public void Start(string startPath, string taskID)
{
SynchronizeContext.Clear();
#if NOLOCK
#else
SynchronizeContext.Current.AddLock();
#endif
try
{
if (!MCS.Library.SOA.DataObjects.Security.Adapters.SCSnapshotHelper.Instance.ValidateGroups(DateTime.MinValue))
{
throw new InvalidOperationException("检查到群组数据有误,一个群组不能属于2个组织。请联系DBA。");
}
taskID = string.IsNullOrEmpty(taskID) ? UuidHelper.NewUuidString() : taskID;
ServiceBrokerContext.Current.SaveContextStates();
try
{
//禁用权限中心的缓存
ServiceBrokerContext.Current.UseServerCache = false;
ServiceBrokerContext.Current.UseLocalCache = false;
//初始化上下文和权限中心的初始组织
IOrganization startOrg = PrepareStartOrganization(startPath, taskID);
//开始对比权限中心和AD的数据差异
StartRecursiveProcess(startOrg);
//保存差异的数据和ID映射表
PersistSynchornizeInfo();
SynchronizeContext.Current.SynchronizeResult = ADSynchronizeResult.Correct;
}
catch (Exception ex)
{
SynchronizeContext.Current.SynchronizeResult = ADSynchronizeResult.Interrupted;
LogHelper.WriteEventLog("未识别或致命异常", ex.GetRealException().ToString(), LogPriority.Highest, TraceEventType.Error);
}
finally
{
ServiceBrokerContext.Current.RestoreSavedStates();
LogHelper.WriteSynchronizeDBLog("PermissionCenterServices", "PermissionCenterServices");
LogHelper.WriteEventLog("同步结束", "同步结束", LogPriority.Lowest, TraceEventType.Start);
}
}
finally
{
#if NOLOCK
#else
SynchronizeContext.Current.DeleteLock();
#endif
#if UNITTEST
#else
SynchronizeContext.Clear();
#endif
}
}
private static void ModifyGroups(KeyedOguObjectCollection groups, SynchronizeContext context)
{
for (int i = 0; i < groups.Count / SynchronizeHelper.ADQueryBatchSize; i++)
{
ModifyBatchGroups(groups, (i * SynchronizeHelper.ADQueryBatchSize), SynchronizeHelper.ADQueryBatchSize, context);
}
ModifyBatchGroups(groups, groups.Count / SynchronizeHelper.ADQueryBatchSize, groups.Count % SynchronizeHelper.ADQueryBatchSize, context);
}
public static void ApplyModify()
{
SynchronizeContext context = SynchronizeContext.Current;
context.DeletedOuAndUserItems.ForEach(item => { SynchronizeContext.Current.ExtendLockTime(); ADObjectModifier.ApplyModify(item); });
context.ModifiedOuAndUserItems.ForEach(item => { SynchronizeContext.Current.ExtendLockTime(); ADObjectModifier.ApplyModify(item); });
context.DeletedGroupItems.ForEach(item => { SynchronizeContext.Current.ExtendLockTime(); ADObjectModifier.ApplyModify(item); });
context.ModifiedGroupItems.ForEach(item => { SynchronizeContext.Current.ExtendLockTime(); ADObjectModifier.ApplyModify(item); });
// 执行后续操作
context.DelayActions.DoActions(context);
ModifyGroups(context.GroupsToTakeCare, context);
}
//从配置信息中初始化同步上下文
private void InitContext(string startPath)
{
SynchronizeContext context = SynchronizeContext.Current;
context.SynchronizeResult = ADSynchronizeResult.Correct;
//初始化域控制器的配置信息
ServerInfoConfigureElement serverSetting = ServerInfoConfigSettings.GetConfig().ServerInfos["dc"];
ServerInfo serverInfo = serverSetting == null ? null : serverSetting.ToServerInfo();
PermissionCenterToADSynchronizeSettings config = PermissionCenterToADSynchronizeSettings.GetConfig();
context.SourceRootPath = config.SourceRoot;
//初始化(权限中心)开始同步的路径和回收站路径
string path = startPath.IsNullOrEmpty() ? config.DefaultStartPath : startPath;
if (string.IsNullOrEmpty(path))
{
path = context.SourceRootPath;
}
if (path != context.SourceRootPath && path.StartsWith(context.SourceRootPath + "\\", StringComparison.Ordinal) == false)
{
throw new System.Configuration.ConfigurationErrorsException("开始同步路径必须位于同步根范围内");
}
context.StartPath = path;
context.RecycleBinOU = config.RecycleBinOU;
//默认用户口令
context.DefaultPassword = config.DefaultPassword;
context.TargetRootOU = config.TargetRootOU;
context.ADHelper = ADHelper.GetInstance(serverInfo);
//初始化权限中心和AD的ID映射关系
context.ExtendLockTime();
context.IDMapper.Initialize();
context.ClearIncludeMappings();
foreach (ObjectMappingElement elem in config.ObjectMappings)
{
context.AddIncludeMapping(elem.SCObjectName, elem.ADObjectName);
}
}
public static void WriteSynchronizeDBLog(string operatorID, string operatorName)
{
SynchronizeContext context = SynchronizeContext.Current;
if (context.SynchronizeResult == ADSynchronizeResult.Correct && context.ExceptionCount > 0)
{
context.SynchronizeResult = ADSynchronizeResult.HasError;
}
if (context.LogEntity == null)
{
context.LogEntity = new ADSynchronizeLog()
{
LogID = Guid.NewGuid().ToString(),
SynchronizeID = context.SynchronizeID,
StartTime = DateTime.Now,
OperatorID = operatorID,
OperatorName = operatorName,
ExceptionCount = context.ExceptionCount,
SynchronizeResult = context.SynchronizeResult,
AddingItemCount = context.AddingItemCount,
DeletingItemCount = context.DeletingItemCount,
ModifyingItemCount = context.ModifyingItemCount,
AddedItemCount = context.AddedItemCount,
DeletedItemCount = context.DeletedItemCount,
ModifiedItemCount = context.ModifiedItemCount
};
}
else
{
context.LogEntity.EndTime = DateTime.Now;
context.LogEntity.ExceptionCount = context.ExceptionCount;
context.LogEntity.SynchronizeResult = context.SynchronizeResult;
context.LogEntity.AddingItemCount = context.AddingItemCount;
context.LogEntity.DeletingItemCount = context.DeletingItemCount;
context.LogEntity.ModifyingItemCount = context.ModifyingItemCount;
context.LogEntity.AddedItemCount = context.AddedItemCount;
context.LogEntity.DeletedItemCount = context.DeletedItemCount;
context.LogEntity.ModifiedItemCount = context.ModifiedItemCount;
}
ADSynchronizeLogAdapter.Instance.Update(context.LogEntity);
}
private static void SyncGroupMembers(IGroup oguGroup, SearchResult adGroup, SynchronizeContext context)
{
using (DirectoryEntry adEntry = adGroup.GetDirectoryEntry())
{
try
{
var members = adEntry.Properties["member"];
members.Clear();
AddGroupMembers(oguGroup.Members.ToIDList(), members, context);
adEntry.CommitChanges();
}
catch (Exception ex)
{
context.ExceptionCount++;
LogHelper.WriteSynchronizeDBLogDetail(SynchronizeContext.Current.SynchronizeID, "修改群组成员", oguGroup.ID, oguGroup.Name,
context.ADHelper.GetPropertyStrValue("objectGuid", adEntry),
context.ADHelper.GetPropertyStrValue("distinguishedName", adEntry),
string.Format("修改群组成员时出错:" + ex.Message));
}
}
}
private static void ModifyBatchGroups(KeyedOguObjectCollection groups, int startIndex, int batchSize, SynchronizeContext context)
{
//Key是AD Guid,Value是Ogu ID
Dictionary <string, string> adToOguMapping = GetADToOguMappingFromGroups(groups, startIndex, batchSize, context);
string[] propertiesToGet = { "objectguid", "member" };
IEnumerable <SearchResult> adGroups = SynchronizeHelper.GetSearchResultsByIDs(context.ADHelper, adToOguMapping.Keys, propertiesToGet, batchSize);
foreach (SearchResult adGroup in adGroups)
{
SynchronizeContext.Current.ExtendLockTime();
string guid = AttributeHelper.Hex((byte[])adGroup.Properties["objectguid"][0]);
ADGroupMemberCollection adGroupMembers = new ADGroupMemberCollection(adGroup.Properties["member"], new string[] { "objectGUID" });
Dictionary <string, ADObjectWrapper> adMemberDict = adGroupMembers.ToDictionary(o => o.NativeGuid);
IGroup oguGroup = (IGroup)groups[adToOguMapping[guid]];
if (IsSameMembers(oguGroup.Members, adMemberDict) == false)
{
SyncGroupMembers(oguGroup, adGroup, context);
}
}
}
private static void FillGroupMembersByOguIDs(IEnumerable <string> oguObjectIDs, PropertyValueCollection adGroupMembers, SynchronizeContext context)
{
IEnumerable <SearchResult> result = SynchronizeHelper.GetSearchResultsByIDs(context.ADHelper, context.IDMapper.GetMappedADObjectIDs(oguObjectIDs),
new string[] { "distinguishedName" }, oguObjectIDs.Count());
foreach (SearchResult sr in result)
{
SynchronizeContext.Current.ExtendLockTime();
adGroupMembers.Add(sr.Properties["distinguishedName"][0]);
}
}
private static void AddGroupMembers(IList <string> oguMemberIDs, PropertyValueCollection adGroupMembers, SynchronizeContext context)
{
for (int i = 0; i < oguMemberIDs.Count / SynchronizeHelper.ADQueryBatchSize; i++)
{
SynchronizeContext.Current.ExtendLockTime();
FillGroupMembersByOguIDs(CopyPartOfList(oguMemberIDs, i * SynchronizeHelper.ADQueryBatchSize, SynchronizeHelper.ADQueryBatchSize), adGroupMembers, context);
}
FillGroupMembersByOguIDs(CopyPartOfList(oguMemberIDs,
(oguMemberIDs.Count / SynchronizeHelper.ADQueryBatchSize) * SynchronizeHelper.ADQueryBatchSize,
oguMemberIDs.Count % SynchronizeHelper.ADQueryBatchSize),
adGroupMembers, context);
}
private static Dictionary <string, string> GetADToOguMappingFromGroups(KeyedOguObjectCollection groups, int startIndex, int batchSize, SynchronizeContext context)
{
Dictionary <string, string> result = new Dictionary <string, string>();
for (int i = startIndex; i < startIndex + batchSize; i++)
{
SynchronizeContext.Current.ExtendLockTime();
IDMapping mapping = context.IDMapper.GetAdObjectMapping(groups[i].ID);
result.Add(mapping.ADObjectGuid, mapping.SCObjectID);
}
return(result);
}
private IEnumerable <SearchResult> GetBatchData(int startIndex, int batchSize, SynchronizeContext context, string[] neededProperties)
{
List <string> buffer = new List <string>(batchSize);
for (int k = startIndex; k < startIndex + batchSize; k++)
{
buffer.Add((string)this.source[k]);
}
var results = buffer.Count > 0 ? SynchronizeHelper.GetSearchResultsByDNList(context.ADHelper, buffer, ADSchemaType.Users, neededProperties, batchSize) : new SearchResult[0];
return(results);
}
private ADObjectWrapper CreateADObjectWrapper(SearchResult item, string[] neededProperties, SynchronizeContext context)
{
ADObjectWrapper wrapper = new ADObjectWrapper();
foreach (var property in neededProperties)
{
wrapper.Properties.Add(property, context.ADHelper.GetSearchResultPropertyStrValue(property, item));
}
return(wrapper);
}
