} // End Function GetProcessUser
public static void AddImpersonatedToGroup()
{
try
{
using (System.DirectoryServices.AccountManagement.PrincipalContext pcLocal =
new System.DirectoryServices.AccountManagement.PrincipalContext(
System.DirectoryServices.AccountManagement.ContextType.Machine
)
)
{
System.DirectoryServices.AccountManagement.GroupPrincipal group =
System.DirectoryServices.AccountManagement.GroupPrincipal
.FindByIdentity(pcLocal, "Administratoren")
;
System.Console.WriteLine(group.DistinguishedName);
using (System.DirectoryServices.AccountManagement.PrincipalContext pcDomain
= new System.DirectoryServices.AccountManagement.PrincipalContext(
System.DirectoryServices.AccountManagement.ContextType.Domain, "COMPANY") // "AAA"
)
{
group.Members.Add(pcDomain, System.DirectoryServices.AccountManagement.IdentityType.SamAccountName, "firstname.lastname");
group.Save();
};
};
}
catch (System.Exception e)
{
System.Console.WriteLine(e.Message);
}
} // End Function AddImpersonatedToGroup
public static System.DirectoryServices.AccountManagement.GroupPrincipal New_DomainGroup(Args_New_DomainGroup args = null)
{
if (args == null)
{
args = new Args_New_DomainGroup();
}
var ContextArguments = new Args_Get_PrincipalContext
{
Identity = args.SamAccountName,
Domain = args.Domain,
Credential = args.Credential
};
var Context = GetPrincipalContext.Get_PrincipalContext(ContextArguments);
if (Context != null)
{
var Group = new System.DirectoryServices.AccountManagement.GroupPrincipal(Context.Context);
// set all the appropriate group parameters
Group.SamAccountName = Context.Identity;
if (!string.IsNullOrEmpty(args.Name))
{
Group.Name = args.Name;
}
else
{
Group.Name = Context.Identity;
}
if (!string.IsNullOrEmpty(args.DisplayName))
{
Group.DisplayName = args.DisplayName;
}
else
{
Group.DisplayName = Context.Identity;
}
if (!string.IsNullOrEmpty(args.Description))
{
Group.Description = args.Description;
}
Logger.Write_Verbose($@"[New-DomainGroup] Attempting to create group '{args.SamAccountName}'");
try
{
Group.Save();
Logger.Write_Verbose($@"[New-DomainGroup] Group '{args.SamAccountName}' successfully created");
return(Group);
}
catch (Exception e)
{
Logger.Write_Warning($@"[New-DomainGroup] Error creating group '{args.SamAccountName}' : {e}");
}
}
return(null);
}
public static void Add_DomainGroupMember(Args_Add_DomainGroupMember args = null)
{
if (args == null)
{
args = new Args_Add_DomainGroupMember();
}
var ContextArguments = new Args_Get_PrincipalContext
{
Identity = args.Identity,
Domain = args.Domain,
Credential = args.Credential
};
var GroupContext = GetPrincipalContext.Get_PrincipalContext(ContextArguments);
System.DirectoryServices.AccountManagement.GroupPrincipal Group = null;
if (GroupContext != null)
{
try
{
Group = System.DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(GroupContext.Context, GroupContext.Identity);
}
catch (Exception e)
{
Logger.Write_Warning($@"[Add-DomainGroupMember] Error finding the group identity '{args.Identity}' : {e}");
}
}
if (Group != null)
{
PrincipalContextEx UserContext = null;
var UserIdentity = string.Empty;
foreach (var Member in args.Members)
{
if (Member.IsRegexMatch(@".+\\.+"))
{
ContextArguments.Identity = Member;
UserContext = GetPrincipalContext.Get_PrincipalContext(ContextArguments);
if (UserContext != null)
{
UserIdentity = UserContext.Identity;
}
}
else
{
UserContext = GroupContext;
UserIdentity = Member;
}
Logger.Write_Verbose($@"[Add-DomainGroupMember] Adding member '{Member}' to group '{args.Identity}'");
Group.Members.Add(System.DirectoryServices.AccountManagement.Principal.FindByIdentity(UserContext.Context, UserIdentity));
Group.Save();
}
}
}
public bool Remove(System.DirectoryServices.AccountManagement.GroupPrincipal group)
{
throw null;
}
public void Add(System.DirectoryServices.AccountManagement.GroupPrincipal group)
{
}
public bool Remove(System.DirectoryServices.AccountManagement.GroupPrincipal group)
{
return(default(bool));
}
private static bool UserInGroup(string groups)
{
if (!string.IsNullOrEmpty(groups)) //test the AD group list
{
String[] groupList = groups.ToLower().Replace(" ", String.Empty).Split(','); //an array of groups
foreach (string group in groupList)
{
if (!group.Contains("\\")) //ensure the group has a domain
{
//inform of missing domain and skip to the next group
Log(new Exception(String.Format("Configuration value '{0}' must contain a domain (i.e. [domain]\\{0})", group)), MethodBase.GetCurrentMethod(), null, ErrorLogger.SeverityTypes.Information);
continue;
}
using (System.DirectoryServices.AccountManagement.PrincipalContext ctx = new System.DirectoryServices.AccountManagement.PrincipalContext(System.DirectoryServices.AccountManagement.ContextType.Domain, GetFqd(group.Split('\\')[0])))
{
using (System.DirectoryServices.AccountManagement.GroupPrincipal gp = System.DirectoryServices.AccountManagement.GroupPrincipal.FindByIdentity(ctx, group))
{
using (System.DirectoryServices.AccountManagement.UserPrincipal up = System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(ctx, _UserName)) //user object
{
if (up != null && gp != null)
{ //ensure both the user and the group exist
if (gp.GetMembers(true).Contains(up)) //recursively check for user in root group and member groups
{
return(true);
}
}
}
}
}
}
//using (System.Security.Principal.WindowsIdentity userID = new System.Security.Principal.WindowsIdentity(GetUPN())) //windows user identity
//{
// System.Security.Principal.WindowsPrincipal principal = new System.Security.Principal.WindowsPrincipal(userID); //user's AD info including group memberships
// string[] groupList = groups.ToLower().Replace(" ", string.Empty).Split(','); //an array of groups
// foreach (string group in groupList)
// {
// if (principal.IsInRole(group))
// { //check if the user is in this group
// return true;
// }
// }
//}
}
return(false);
}
