Esempio n. 1
0
        /// <summary>
        /// CheckMFAUser method implmentation
        /// </summary>
        private bool CheckMFAUser(UsersADDSRecord Parameters, string identity)
        {
            try
            {
                using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password))
                {
                    string qryldap = "(&(objectCategory=person)(objectClass=user)(" + ADDSClaimsUtilities.GetADDSSearchAttribute() + "=" + identity + "))";
                    using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
                    {
                        dsusr.PropertiesToLoad.Clear();
                        dsusr.PropertiesToLoad.Add("objectGUID");
                        dsusr.PropertiesToLoad.Add("userPrincipalName");
                        dsusr.PropertiesToLoad.Add("sAMAccountName");
                        dsusr.PropertiesToLoad.Add("msDS-PrincipalName");
                        dsusr.ReferralChasing = ReferralChasingOption.All;

                        SearchResult sr = dsusr.FindOne();
                        if (sr != null)
                        {
                            return(sr.Properties["objectGUID"][0] != null);
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5000);
                // throw new Exception(ex.Message);
            }
            return(false);
        }
Esempio n. 2
0
        /// <summary>
        /// DoImportUser method implementation
        /// </summary>
        private void DoImportUser(DirectoryEntry DirEntry, MFAUniqueUserList users, UsersADDSRecord Parameters, bool disableall = false)
        {
            if (DirEntry.Properties["objectGUID"].Value != null)
            {
                MFAUser reg = new MFAUser();
                try
                {
                    reg.ID = new Guid((byte[])DirEntry.Properties["objectGUID"].Value).ToString();
                    if (DirEntry.Properties[ADDSClaimsUtilities.GetADDSUserAttribute()] != null)
                    {
                        if (DirEntry.Properties[ADDSClaimsUtilities.GetADDSUserAttribute()].Count > 0)
                        {
                            reg.UPN = DirEntry.Properties[ADDSClaimsUtilities.GetADDSUserAttribute()][0].ToString();
                            if (!string.IsNullOrEmpty(Parameters.MailAttribute))
                            {
                                if (DirEntry.Properties[Parameters.MailAttribute].Value != null)
                                {
                                    reg.MailAddress = DirEntry.Properties[Parameters.MailAttribute].Value.ToString();
                                }
                            }
                            else
                            {
                                if (DirEntry.Properties["otherMailbox"].Value != null)
                                {
                                    reg.MailAddress = DirEntry.Properties["otherMailbox"].Value.ToString();
                                }
                                else if (DirEntry.Properties["mail"].Value != null)
                                {
                                    reg.MailAddress = DirEntry.Properties["mail"].Value.ToString();
                                }
                            }

                            if (!string.IsNullOrEmpty(Parameters.PhoneAttribute))
                            {
                                if (DirEntry.Properties[Parameters.PhoneAttribute].Value != null)
                                {
                                    reg.PhoneNumber = DirEntry.Properties[Parameters.PhoneAttribute].Value.ToString();
                                }
                            }
                            else
                            {
                                if (DirEntry.Properties["mobile"].Value != null)
                                {
                                    reg.PhoneNumber = DirEntry.Properties["mobile"].Value.ToString();
                                }
                                else if (DirEntry.Properties["otherMobile"].Value != null)
                                {
                                    reg.PhoneNumber = DirEntry.Properties["otherMobile"].Value.ToString();
                                }
                                else if (DirEntry.Properties["telephoneNumber"].Value != null)
                                {
                                    reg.PhoneNumber = DirEntry.Properties["telephoneNumber"].Value.ToString();
                                }
                            }
                            reg.PreferredMethod = Parameters.Method;
                            reg.OverrideMethod  = string.Empty;
                            if (disableall)
                            {
                                reg.Enabled = false;
                            }
                            else if (DirEntry.Properties["userAccountControl"] != null)
                            {
                                int v = Convert.ToInt32(DirEntry.Properties["userAccountControl"].Value);
                                reg.Enabled = ((v & 2) == 0);
                            }
                            else
                            {
                                reg.Enabled = true;
                            }
                            users.AddOrUpdate(reg);
                        }
                    }
                }
                catch (Exception ex)
                {
                    DataLog.WriteEntry("User ID : " + reg.ID + "    Error : " + ex.Message, System.Diagnostics.EventLogEntryType.Error, 20104);
                }
            }
        }
Esempio n. 3
0
        /// <summary>
        /// ImportMFAUsers method implementation
        /// </summary>
        public virtual MFAUserList ImportMFAUsers(UsersADDSRecord Parameters, bool disableall = false)
        {
            if (!string.IsNullOrEmpty(Parameters.LDAPPath))
            {
                Parameters.LDAPPath = Parameters.LDAPPath.Replace("ldap://", "");
                Parameters.LDAPPath = Parameters.LDAPPath.Replace("ldaps://", "");
                Parameters.LDAPPath = Parameters.LDAPPath.Replace("LDAP://", "");
                Parameters.LDAPPath = Parameters.LDAPPath.Replace("LDAPS://", "");
            }
            MFAUniqueUserList registrations = new MFAUniqueUserList();

            try
            {
                using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, Parameters.LDAPPath))
                {
                    string qryldap = string.Empty;
                    string subldap = string.Empty;
                    bool   hasval1 = false;
                    bool   hasval2 = false;
                    qryldap = "(|(&(objectCategory=group)(objectClass=group))(&(objectCategory=user)(objectClass=user)";
                    if (Parameters.CreatedSince.HasValue)
                    {
                        subldap += "(whenCreated>=" + Parameters.CreatedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
                        hasval1  = true;
                    }
                    if (Parameters.ModifiedSince.HasValue)
                    {
                        subldap += "(whenChanged>=" + Parameters.ModifiedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
                        hasval2  = true;
                    }
                    if (hasval1 && hasval2)
                    {
                        qryldap += "(|" + subldap + ")";
                    }
                    else if (hasval1 || hasval2)
                    {
                        qryldap += subldap;
                    }
                    qryldap += "))";

                    using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
                    {
                        AddPropertiesToLoadForSearcher(dsusr, Parameters.MailAttribute, Parameters.PhoneAttribute);
                        dsusr.SizeLimit = 100000; // Set maxrows
                        dsusr.PageSize  = 5000;

                        SearchResultCollection src = dsusr.FindAll();
                        if (src != null)
                        {
                            foreach (SearchResult sr in src)
                            {
                                using (DirectoryEntry DirEntry = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, sr))
                                {
                                    int k = IsImportUser(DirEntry.Properties["objectClass"].Value);
                                    switch (k)
                                    {
                                    case 1:
                                        DoImportUser(DirEntry, registrations, Parameters, disableall);
                                        break;

                                    case 2:
                                        if (!Parameters.NoRecurse)
                                        {
                                            DoImportGroup(DirEntry, registrations, Parameters, disableall);
                                        }
                                        break;

                                    default:
                                        break;
                                    }
                                }
                            }
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                DataLog.WriteEntry("Root : " + ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100);
                // throw new Exception(ex.Message);
            }
            return(registrations);
        }
Esempio n. 4
0
        /// <summary>
        /// DoImportGroup method implementation
        /// </summary>
        private void DoImportGroup(DirectoryEntry DirEntry, MFAUniqueUserList users, UsersADDSRecord Parameters, bool disableall)
        {
            string distinguishedName = string.Empty;
            string sidstr            = string.Empty;

            try
            {
                distinguishedName = DirEntry.Properties["distinguishedName"].Value.ToString();
                byte[] SD  = (byte[])DirEntry.Properties["objectSID"].Value;
                string sid = new SecurityIdentifier(SD, 0).ToString();
                sidstr = sid.Substring(sid.LastIndexOf("-") + 1);
                using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password)) // Binding Root
                {
                    string qryldap = string.Empty;
                    string subldap = string.Empty;
                    bool   hasval1 = false;
                    bool   hasval2 = false;
                    qryldap = "(| (&(objectCategory=group)(objectClass=group)(memberof=" + distinguishedName + ")) (&(objectCategory=user)(objectClass=user)(|(memberof=" + distinguishedName + ")(primaryGroupID=" + sidstr + "))";
                    if (Parameters.CreatedSince.HasValue)
                    {
                        subldap += "(whenCreated>=" + Parameters.CreatedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
                        hasval1  = true;
                    }
                    if (Parameters.ModifiedSince.HasValue)
                    {
                        subldap += "(whenChanged>=" + Parameters.ModifiedSince.Value.ToString("yyyyMMddHHmmss.0Z") + ")";
                        hasval2  = true;
                    }
                    if (hasval1 && hasval2)
                    {
                        qryldap += "(|" + subldap + ")";
                    }
                    else if (hasval1 || hasval2)
                    {
                        qryldap += subldap;
                    }
                    qryldap += "))";

                    using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
                    {
                        AddPropertiesToLoadForSearcher(dsusr, Parameters.MailAttribute, Parameters.PhoneAttribute);
                        dsusr.SizeLimit = 100000; // Set maxrows
                        dsusr.PageSize  = 5000;

                        SearchResultCollection src = dsusr.FindAll();
                        if (src != null)
                        {
                            foreach (SearchResult sr in src)
                            {
                                using (DirectoryEntry SubDirEntry = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password, sr))
                                {
                                    int k = IsImportUser(SubDirEntry.Properties["objectClass"].Value);
                                    switch (k)
                                    {
                                    case 1:
                                        DoImportUser(SubDirEntry, users, Parameters, disableall);
                                        break;

                                    case 2:
                                        if (!Parameters.NoRecurse)
                                        {
                                            DoImportGroup(SubDirEntry, users, Parameters, disableall);
                                        }
                                        break;

                                    default:
                                        break;
                                    }
                                }
                            }
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                DataLog.WriteEntry("DN : " + distinguishedName + "     SID : " + sidstr + "     Error : " + ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100);
                // throw new Exception(ex.Message);
            }
        }
Esempio n. 5
0
        /// <summary>
        /// CleanMFAUsers method implementation
        /// </summary>
        public virtual List <string> CleanMFAUsers(UsersADDSRecord Parameters)
        {
            MFAUniqueDeletedUserList registrations = new MFAUniqueDeletedUserList();

            try
            {
                using (DirectoryEntry rootdir = ADDSUtils.GetDirectoryEntry(Parameters.DomainName, Parameters.UserName, Parameters.Password))
                {
                    string qryldap = string.Empty;
                    qryldap = "(&(objectClass=user)(isDeleted=TRUE))";

                    using (DirectorySearcher dsusr = new DirectorySearcher(rootdir, qryldap))
                    {
                        AddPropertiesToLoadForDeleted(dsusr);
                        dsusr.SizeLimit  = 10000; // Set maxrows
                        dsusr.PageSize   = 5000;
                        dsusr.ExtendedDN = ExtendedDN.Standard;
                        dsusr.Tombstone  = true;

                        SearchResultCollection src = dsusr.FindAll();
                        if (src != null)
                        {
                            foreach (SearchResult sr in src)
                            {
                                string upn = string.Empty;
                                string sam = string.Empty;
                                if (sr.Properties.Contains("userPrincipalName"))
                                {
                                    upn = sr.Properties["userPrincipalName"][0].ToString();
                                }
                                if (sr.Properties.Contains("sAMAccountName"))
                                {
                                    sam = sr.Properties["sAMAccountName"][0].ToString();
                                }

                                if (!string.IsNullOrEmpty(upn) && !string.IsNullOrEmpty(sam))
                                {
                                    string identity = string.Empty;
                                    if (ADDSClaimsUtilities.GetADDSSearchAttribute().Equals("userPrincipalName"))
                                    {
                                        identity = upn;
                                    }
                                    else
                                    {
                                        identity = sam;
                                    }

                                    if (!CheckMFAUser(Parameters, identity))
                                    {
                                        registrations.AddOrUpdate(identity);
                                    }
                                }
                            }
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                DataLog.WriteEntry(ex.Message, System.Diagnostics.EventLogEntryType.Error, 5100);
                throw new Exception(ex.Message);
            }
            return(registrations);
        }