincipal item = this._cmdletParameters["Identity"] as ADPrincipal; this.SetPipelinedSessionInfo(item.SessionInfo); CmdletSessionInfo cmdletSessionInfo = base.GetCmdletSessionInfo(); this._factory.SetCmdletSessionInfo(cmdletSessionInfo); base.ValidateParameters(); this.ValidateMemberOfParameter(); try { ADPrincipal extendedObjectFromIdentity = this._factory.GetExtendedObjectFromIdentity(item, cmdletSessionInfo.DefaultPartitionPath); this._validExtendedPrincipalList.Add(extendedObjectFromIdentity); } catch (ADIdentityNotFoundException aDIdentityNotFoundException1) { ADIdentityNotFoundException aDIdentityNotFoundException = aDIdentityNotFoundException1; base.ThrowTerminatingError(ADUtilities.GetErrorRecord(aDIdentityNotFoundException, "SetADPrincipalGroupMembership:ProcessRecordOverride", item)); } return(true); } else { object[] objArray = new object[1]; objArray[0] = "Identity"; throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, StringResources.ParameterRequired, objArray)); } }
public static void SyncAdToSqlServer(IList <ADPrincipal> pl, string connectionString, string dbSourceName) { Dictionary <string, ADPrincipal> pdic = new Dictionary <string, ADPrincipal>(pl.Count); for (int ii = 0; ii < pl.Count; ii++) { ADPrincipal pr = pl[ii]; pdic[pr.ADPath] = pr; } DBHelper.Init(connectionString); using (TransactionScope scope = DBHelper.GetRequiredTransactionScope( )) { DBHelper.ExecuteNonQuery("Sync_ClearSyncData", dbSourceName, EdgeSource.Principal); // update principals for (int ii = 0; ii < pl.Count; ii++) { ADPrincipal pr = pl[ii]; DBHelper.ExecuteNonQuery("Sync_AddPrincipalToSyncList", new Guid(pr.Id), pr.PrincipalType, pr.Name, pr.Email, pr.DisplayName, pr.Description, dbSourceName); } DBHelper.ExecuteNonQuery("Sync_SyncPrincipal", dbSourceName); // update memberships for (int ii = 0; ii < pl.Count; ii++) { ADPrincipal pr = pl[ii]; for (int jj = 0; jj < pr.GroupPaths.Length; jj++) { string path = pr.GroupPaths[jj]; ADPrincipal gr; if (!pdic.TryGetValue(path, out gr)) { // this group is out of scope from the path list continue; } DBHelper.ExecuteNonQuery("Sync_AddEdgeToSyncList", pr.Name, gr.Name, EdgeSource.Principal); } } DBHelper.ExecuteNonQuery("Sync_SyncEdge", 0, EdgeSource.Principal, dbSourceName); scope.Complete( ); } }
private static IList <ADPrincipal> GetPrincipalList( ) { ADPrincipal p1 = new ADPrincipal(Guid.NewGuid( ).ToString( ), "p1", "cn=p1,dc=test,dc=com", PrincipalType.User, "*****@*****.**", "p1 disp name", "p1 desc", new[] { "cn=g1,dc=test,dc=com", "cn=g2,dc=test,dc=com" }); ADPrincipal p2 = new ADPrincipal(Guid.NewGuid( ).ToString( ), "p2", "cn=p2,dc=test,dc=com", PrincipalType.User, "*****@*****.**", "p2 disp name", "p2 desc", new[] { "cn=g1,dc=test,dc=com" }); ADPrincipal p3 = new ADPrincipal(Guid.NewGuid( ).ToString( ), "p3", "cn=p3,dc=test,dc=com", PrincipalType.User, "*****@*****.**", "p3 disp name", "p3 desc", new[] { "cn=g2,dc=test,dc=com" }); ADPrincipal g1 = new ADPrincipal(Guid.NewGuid( ).ToString( ), "g1", "cn=g1,dc=test,dc=com", PrincipalType.User, "*****@*****.**", "g1 disp name", "g1 desc", new[] { "cn=g2,dc=test,dc=com" }); ADPrincipal g2 = new ADPrincipal(Guid.NewGuid( ).ToString( ), "g2", "cn=g2,dc=test,dc=com", PrincipalType.User, "*****@*****.**", "g2 disp name", "g2 desc", new string[] { }); return(new List <ADPrincipal>(new[] { p1, p2, p3, g1, g2 })); }
internal override IADOPathNode IdentitySearchConverter(object identity) { if (identity != null) { if ((int)this.IdentityLdapAttributes.Length <= 0) { return(null); } else { SecurityIdentifier securityIdentifier = identity as SecurityIdentifier; if (securityIdentifier == null) { IADOPathNode aDOPathNode = base.IdentitySearchConverter(identity); ADPrincipal aDPrincipal = identity as ADPrincipal; if (aDPrincipal == null) { return(aDOPathNode); } else { List <IADOPathNode> aDOPathNodes = new List <IADOPathNode>(); if (aDPrincipal.SamAccountName != null) { aDOPathNodes.Add(ADOPathUtil.CreateFilterClause(ADOperator.Eq, "sAMAccountName", aDPrincipal.SamAccountName)); } if (aDPrincipal.SID != null) { aDOPathNodes.Add(ADOPathUtil.CreateFilterClause(ADOperator.Eq, "objectSid", aDPrincipal.SID)); } aDOPathNodes.Add(aDOPathNode); return(ADOPathUtil.CreateAndClause(aDOPathNodes.ToArray())); } } else { byte[] numArray = new byte[securityIdentifier.BinaryLength]; securityIdentifier.GetBinaryForm(numArray, 0); return(ADOPathUtil.CreateFilterClause(ADOperator.Eq, "objectSid", numArray)); } } } else { throw new ArgumentNullException("identity"); } }
private void ValidateSubjectsAndAddToList() { object item = this._cmdletParameters["Subjects"]; ADPrincipal[] aDPrincipalArray = item as ADPrincipal[]; if (aDPrincipalArray == null) { ADPrincipal aDPrincipal = item as ADPrincipal; if (aDPrincipal != null) { ADPrincipal[] aDPrincipalArray1 = new ADPrincipal[1]; aDPrincipalArray1[0] = aDPrincipal; aDPrincipalArray = aDPrincipalArray1; } } ADPrincipalFactory <ADPrincipal> aDPrincipalFactory = new ADPrincipalFactory <ADPrincipal>(); if (aDPrincipalArray[0].IsSearchResult) { this.SetPipelinedSessionInfo(aDPrincipalArray[0].SessionInfo); } CmdletSessionInfo cmdletSessionInfo = base.GetCmdletSessionInfo(); aDPrincipalFactory.SetCmdletSessionInfo(cmdletSessionInfo); if (aDPrincipalArray != null) { new Hashtable(); ADPrincipal[] aDPrincipalArray2 = aDPrincipalArray; for (int i = 0; i < (int)aDPrincipalArray2.Length; i++) { ADPrincipal aDPrincipal1 = aDPrincipalArray2[i]; try { ADObject directoryObjectFromIdentity = aDPrincipalFactory.GetDirectoryObjectFromIdentity(aDPrincipal1, cmdletSessionInfo.DefaultPartitionPath); this._appliesToDNList.Add(directoryObjectFromIdentity.DistinguishedName); } catch (ADIdentityNotFoundException aDIdentityNotFoundException1) { ADIdentityNotFoundException aDIdentityNotFoundException = aDIdentityNotFoundException1; DebugLogger.LogError("SetADFineGrainedPasswordPolicySubject", aDIdentityNotFoundException.ToString()); base.ThrowTerminatingError(ADUtilities.GetErrorRecord(aDIdentityNotFoundException, "SetADFineGrainedPasswordPolicySubject:ValidateSubjectsAndAddToList", aDPrincipal1)); } } } }
private bool GetGroupMembershipProcessCSRoutine() { this._partitionPath = this._cmdletParameters["Partition"] as string; this._identityADPrincipal = this._cmdletParameters["Identity"] as ADPrincipal; base.SetPipelinedSessionInfo(this._identityADPrincipal.SessionInfo); CmdletSessionInfo cmdletSessionInfo = base.GetCmdletSessionInfo(); ADPrincipalFactory <ADPrincipal> aDPrincipalFactory = new ADPrincipalFactory <ADPrincipal>(); aDPrincipalFactory.SetCmdletSessionInfo(cmdletSessionInfo); this.ValidateParameters(); ADObject directoryObjectFromIdentity = aDPrincipalFactory.GetDirectoryObjectFromIdentity(this._identityADPrincipal, cmdletSessionInfo.DefaultPartitionPath); using (ADAccountManagement aDAccountManagement = new ADAccountManagement(cmdletSessionInfo.ADSessionInfo)) { if (!string.IsNullOrEmpty(this._resourceContextServer) && string.IsNullOrEmpty(this._resourceContextPartition)) { ADSessionInfo aDSessionInfo = cmdletSessionInfo.ADSessionInfo.Copy(); aDSessionInfo.Server = this._resourceContextServer; using (ADObjectSearcher aDObjectSearcher = new ADObjectSearcher(aDSessionInfo)) { ADRootDSE rootDSE = aDObjectSearcher.GetRootDSE(); if (rootDSE.DefaultNamingContext != null) { this._resourceContextPartition = rootDSE.DefaultNamingContext; } else { object[] objArray = new object[1]; objArray[0] = "ResourceContextPartition"; base.ThrowTerminatingError(new ErrorRecord(new ArgumentException(string.Format(CultureInfo.CurrentCulture, StringResources.ParameterRequired, objArray)), "1", ErrorCategory.InvalidArgument, null)); } } } ADGroup[] principalGroupMembership = aDAccountManagement.GetPrincipalGroupMembership(cmdletSessionInfo.DefaultPartitionPath, directoryObjectFromIdentity.DistinguishedName, this._resourceContextServer, this._resourceContextPartition); ADGroup[] aDGroupArray = principalGroupMembership; for (int i = 0; i < (int)aDGroupArray.Length; i++) { ADGroup aDGroup = aDGroupArray[i]; base.WriteObject(aDGroup); } } return(true); }
internal static ADObjectSearcher SamAccountNameIdentityResolver(object identityObject, string searchBase, CmdletSessionInfo cmdletSessionInfo, out bool useSearchFilter) { useSearchFilter = true; if (identityObject != null) { ADPrincipal aDPrincipal = identityObject as ADPrincipal; if (aDPrincipal == null || aDPrincipal.SamAccountName == null) { return(null); } else { ADObjectSearcher aDObjectSearcher = SearchUtility.BuildSearcher(cmdletSessionInfo.ADSessionInfo, searchBase, ADSearchScope.Subtree); aDObjectSearcher.Filter = ADOPathUtil.CreateFilterClause(ADOperator.Eq, "sAMAccountName", aDPrincipal.SamAccountName); return(aDObjectSearcher); } } else { throw new ArgumentNullException("identityObject"); } }
internal static ADObjectSearcher SidIdentityResolver(object identityObject, string searchBase, CmdletSessionInfo cmdletSessionInfo, out bool useSearchFilter) { useSearchFilter = true; if (identityObject != null) { SecurityIdentifier securityIdentifier = null; string str = identityObject as string; if (string.IsNullOrEmpty(str) || !Utils.TryParseSid(str, out securityIdentifier)) { securityIdentifier = identityObject as SecurityIdentifier; if (securityIdentifier == null) { ADPrincipal aDPrincipal = identityObject as ADPrincipal; if (aDPrincipal == null || !(aDPrincipal.SID != null)) { return(null); } else { return(IdentityResolverMethods.BuildSidBaseSearcher(aDPrincipal.SID, searchBase, cmdletSessionInfo)); } } else { return(IdentityResolverMethods.BuildSidBaseSearcher(securityIdentifier, searchBase, cmdletSessionInfo)); } } else { return(IdentityResolverMethods.BuildSidBaseSearcher(securityIdentifier, searchBase, cmdletSessionInfo)); } } else { throw new ArgumentNullException("identityObject"); } }
private void ValidateMembersParameter() { bool flag; if (!this._isMembersValidated) { object item = this._cmdletParameters["Members"]; ADPrincipal[] aDPrincipalArray = item as ADPrincipal[]; if (aDPrincipalArray == null) { ADPrincipal aDPrincipal = item as ADPrincipal; if (aDPrincipal != null) { ADPrincipal[] aDPrincipalArray1 = new ADPrincipal[1]; aDPrincipalArray1[0] = aDPrincipal; aDPrincipalArray = aDPrincipalArray1; } } if (aDPrincipalArray != null) { List <string> strs = new List <string>(); Hashtable hashtables = new Hashtable(); ADPrincipalFactory <ADPrincipal> aDPrincipalFactory = new ADPrincipalFactory <ADPrincipal>(); CmdletSessionInfo cmdletSessionInfo = base.GetCmdletSessionInfo(); aDPrincipalFactory.SetCmdletSessionInfo(cmdletSessionInfo); if (cmdletSessionInfo.ConnectedADServerType != ADServerType.ADDS) { flag = false; } else { flag = this._operationType == SetADGroupMemberOperationType.RemoveGroupMember; } bool flag1 = flag; Dictionary <SecurityIdentifier, string> securityIdentifiers = new Dictionary <SecurityIdentifier, string>(); IADOPathNode aDOPathNode = null; SecurityIdentifier value = null; if (flag1) { ADGroup aDGroup = (ADGroup)this._cmdletParameters["Identity"]; if (!aDGroup.IsSearchResult) { ADObject directoryObjectFromIdentity = aDPrincipalFactory.GetDirectoryObjectFromIdentity(aDGroup, cmdletSessionInfo.DefaultPartitionPath); value = (SecurityIdentifier)directoryObjectFromIdentity["objectSid"].Value; } else { value = aDGroup.SID; } } ADPrincipal[] aDPrincipalArray2 = aDPrincipalArray; for (int i = 0; i < (int)aDPrincipalArray2.Length; i++) { ADPrincipal aDPrincipal1 = aDPrincipalArray2[i]; SecurityIdentifier sID = null; string distinguishedName = null; try { if (!aDPrincipal1.IsSearchResult) { ADObject aDObject = aDPrincipalFactory.GetDirectoryObjectFromIdentity(aDPrincipal1, cmdletSessionInfo.DefaultPartitionPath); sID = (SecurityIdentifier)aDObject["objectSid"].Value; distinguishedName = (string)aDObject["distinguishedName"].Value; } else { sID = aDPrincipal1.SID; distinguishedName = aDPrincipal1.DistinguishedName; } if (distinguishedName != null) { if (sID == null) { object[] objArray = new object[2]; objArray[0] = "objectSid"; objArray[1] = distinguishedName; throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, StringResources.AttributeNotFoundOnObject, objArray)); } } else { object[] identifyingString = new object[2]; identifyingString[0] = "distinguishedName"; identifyingString[1] = aDPrincipal1.IdentifyingString; throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, StringResources.AttributeNotFoundOnObject, identifyingString)); } } catch (ADIdentityNotFoundException aDIdentityNotFoundException1) { ADIdentityNotFoundException aDIdentityNotFoundException = aDIdentityNotFoundException1; DebugLogger.LogError("SetADGroupMember", aDIdentityNotFoundException.ToString()); base.ThrowTerminatingError(new ErrorRecord(aDIdentityNotFoundException, "SetADGroupMember.ValidateMembersParameter", ErrorCategory.ObjectNotFound, aDPrincipal1)); } catch (ArgumentException argumentException1) { ArgumentException argumentException = argumentException1; DebugLogger.LogError("SetADGroupMember", argumentException.ToString()); base.ThrowTerminatingError(new ErrorRecord(argumentException, "SetADGroupMember.ValidateMembersParameter", ErrorCategory.ReadError, aDPrincipal1)); } if (!flag1 || value.IsEqualDomainSid(sID)) { strs.Add(Utils.ConvertSIDToStringizedSid(sID)); } else { IADOPathNode aDOPathNode1 = ADOPathUtil.CreateFilterClause(ADOperator.Eq, "objectSid", sID); if (aDOPathNode != null) { IADOPathNode[] aDOPathNodeArray = new IADOPathNode[2]; aDOPathNodeArray[0] = aDOPathNode; aDOPathNodeArray[1] = aDOPathNode1; aDOPathNode = ADOPathUtil.CreateOrClause(aDOPathNodeArray); } else { aDOPathNode = aDOPathNode1; } securityIdentifiers.Add(sID, distinguishedName); } } if (aDOPathNode != null) { using (ADObjectSearcher aDObjectSearcher = new ADObjectSearcher(this.GetSessionInfo())) { IADOPathNode aDOPathNode2 = ADOPathUtil.CreateFilterClause(ADOperator.Eq, "objectClass", "foreignSecurityPrincipal"); aDObjectSearcher.SearchRoot = this.GetRootDSE().DefaultNamingContext; IADOPathNode[] aDOPathNodeArray1 = new IADOPathNode[2]; aDOPathNodeArray1[0] = aDOPathNode2; aDOPathNodeArray1[1] = aDOPathNode; aDObjectSearcher.Filter = ADOPathUtil.CreateAndClause(aDOPathNodeArray1); aDObjectSearcher.Properties.Add("objectSid"); foreach (ADObject aDObject1 in aDObjectSearcher.FindAll()) { SecurityIdentifier securityIdentifier = (SecurityIdentifier)aDObject1["objectSid"].Value; if (!securityIdentifiers.ContainsKey(securityIdentifier)) { continue; } strs.Add(Utils.ConvertSIDToStringizedSid(securityIdentifier)); securityIdentifiers.Remove(securityIdentifier); } foreach (string str in securityIdentifiers.Values) { strs.Add(str); } } } if (this._operationType != SetADGroupMemberOperationType.AddGroupMember) { if (this._operationType == SetADGroupMemberOperationType.RemoveGroupMember) { hashtables.Add(PropertyModifyOp.Remove.ToString(), strs.ToArray()); } } else { hashtables.Add(PropertyModifyOp.Add.ToString(), strs.ToArray()); } this._cmdletParameters.RemoveParameter("Members"); this._cmdletParameters["Members"] = new ADMultivalueHashtableParameter <string>(hashtables); this._isMembersValidated = true; } return; } else { return; } }
static void Main(string[] args) { var myProcess = new ADPrincipal(); myProcess.Process(); }
private bool SetADDCPrpBeginCSRoutine() { SecurityIdentifier value; ADPrincipal[] item = null; if (base.ParameterSetName != "AllowedPRP") { if (base.ParameterSetName == "DeniedPRP") { item = this._cmdletParameters["DeniedList"] as ADPrincipal[]; } } else { item = this._cmdletParameters["AllowedList"] as ADPrincipal[]; } if (item != null) { List <string> strs = new List <string>(); ADPrincipalFactory <ADPrincipal> aDPrincipalFactory = new ADPrincipalFactory <ADPrincipal>(); ADPrincipal[] aDPrincipalArray = item; for (int i = 0; i < (int)aDPrincipalArray.Length; i++) { ADPrincipal aDPrincipal = aDPrincipalArray[i]; base.SetPipelinedSessionInfo(aDPrincipal.SessionInfo); CmdletSessionInfo cmdletSessionInfo = base.GetCmdletSessionInfo(); aDPrincipalFactory.SetCmdletSessionInfo(cmdletSessionInfo); try { if (!aDPrincipal.IsSearchResult) { ADObject directoryObjectFromIdentity = aDPrincipalFactory.GetDirectoryObjectFromIdentity(aDPrincipal, cmdletSessionInfo.DefaultPartitionPath); value = (SecurityIdentifier)directoryObjectFromIdentity["objectSid"].Value; } else { value = aDPrincipal.SID; } if (value != null) { string stringizedSid = Utils.ConvertSIDToStringizedSid(value); strs.Add(stringizedSid); } else { object[] distinguishedName = new object[2]; distinguishedName[0] = "objectSid"; distinguishedName[1] = aDPrincipal.DistinguishedName; throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, StringResources.AttributeNotFoundOnObject, distinguishedName)); } } catch (ADIdentityNotFoundException aDIdentityNotFoundException1) { ADIdentityNotFoundException aDIdentityNotFoundException = aDIdentityNotFoundException1; DebugLogger.LogError("SetADDCPasswordReplicationPolicy", aDIdentityNotFoundException.ToString()); base.ThrowTerminatingError(new ErrorRecord(aDIdentityNotFoundException, "SetADDCPasswordReplicationPolicy:BeginProcessing", ErrorCategory.ReadError, aDPrincipal)); } catch (ArgumentException argumentException1) { ArgumentException argumentException = argumentException1; DebugLogger.LogError("SetADDCPasswordReplicationPolicy", argumentException.ToString()); base.ThrowTerminatingError(new ErrorRecord(argumentException, "SetADDCPasswordReplicationPolicy:BeginProcessing", ErrorCategory.ReadError, aDPrincipal)); } } this._principalsToAddOrRemove = new Hashtable(); if (base.ParameterSetName != "AllowedPRP") { if (base.ParameterSetName == "DeniedPRP") { this._principalsToAddOrRemove.Add("msDS-NeverRevealGroup", strs.ToArray()); } } else { this._principalsToAddOrRemove.Add("msDS-RevealOnDemandGroup", strs.ToArray()); } } return(true); }