public void Core_GroupNotFound()
{
// Get Group That Does Not Exist
String groupName = $"testgroup_{Utility.GenerateToken( 8 )}";
String groupDistinguishedName = $"CN={groupName},{workspaceName}";
Console.WriteLine($"Getting Group [{groupName}] Which Should Not Exist.");
GroupPrincipalObject group = DirectoryServices.GetGroup(groupName, true, true, true);
Assert.That(group, Is.Null);
Console.WriteLine($"Getting Group Principal [{groupName}] Which Should Not Exist.");
GroupPrincipal gp = DirectoryServices.GetGroupPrincipal(groupDistinguishedName);
Assert.That(gp, Is.Null);
}
private void ProcessModify(AdObject obj, bool returnObject = true)
{
ActiveDirectoryObjectResult result = new ActiveDirectoryObjectResult()
{
Type = obj.Type,
Identity = obj.Identity
};
ActiveDirectoryStatus status = new ActiveDirectoryStatus()
{
Action = config.Action,
Status = AdStatusType.Success,
Message = "Success",
};
try
{
string statusAction = "Modified";
switch (obj.Type)
{
case AdObjectType.User:
AdUser user = (AdUser)obj;
UserPrincipal up = null;
if (config.UseUpsert && !DirectoryServices.IsExistingUser(obj.Identity))
{
if (DirectoryServices.IsDistinguishedName(obj.Identity))
{
String path = DirectoryServices.GetParentPath(obj.Identity);
roleManager.CanPerformActionOrException(requestUser, ActionType.Create, path);
up = user.CreateUserPrincipal();
statusAction = "Created";
}
else
{
throw new AdException($"Identity [{obj.Identity}] Must Be A Distinguished Name For User Creation.", AdStatusType.MissingInput);
}
}
else
{
roleManager.CanPerformActionOrException(requestUser, ActionType.Modify, obj.Identity);
up = DirectoryServices.GetUserPrincipal(obj.Identity);
if (up == null)
{
throw new AdException($"User [{obj.Identity}] Not Found.", AdStatusType.DoesNotExist);
}
user.UpdateUserPrincipal(up);
}
DirectoryServices.SaveUser(up, isDryRun);
OnLogMessage("ProcessModify", obj.Type + " [" + obj.Identity + "] " + statusAction + ".");
if (user.Groups != null)
{
ProcessGroupAdd(user, false);
}
result.Statuses.Add(status);
break;
case AdObjectType.Group:
AdGroup group = (AdGroup)obj;
GroupPrincipal gp = null;
if (config.UseUpsert && !DirectoryServices.IsExistingGroup(obj.Identity))
{
if (DirectoryServices.IsDistinguishedName(obj.Identity))
{
String path = DirectoryServices.GetParentPath(obj.Identity);
roleManager.CanPerformActionOrException(requestUser, ActionType.Create, path);
gp = group.CreateGroupPrincipal();
statusAction = "Created";
}
else
{
throw new AdException($"Identity [{obj.Identity}] Must Be A Distinguished Name For Group Creation.", AdStatusType.MissingInput);
}
}
else
{
roleManager.CanPerformActionOrException(requestUser, ActionType.Modify, obj.Identity);
gp = DirectoryServices.GetGroupPrincipal(obj.Identity);
if (gp == null)
{
throw new AdException($"Group [{obj.Identity}] Not Found.", AdStatusType.DoesNotExist);
}
group.UpdateGroupPrincipal(gp);
}
DirectoryServices.SaveGroup(gp, isDryRun);
OnLogMessage("ProcessModify", obj.Type + " [" + obj.Identity + "] " + statusAction + ".");
if (group.Groups != null)
{
ProcessGroupAdd(group, false);
}
result.Statuses.Add(status);
break;
case AdObjectType.OrganizationalUnit:
AdOrganizationalUnit ou = (AdOrganizationalUnit)obj;
// Get DistinguishedName from User or Group Identity for ManagedBy Property
if (!String.IsNullOrWhiteSpace(ou.ManagedBy))
{
if (ou.Properties == null)
{
ou.Properties = new Dictionary <string, List <string> >();
}
if (!ou.Properties.ContainsKey("managedBy"))
{
String distinguishedName = DirectoryServices.GetDistinguishedName(ou.ManagedBy);
if (distinguishedName == null)
{
distinguishedName = ou.ManagedBy;
}
List <String> values = new List <string>()
{
distinguishedName
};
ou.Properties.Add("managedBy", values);
}
}
if (config.UseUpsert && !DirectoryServices.IsExistingDirectoryEntry(obj.Identity))
{
if (DirectoryServices.IsDistinguishedName(obj.Identity))
{
String path = DirectoryServices.GetParentPath(obj.Identity);
roleManager.CanPerformActionOrException(requestUser, ActionType.Create, path);
if (!String.IsNullOrWhiteSpace(ou.Description))
{
DirectoryServices.AddProperty(ou.Properties, "description", ou.Description);
}
DirectoryServices.CreateOrganizationUnit(obj.Identity, ou.Properties, isDryRun);
statusAction = "Created";
}
else
{
throw new AdException($"Identity [{obj.Identity}] Must Be A Distinguished Name For Organizational Unit Creation.", AdStatusType.MissingInput);
}
}
else
{
roleManager.CanPerformActionOrException(requestUser, ActionType.Modify, obj.Identity);
if (!String.IsNullOrWhiteSpace(ou.Description))
{
DirectoryServices.AddProperty(ou.Properties, "description", ou.Description);
}
DirectoryServices.ModifyOrganizationUnit(ou.Identity, ou.Properties, isDryRun);
}
OnLogMessage("ProcessModify", obj.Type + " [" + obj.Identity + "] " + statusAction + ".");
result.Statuses.Add(status);
break;
default:
throw new AdException("Action [" + config.Action + "] Not Implemented For Type [" + obj.Type + "]", AdStatusType.NotSupported);
}
if (returnObject)
{
result.Object = GetActiveDirectoryObject(obj);
}
}
catch (AdException ex)
{
ProcessActiveDirectoryException(result, ex, status.Action);
}
catch (Exception e)
{
OnLogMessage("ProcessCreate", e.Message);
OnLogMessage("ProcessCreate", e.StackTrace);
AdException le = new AdException(e);
ProcessActiveDirectoryException(result, le, status.Action);
}
results.Add(result);
}
public void Core_GroupTestSuccess()
{
// Get Group By Distinguished Name
Console.WriteLine($"Getting Group By DisginguishedName : [{group.DistinguishedName}]");
GroupPrincipalObject gpo = DirectoryServices.GetGroup(group.DistinguishedName, true, true, true);
Assert.That(gpo.DistinguishedName, Is.EqualTo(group.DistinguishedName));
String groupName = gpo.Name;
String groupSamAccountName = gpo.SamAccountName;
Guid? groupGuid = gpo.Guid;
String groupSid = gpo.Sid;
// Get Group By Name
Console.WriteLine($"Getting Group By Name: [{groupName}]");
gpo = DirectoryServices.GetGroup(groupName, true, true, true);
Assert.That(gpo.Name, Is.EqualTo(groupName));
// Get Group By SamAccountName
Console.WriteLine($"Getting Group By SamAccountName : [{groupSamAccountName}]");
gpo = DirectoryServices.GetGroup(groupSamAccountName, true, true, true);
Assert.That(gpo.SamAccountName, Is.EqualTo(groupSamAccountName));
// Get Group By Guid
Console.WriteLine($"Getting Group By Guid : [{groupGuid}]");
gpo = DirectoryServices.GetGroup(groupGuid.ToString(), true, true, true);
Assert.That(gpo.Guid, Is.EqualTo(groupGuid));
// Get Group By Sid
Console.WriteLine($"Getting Group By Sid : [{groupSid}]");
gpo = DirectoryServices.GetGroup(groupSid, true, true, true);
Assert.That(gpo.Sid, Is.EqualTo(groupSid));
// Modify Group
Console.WriteLine($"Modifying Group : [{groupName}]");
GroupPrincipal gp = DirectoryServices.GetGroupPrincipal(groupName);
gp.DisplayName = "Unit Test Group";
gp.Description = "Unit Test Description";
DirectoryServices.SaveGroup(gp);
gpo = DirectoryServices.GetGroup(groupName, false, false, false);
Assert.That(gpo.DisplayName, Is.EqualTo("Unit Test Group"));
Assert.That(gpo.Description, Is.EqualTo("Unit Test Description"));
// Create AccessUser For AccessRule Tests (Below)
UserPrincipal accessRuleUser = Utility.CreateUser(workspaceName);
int ruleCount = DirectoryServices.GetAccessRules(group).Count;
// Add Access Rule To Group
Console.WriteLine($"Adding AccessRule For User [{accessRuleUser.Name}] To Group [{group.Name}].");
DirectoryServices.AddAccessRule(group, accessRuleUser, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None);
int newRuleCount = DirectoryServices.GetAccessRules(group).Count;
Assert.That(newRuleCount, Is.GreaterThan(ruleCount));
// Removing Access Rule From Group
Console.WriteLine($"Removing AccessRule For User [{accessRuleUser.Name}] From Group [{group.Name}].");
DirectoryServices.DeleteAccessRule(group, accessRuleUser, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None);
newRuleCount = DirectoryServices.GetAccessRules(group).Count;
Assert.That(newRuleCount, Is.EqualTo(ruleCount));
// Seting Access Rule From Group
Console.WriteLine($"Setting AccessRule For User [{accessRuleUser.Name}] On Group [{group.Name}].");
DirectoryServices.SetAccessRule(group, accessRuleUser, ActiveDirectoryRights.GenericRead, System.Security.AccessControl.AccessControlType.Allow, ActiveDirectorySecurityInheritance.None);
newRuleCount = DirectoryServices.GetAccessRules(group).Count;
Assert.That(newRuleCount, Is.GreaterThan(ruleCount));
// Purge Access Rule From Group
Console.WriteLine($"Purging AccessRules For User [{accessRuleUser.Name}] From Group [{group.Name}].");
DirectoryServices.PurgeAccessRules(group, accessRuleUser);
newRuleCount = DirectoryServices.GetAccessRules(group).Count;
Assert.That(newRuleCount, Is.EqualTo(ruleCount));
// Delete AccessRule User
Utility.DeleteUser(accessRuleUser.DistinguishedName);
}
